Closed davidesalerno closed 5 months ago
[APPROVALNOTIFIER] This PR is NOT APPROVED
This pull-request has been approved by: davidesalerno
Once this PR has been reviewed and has the lgtm label, please assign njhill for approval by writing /assign @njhill
in a comment. For more information see:The Kubernetes Code Review Process.
The full list of commands accepted by this bot can be found here.
[APPROVALNOTIFIER] This PR is NOT APPROVED
This pull-request has been approved by: davidesalerno
Once this PR has been reviewed and has the lgtm label, please assign njhill for approval by writing /assign @njhill
in a comment. For more information see:The Kubernetes Code Review Process.
The full list of commands accepted by this bot can be found here.
@ckadner @Jooho Could you help me reviewing this change?
Closing PR since it's a duplicate of #480
Motivation
This change will fix the CVE reported by https://app.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPKGSFTP-569475
Modifications
Only go.mod and go.sum will be changed using a github.com/pkg/sftp module version without the security issue.
Result
Avoid issues like Denial of Service (DoS) caused by the old version of the github.com/pkg/sftp module