Fixes CVE-2022-41716 and updated go version to 1.20

grpc-ecosystem / grpc-health-probe

A command-line tool to perform health-checks for gRPC applications in Kubernetes and elsewhere

Apache License 2.0

1.44k stars 188 forks source link

Fixes CVE-2022-41716 and updated go version to 1.20 #130

Closed cawirawa closed 1 year ago

cawirawa commented 1 year ago

This PR updates go version to 1.19. The binaries in v0.4.14 were built using go 1.18.7 or earlier causing the following vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2022-41716, these binaries need to be rebuild.

google-cla[bot] commented 1 year ago

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

chitran96 commented 1 year ago

bumping this up, we need this fix too.