search

kubernetes-csi / livenessprobe

A sidecar container that can be included in a CSI plugin pod to enable integration with Kubernetes Liveness Probe.
Apache License 2.0
72 stars 94 forks source link

test: fix trivy failure due to image build using golang v1.22.2 #263

Closed andyzhangx closed 2 months ago

andyzhangx commented 2 months ago

What type of PR is this? /kind failing-test

What this PR does / why we need it: test: fix trivy failure due to image build using golang v1.22.2

livenessprobe (gobinary)
========================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                           Title                            │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-24788 │ HIGH     │ fixed  │ 1.22.2            │ 1.22.3        │ golang: net: malformed DNS message can cause infinite loop │
│         │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-24788                 │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

none
k8s-ci-robot commented 2 months ago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: andyzhangx Once this PR has been reviewed and has the lgtm label, please assign msau42 for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/kubernetes-csi/livenessprobe/blob/master/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
jsafrane commented 2 months ago

/close I updated trivy to go 1.22.3 + merged new release-tools with 1.22.3 as the default builder in https://github.com/kubernetes-csi/livenessprobe/pull/262

k8s-ci-robot commented 2 months ago

@jsafrane: Closed this PR.

In response to [this](https://github.com/kubernetes-csi/livenessprobe/pull/263#issuecomment-2107629902): >/close >I updated trivy to go 1.22.3 + merged new release-tools with 1.22.3 as the default builder. Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.