search

kubecost / kubectl-cost

CLI for determining the cost of Kubernetes workloads
Apache License 2.0
872 stars 55 forks source link

Update used libraries to mitigate CVE scanners #167

Closed lacunoc closed 5 months ago

lacunoc commented 5 months ago

kubectl-cost is now constantly tested by our CVE scanners and has 2 HIGH and 1 CRITICAL marked issues.

Can you please upgrade: golang.org/x/net from v0.2.0 to 0.17.0 to fix CVE-2022-41723 and CVE-2023-39325

and also

github.com/emicklei/go-restful from v2.9.5+incompatible to 2.16.0 to fix CVE-2022-1996

Thanks in advance!

michaelmdresser commented 5 months ago

Thank you for the report @lacunoc! There is now a PR open to fix this. Once that is merged I will cut a new release.

michaelmdresser commented 5 months ago

The new release v0.6.2 has been cut. New binaries will be available via GitHub and Krew once the build workflows complete.