Closed bells17 closed 1 month ago
/lgtm /approve
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: bells17, jsafrane
The full list of commands accepted by this bot can be found here.
The pull request process is described here
What this PR does / why we need it:
Added codespell for spell checking and trivy for vulnerability scanning to the csi-release-tools repository.
Currently, other CSI Sidecar repositories have spell checks and vulnerability scans using tools like codespell and trivy. However, the csi-release-tools repository lacks these configurations, which means it cannot detect spelling issues or vulnerabilities caused by the Go version within csi-release-tools. As a result, errors like the following have been encountered:
Does this PR introduce a user-facing change?:
act check:
codespell check
Go version vulnerabilities check(Go 1.22.3)
Go version vulnerabilities check(Go 1.22.2)
``` [Run Trivy scanner for Go version vulnerabilities/Build] π Start image=catthehacker/ubuntu:act-latest [Run Trivy scanner for Go version vulnerabilities/Build] π³ docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=true [Run Trivy scanner for Go version vulnerabilities/Build] π³ docker create image=catthehacker/ubuntu:act-latest platform= entrypoint=["tail" "-f" "/dev/null"] cmd=[] network="host" [Run Trivy scanner for Go version vulnerabilities/Build] π³ docker run image=catthehacker/ubuntu:act-latest platform= entrypoint=["tail" "-f" "/dev/null"] cmd=[] network="host" [Run Trivy scanner for Go version vulnerabilities/Build] β git clone 'https://github.com/aquasecurity/trivy-action' # ref=master [Run Trivy scanner for Go version vulnerabilities/Build] β Run Main Checkout code [Run Trivy scanner for Go version vulnerabilities/Build] π³ docker cp src=/Users/daikihayakawa/go/src/github.com/bells17/csi-release-tools/. dst=/Users/daikihayakawa/go/src/github.com/bells17/csi-release-tools [Run Trivy scanner for Go version vulnerabilities/Build] β Success - Main Checkout code [Run Trivy scanner for Go version vulnerabilities/Build] β Run Main Get Go version [Run Trivy scanner for Go version vulnerabilities/Build] π³ docker exec cmd=[bash --noprofile --norc -e -o pipefail /var/run/act/workflow/go-version] user= workdir= [Run Trivy scanner for Go version vulnerabilities/Build] β Success - Main Get Go version [Run Trivy scanner for Go version vulnerabilities/Build] β ::set-output:: version=1.22.2 [Run Trivy scanner for Go version vulnerabilities/Build] β Run Main Run Trivy scanner for Go version vulnerabilities [Run Trivy scanner for Go version vulnerabilities/Build] π³ docker build -t act-aquasecurity-trivy-action-master-dockeraction:latest /Users/daikihayakawa/.cache/act/aquasecurity-trivy-action@master/ [Run Trivy scanner for Go version vulnerabilities/Build] π³ docker pull image=act-aquasecurity-trivy-action-master-dockeraction:latest platform= username= forcePull=false [Run Trivy scanner for Go version vulnerabilities/Build] π³ docker create image=act-aquasecurity-trivy-action-master-dockeraction:latest platform= entrypoint=[] cmd=["-a image" "-b table" "-c " "-d 1" "-e true" "-f library" "-g CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN" "-h " "-i golang:1.22.2" "-j ." "-k " "-l " "-m " "-n " "-o " "-p " "-q " "-r false" "-s " "-t " "-u " "-v " "-x " "-z " "-y "] network="container:act-Run-Trivy-scanner-for-Go-version-vulnerabilities-Build-5869f5292cedc807e22de517281353b9c8ad4d9a3d02fcc0851170da64e58ef4" [Run Trivy scanner for Go version vulnerabilities/Build] π³ docker run image=act-aquasecurity-trivy-action-master-dockeraction:latest platform= entrypoint=[] cmd=["-a image" "-b table" "-c " "-d 1" "-e true" "-f library" "-g CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN" "-h " "-i golang:1.22.2" "-j ." "-k " "-l " "-m " "-n " "-o " "-p " "-q " "-r false" "-s " "-t " "-u " "-v " "-x " "-z " "-y "] network="container:act-Run-Trivy-scanner-for-Go-version-vulnerabilities-Build-5869f5292cedc807e22de517281353b9c8ad4d9a3d02fcc0851170da64e58ef4" | Running trivy with options: trivy image --format table --exit-code 1 --ignore-unfixed --vuln-type library --severity CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN golang:1.22.2 | Global options: | 2024-05-11T04:55:09Z INFO Need to update DB | 2024-05-11T04:55:09Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2" | | 2024-05-11T04:55:24Z INFO Vulnerability scanning is enabled | 2024-05-11T04:55:24Z INFO Secret scanning is enabled | 2024-05-11T04:55:24Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning | 2024-05-11T04:55:24Z INFO Please see also https://aquasecurity.github.io/trivy/v0.51/docs/scanner/secret/#recommendation for faster secret detection | 2024-05-11T04:55:51Z INFO [python] License acquired from METADATA classifiers may be subject to additional terms name="mercurial" version="6.3.2" | 2024-05-11T04:55:53Z INFO Number of language-specific files num=20 | 2024-05-11T04:55:53Z INFO [gobinary] Detecting vulnerabilities... | 2024-05-11T04:55:53Z INFO [node-pkg] Detecting vulnerabilities... | | usr/local/go/bin/go (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | βββββββββββ¬βββββββββββββββββ¬βββββββββββ¬βββββββββ¬ββββββββββββββββββββ¬ββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | β Library β Vulnerability β Severity β Status β Installed Version β Fixed Version β Title β | βββββββββββΌβββββββββββββββββΌβββββββββββΌβββββββββΌββββββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | β stdlib β CVE-2024-24788 β HIGH β fixed β 1.22.2 β 1.22.3 β golang: net: malformed DNS message can cause infinite loop β | β β β β β β β https://avd.aquasec.com/nvd/cve-2024-24788 β | βββββββββββ΄βββββββββββββββββ΄βββββββββββ΄βββββββββ΄ββββββββββββββββββββ΄ββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | | usr/local/go/bin/gofmt (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | βββββββββββ¬βββββββββββββββββ¬βββββββββββ¬βββββββββ¬ββββββββββββββββββββ¬ββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | β Library β Vulnerability β Severity β Status β Installed Version β Fixed Version β Title β | βββββββββββΌβββββββββββββββββΌβββββββββββΌβββββββββΌββββββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | β stdlib β CVE-2024-24788 β HIGH β fixed β 1.22.2 β 1.22.3 β golang: net: malformed DNS message can cause infinite loop β | β β β β β β β https://avd.aquasec.com/nvd/cve-2024-24788 β | βββββββββββ΄βββββββββββββββββ΄βββββββββββ΄βββββββββ΄ββββββββββββββββββββ΄ββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | | usr/local/go/pkg/tool/linux_amd64/addr2line (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | βββββββββββ¬βββββββββββββββββ¬βββββββββββ¬βββββββββ¬ββββββββββββββββββββ¬ββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | β Library β Vulnerability β Severity β Status β Installed Version β Fixed Version β Title β | βββββββββββΌβββββββββββββββββΌβββββββββββΌβββββββββΌββββββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | β stdlib β CVE-2024-24788 β HIGH β fixed β 1.22.2 β 1.22.3 β golang: net: malformed DNS message can cause infinite loop β | β β β β β β β https://avd.aquasec.com/nvd/cve-2024-24788 β | βββββββββββ΄βββββββββββββββββ΄βββββββββββ΄βββββββββ΄ββββββββββββββββββββ΄ββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | | usr/local/go/pkg/tool/linux_amd64/asm (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | βββββββββββ¬βββββββββββββββββ¬βββββββββββ¬βββββββββ¬ββββββββββββββββββββ¬ββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | β Library β Vulnerability β Severity β Status β Installed Version β Fixed Version β Title β | βββββββββββΌβββββββββββββββββΌβββββββββββΌβββββββββΌββββββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | β stdlib β CVE-2024-24788 β HIGH β fixed β 1.22.2 β 1.22.3 β golang: net: malformed DNS message can cause infinite loop β | β β β β β β β https://avd.aquasec.com/nvd/cve-2024-24788 