kvanzuijlen
commented
7 months ago The issue linked by @Footur's mention contains some examples that can be looked at for inspiration.
Open Footur opened 1 year ago
kvanzuijlen
commented
7 months ago The issue linked by @Footur's mention contains some examples that can be looked at for inspiration.
venkatamutyala
commented
6 months ago Any updates from the maintainers on this? Getting a PR for dependency updates merged into this repository can take weeks sometimes. Renovatebot can at least automate the PR process so folks like myself don't create PR's and then have to repeatedly keep rebasing until we can get enough approvals for a merge.
OliverStutz
commented
1 month ago Please address the updates of the chart, running grafana is a liability, many of the charts have critical vulnerabilities and that can't be run on critical infrastructure...
OliverStutz
commented
1 month ago Alone for the chart of loki-distributed
CVE-2022-32207 for curl/7.79.1-r1 (alpine)
CVE-2022-37434 for zlib/1.2.12-r0 (alpine)
CVE-2023-23914 for curl/7.79.1-r1 (alpine)
CVE-2022-2309 for libxml2/2.9.14-r0 (alpine)
CVE-2022-27781 for curl/7.79.1-r1 (alpine)
CVE-2022-27782 for curl/7.79.1-r1 (alpine)
CVE-2022-29458 for ncurses/6.2_p20210612-r0 (alpine)
CVE-2022-40303 for libxml2/2.9.14-r0 (alpine)
CVE-2022-40304 for libxml2/2.9.14-r0 (alpine)
CVE-2022-43551 for curl/7.79.1-r1 (alpine)
CVE-2022-4450 for openssl/1.1.1n-r0 (alpine)
CVE-2023-0215 for openssl/1.1.1n-r0 (alpine)
CVE-2023-0286 for openssl/1.1.1n-r0 (alpine)
CVE-2023-0464 for openssl/1.1.1n-r0 (alpine)
CVE-2023-27533 for curl/7.79.1-r1 (alpine)
CVE-2023-27534 for curl/7.79.1-r1 (alpine)
CVE-2022-2097 for openssl/1.1.1n-r0 (alpine)
CVE-2022-32205 for curl/7.79.1-r1 (alpine)
CVE-2022-32206 for curl/7.79.1-r1 (alpine)
CVE-2022-32208 for curl/7.79.1-r1 (alpine)
CVE-2022-4304 for openssl/1.1.1n-r0 (alpine)
CVE-2022-43552 for curl/7.79.1-r1 (alpine)
CVE-2023-0465 for openssl/1.1.1n-r0 (alpine)
CVE-2023-23915 for curl/7.79.1-r1 (alpine)
CVE-2023-23916 for curl/7.79.1-r1 (alpine)
CVE-2023-27535 for curl/7.79.1-r1 (alpine)
CVE-2023-27536 for curl/7.79.1-r1 (alpine)
CVE-2023-27537 for curl/7.79.1-r1 (alpine)
CVE-2023-27538 for curl/7.79.1-r1 (alpine)
CVE-2022-35252 for curl/7.79.1-r1 (alpine)
Grafana: CVE-2023-42363 for busybox/1.36.1-r15 (alpine) CVE-2023-42364 for busybox/1.36.1-r15 (alpine) CVE-2023-42365 for busybox/1.36.1-r15 (alpine) CVE-2023-42366 for busybox/1.36.1-r15 (alpine) CVE-2024-2511 for openssl/3.1.4-r5 (alpine) CVE-2024-4603 for openssl/3.1.4-r5 (alpine) CVE-2024-4741 for openssl/3.1.4-r5 (alpine) CVE-2024-5535 for openssl/3.1.4-r5 (alpine) CVE-2024-6119 for openssl/3.1.4-r5 (alpine)
To have still CVE's from 2023 gives me big questionmarks.. on the loki one even from 2022... ????
Currently, the Helm charts in this project are manually updated, which can lead to outdated dependencies and security vulnerabilities. To streamline the Helm chart maintenance process and ensure that we are always using the latest versions of our dependencies, we should consider implementing Renovate. Renovate will automatically monitor and update our Helm charts when new versions are available, improving our chart reliability and security.