jimmidyson
commented
1 year ago Would you like to send a PR in for this? :pray:
Closed ashoksimma closed 1 year ago
jimmidyson
commented
1 year ago Would you like to send a PR in for this? :pray:
ashoksimma
commented
1 year ago Yes sure
ashoksimma
commented
1 year ago I cannot raise the PR, I don't have access. can you please give access to raise the PR Github ID: ashokks80 or ashokks80@gmail.com. I want to contribute some more to the repo
misterpaul
commented
1 year ago Any update on this? We're seeing 1 critical, 7 high, and 2 medium risk vulnerabilities in go that are resolved in go v1.20.3 and 1.19.8. I've assessed a bunch of these, and there are a few that, based on the source code, I am pretty confident are not relevant to configmap-reload, but there are some that are not obvious. For example CVE-2023-24538, CVE-2023-24537, CVE-2023-24536, CVE-2022-41725, CVE-2022-41724, CVE-2022-41716, and CVE-2023-24532, do not appear likely to be a risk, but CVE-2023-24534, CVE-2022-41723, and CVE-2022-41717 might be.
I would try to do the PR (would have been faster than assessing the vulnerabilities!) but I'm not a go programmer, so better done by someone who is.
ashoksimma
commented
1 year ago I'm happy to raise a PR If I would have to write access to the repo.
jimmidyson
commented
1 year ago @ashoksimma This project is open and public so you don't need write access to create a PR. You need to fork the repo, create a branch in your fork, commit and push your changes to your fork, and finally go and create a PR.
ashokks80
commented
1 year ago
go version 1.19 has lots of Vulnerability, I did a recent scan on the version version 0.8.0 I see all the Vulnerability are related to food version 1.19. all the Vulnerability can be fixed by updating the go version to 1.20.3