β | βββββββββββ΄βββββββββββββββββ΄βββββββββββ΄βββββββββ΄ββββββββββββββββββββ΄ββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | | usr/local/go/pkg/tool/linux_amd64/buildid (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | βββββββββββ¬βββββββββββββββββ¬βββββββββββ¬βββββββββ¬ββββββββββββββββββββ¬ββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | β Library β Vulnerability β Severity β Status β Installed Version β Fixed Version β Title β | βββββββββββΌβββββββββββββββββΌβββββββββββΌβββββββββΌββββββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | β stdlib β CVE-2024-24788 β HIGH β fixed β 1.22.2 β 1.22.3 β golang: net: malformed DNS message can cause infinite loop β | β β β β β β β https://avd.aquasec.com/nvd/cve-2024-24788 β | βββββββββββ΄βββββββββββββββββ΄βββββββββββ΄βββββββββ΄ββββββββββββββββββββ΄ββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | | usr/local/go/pkg/tool/linux_amd64/cgo (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | βββββββββββ¬βββββββββββββββββ¬βββββββββββ¬βββββββββ¬ββββββββββββββββββββ¬ββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | β Library β Vulnerability β Severity β Status β Installed Version β Fixed Version β Title β | βββββββββββΌβββββββββββββββββΌβββββββββββΌβββββββββΌββββββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | β stdlib β CVE-2024-24788 β HIGH β fixed β 1.22.2 β 1.22.3 β golang: net: malformed DNS message can cause infinite loop β | β β β β β β β https://avd.aquasec.com/nvd/cve-2024-24788 β | βββββββββββ΄βββββββββββββββββ΄βββββββββββ΄βββββββββ΄ββββββββββββββββββββ΄ββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | | usr/local/go/pkg/tool/linux_amd64/compile (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | βββββββββββ¬βββββββββββββββββ¬βββββββββββ¬βββββββββ¬ββββββββββββββββββββ¬ββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | β Library β Vulnerability β Severity β Status β Installed Version β Fixed Version β Title β | βββββββββββΌβββββββββββββββββΌβββββββββββΌβββββββββΌββββββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | β stdlib β CVE-2024-24788 β HIGH β fixed β 1.22.2 β 1.22.3 β golang: net: malformed DNS message can cause infinite loop β | β β β β β β β https://avd.aquasec.com/nvd/cve-2024-24788 β | βββββββββββ΄βββββββββββββββββ΄βββββββββββ΄βββββββββ΄ββββββββββββββββββββ΄ββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | | usr/local/go/pkg/tool/linux_amd64/covdata (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | βββββββββββ¬βββββββββββββββββ¬βββββββββββ¬βββββββββ¬ββββββββββββββββββββ¬ββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | β Library β Vulnerability β Severity β Status β Installed Version β Fixed Version β Title β | βββββββββββΌβββββββββββββββββΌβββββββββββΌβββββββββΌββββββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | β stdlib β CVE-2024-24788 β HIGH β fixed β 1.22.2 β 1.22.3 β golang: net: malformed DNS message can cause infinite loop β | β β β β β β β https://avd.aquasec.com/nvd/cve-2024-24788 β | βββββββββββ΄βββββββββββββββββ΄βββββββββββ΄βββββββββ΄ββββββββββββββββββββ΄ββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | | usr/local/go/pkg/tool/linux_amd64/cover (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | βββββββββββ¬βββββββββββββββββ¬βββββββββββ¬βββββββββ¬ββββββββββββββββββββ¬ββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | β Library β Vulnerability β Severity β Status β Installed Version β Fixed Version β Title β | βββββββββββΌβββββββββββββββββΌβββββββββββΌβββββββββΌββββββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | β stdlib β CVE-2024-24788 β HIGH β fixed β 1.22.2 β 1.22.3 β golang: net: malformed DNS message can cause infinite loop β | β β β β β β β https://avd.aquasec.com/nvd/cve-2024-24788 β | βββββββββββ΄βββββββββββββββββ΄βββββββββββ΄βββββββββ΄ββββββββββββββββββββ΄ββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | | usr/local/go/pkg/tool/linux_amd64/doc (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | βββββββββββ¬βββββββββββββββββ¬βββββββββββ¬βββββββββ¬ββββββββββββββββββββ¬ββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | β Library β Vulnerability β Severity β Status β Installed Version β Fixed Version β Title β | βββββββββββΌβββββββββββββββββΌβββββββββββΌβββββββββΌββββββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | β stdlib β CVE-2024-24788 β HIGH β fixed β 1.22.2 β 1.22.3 β golang: net: malformed DNS message can cause infinite loop β | β β β β β β β https://avd.aquasec.com/nvd/cve-2024-24788 β | βββββββββββ΄βββββββββββββββββ΄βββββββββββ΄βββββββββ΄ββββββββββββββββββββ΄ββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | | usr/local/go/pkg/tool/linux_amd64/fix (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | βββββββββββ¬βββββββββββββββββ¬βββββββββββ¬βββββββββ¬ββββββββββββββββββββ¬ββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | β Library β Vulnerability β Severity β Status β Installed Version β Fixed Version β Title β | βββββββββββΌβββββββββββββββββΌβββββββββββΌβββββββββΌββββββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | β stdlib β CVE-2024-24788 β HIGH β fixed β 1.22.2 β 1.22.3 β golang: net: malformed DNS message can cause infinite loop β | β β β β β β β https://avd.aquasec.com/nvd/cve-2024-24788 β | βββββββββββ΄βββββββββββββββββ΄βββββββββββ΄βββββββββ΄ββββββββββββββββββββ΄ββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | | usr/local/go/pkg/tool/linux_amd64/link (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | βββββββββββ¬βββββββββββββββββ¬βββββββββββ¬βββββββββ¬ββββββββββββββββββββ¬ββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | β Library β Vulnerability β Severity β Status β Installed Version β Fixed Version β Title β | βββββββββββΌβββββββββββββββββΌβββββββββββΌβββββββββΌββββββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | β stdlib β CVE-2024-24788 β HIGH β fixed β 1.22.2 β 1.22.3 β golang: net: malformed DNS message can cause infinite loop β | β β β β β β β https://avd.aquasec.com/nvd/cve-2024-24788 β | βββββββββββ΄βββββββββββββββββ΄βββββββββββ΄βββββββββ΄ββββββββββββββββββββ΄ββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | | usr/local/go/pkg/tool/linux_amd64/nm (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | βββββββββββ¬βββββββββββββββββ¬βββββββββββ¬βββββββββ¬ββββββββββββββββββββ¬ββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | β Library β Vulnerability β Severity β Status β Installed Version β Fixed Version β Title β | βββββββββββΌβββββββββββββββββΌβββββββββββΌβββββββββΌββββββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | β stdlib β CVE-2024-24788 β HIGH β fixed β 1.22.2 β 1.22.3 β golang: net: malformed DNS message can cause infinite loop β | β β β β β β β https://avd.aquasec.com/nvd/cve-2024-24788 β | βββββββββββ΄βββββββββββββββββ΄βββββββββββ΄βββββββββ΄ββββββββββββββββββββ΄ββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | | usr/local/go/pkg/tool/linux_amd64/objdump (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | βββββββββββ¬βββββββββββββββββ¬βββββββββββ¬βββββββββ¬ββββββββββββββββββββ¬ββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | β Library β Vulnerability β Severity β Status β Installed Version β Fixed Version β Title β | βββββββββββΌβββββββββββββββββΌβββββββββββΌβββββββββΌββββββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | β stdlib β CVE-2024-24788 β HIGH β fixed β 1.22.2 β 1.22.3 β golang: net: malformed DNS message can cause infinite loop β | β β β β β β β https://avd.aquasec.com/nvd/cve-2024-24788 β | βββββββββββ΄βββββββββββββββββ΄βββββββββββ΄βββββββββ΄ββββββββββββββββββββ΄ββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | | usr/local/go/pkg/tool/linux_amd64/pack (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | βββββββββββ¬βββββββββββββββββ¬βββββββββββ¬βββββββββ¬ββββββββββββββββββββ¬ββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | β