CVE-2024-24786: bump google.golang.org/protobuf to v1.33.0

kubernetes-csi / livenessprobe

A sidecar container that can be included in a CSI plugin pod to enable integration with Kubernetes Liveness Probe.

Apache License 2.0

74 stars 98 forks source link

CVE-2024-24786: bump google.golang.org/protobuf to v1.33.0 #249

Closed dobsonj closed 6 months ago

dobsonj commented 6 months ago

What this PR does / why we need it:

Bump google.golang.org/protobuf@v1.33.0 and github.com/golang/protobuf@v1.5.4 to address CVE-2024-24786.

https://pkg.go.dev/vuln/GO-2024-2611 https://github.com/advisories/GHSA-8r3f-844c-mc37

Which issue(s) this PR fixes:

/kind bug

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

Update google.golang.org/protobuf to v1.33.0 to resolve CVE-2024-24786

k8s-ci-robot commented 6 months ago

Skipping CI for Draft Pull Request. If you want CI signal for your change, please convert it to an actual PR. You can still manually trigger a test run with /test all

jsafrane commented 6 months ago

/lgtm /approve

k8s-ci-robot commented 6 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dobsonj, jsafrane

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kubernetes-csi/livenessprobe/blob/master/OWNERS)~~ [jsafrane] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment