search

grafana / github-datasource

Grafana data source plugin using the Github API to retrieve and visualize Github data.
https://grafana.com/grafana/plugins/grafana-github-datasource/
Apache License 2.0
242 stars 53 forks source link

Security vulnerabilities detected for latest version of the plugin #175

Closed jonasmidstrup closed 1 year ago

jonasmidstrup commented 2 years ago

I get the following security vulnerabilities when running Trivy scan on this plugin.

Package: github.com/prometheus/client_golang Installed Version: v1.3.0 Vulnerability CVE-2022-21698 Severity: HIGH Fixed Version: 1.11.1 Link: CVE-2022-21698

Package: golang.org/x/net Installed Version: v0.0.0-20200904194848-62affa334b73 Vulnerability CVE-2021-33194 Severity: HIGH Fixed Version: 0.0.0-20210520170846-37e1c6afe023 Link: CVE-2021-33194

Package: golang.org/x/net Installed Version: v0.0.0-20200904194848-62affa334b73 Vulnerability CVE-2021-44716 Severity: HIGH Fixed Version: 0.0.0-20211209124913-491a49abca63 Link: CVE-2021-44716

Package: golang.org/x/text Installed Version: v0.3.2 Vulnerability CVE-2020-14040 Severity: HIGH Fixed Version: 0.3.3 Link: CVE-2020-14040

Package: golang.org/x/text Installed Version: v0.3.2 Vulnerability CVE-2021-38561 Severity: HIGH Fixed Version: 0.3.7 Link: CVE-2021-38561

Package: golang.org/x/net Installed Version: v0.0.0-20200904194848-62affa334b73 Vulnerability CVE-2021-31525 Severity: MEDIUM Fixed Version: 0.0.0-20210428140749-89ef3d95e781 Link: CVE-2021-31525

zoltanbedi commented 1 year ago

Those are fixed as far as I can tell.