Library β Vulnerability β Severity β Status β Installed Version β Fixed Version β Title β | βββββββββββΌβββββββββββββββββΌβββββββββββΌβββββββββΌββββββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | β stdlib β CVE-2024-24788 β HIGH β fixed β 1.22.2 β 1.22.3 β golang: net: malformed DNS message can cause infinite loop β | β β β β β β β https://avd.aquasec.com/nvd/cve-2024-24788 β | βββββββββββ΄βββββββββββββββββ΄βββββββββββ΄βββββββββ΄ββββββββββββββββββββ΄ββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | | usr/local/go/pkg/tool/linux_amd64/pprof (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | βββββββββββ¬βββββββββββββββββ¬βββββββββββ¬βββββββββ¬ββββββββββββββββββββ¬ββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | β Library β Vulnerability β Severity β Status β Installed Version β Fixed Version β Title β | βββββββββββΌβββββββββββββββββΌβββββββββββΌβββββββββΌββββββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | β stdlib β CVE-2024-24788 β HIGH β fixed β 1.22.2 β 1.22.3 β golang: net: malformed DNS message can cause infinite loop β | β β β β β β β https://avd.aquasec.com/nvd/cve-2024-24788 β | βββββββββββ΄βββββββββββββββββ΄βββββββββββ΄βββββββββ΄ββββββββββββββββββββ΄ββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | | usr/local/go/pkg/tool/linux_amd64/test2json (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | βββββββββββ¬βββββββββββββββββ¬βββββββββββ¬βββββββββ¬ββββββββββββββββββββ¬ββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | β Library β Vulnerability β Severity β Status β Installed Version β Fixed Version β Title β | βββββββββββΌβββββββββββββββββΌβββββββββββΌβββββββββΌββββββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | β stdlib β CVE-2024-24788 β HIGH β fixed β 1.22.2 β 1.22.3 β golang: net: malformed DNS message can cause infinite loop β | β β β β β β β https://avd.aquasec.com/nvd/cve-2024-24788 β | βββββββββββ΄βββββββββββββββββ΄βββββββββββ΄βββββββββ΄ββββββββββββββββββββ΄ββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | | usr/local/go/pkg/tool/linux_amd64/trace (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | βββββββββββ¬βββββββββββββββββ¬βββββββββββ¬βββββββββ¬ββββββββββββββββββββ¬ββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | β Library β Vulnerability β Severity β Status β Installed Version β Fixed Version β Title β | βββββββββββΌβββββββββββββββββΌβββββββββββΌβββββββββΌββββββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | β stdlib β CVE-2024-24788 β HIGH β fixed β 1.22.2 β 1.22.3 β golang: net: malformed DNS message can cause infinite loop β | β β β β β β β https://avd.aquasec.com/nvd/cve-2024-24788 β | βββββββββββ΄βββββββββββββββββ΄βββββββββββ΄βββββββββ΄ββββββββββββββββββββ΄ββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | | usr/local/go/pkg/tool/linux_amd64/vet (gobinary) | | Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | | βββββββββββ¬βββββββββββββββββ¬βββββββββββ¬βββββββββ¬ββββββββββββββββββββ¬ββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | β Library β Vulnerability β Severity β Status β Installed Version β Fixed Version β Title β | βββββββββββΌβββββββββββββββββΌβββββββββββΌβββββββββΌββββββββββββββββββββΌββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | β stdlib β CVE-2024-24788 β HIGH β fixed β 1.22.2 β 1.22.3 β golang: net: malformed DNS message can cause infinite loop β | β β β β β β β https://avd.aquasec.com/nvd/cve-2024-24788 β | βββββββββββ΄βββββββββββββββββ΄βββββββββββ΄βββββββββ΄ββββββββββββββββββββ΄ββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ [Run Trivy scanner for Go version vulnerabilities/Build] β Failure - Main Run Trivy scanner for Go version vulnerabilities [Run Trivy scanner for Go version vulnerabilities/Build] exit with `FAILURE`: 1 [Run Trivy scanner for Go version vulnerabilities/Build] π Job failed Error: Job 'Build' failed β> ~/g/s/g/b/csi-release-tools on add-github-actions β¨― 13:55:54 ```