CVE fixes for version v0.12.0 - Githubissues

kubernetes-sigs / prometheus-adapter

An implementation of the custom.metrics.k8s.io API using Prometheus

Apache License 2.0

1.92k stars 554 forks source link

CVE fixes for version v0.12.0 #684

Open vivekkumarchaurasia123 opened 2 hours ago

vivekkumarchaurasia123 commented 2 hours ago

What happened?: Can anyone please upgrade Prometheus adapter v0.12.0 to fix following CVE's CVE-2024-34155 CVE-2024-34156 CVE-2024-34158

What did you expect to happen?: Fix in v0.12.0

Please provide the prometheus-adapter config: NA

Please provide the HPA resource used for autoscaling: NA

Please provide the HPA status:

Please provide the prometheus-adapter logs with -v=6 around the time the issue happened: NA

Anything else we need to know?:

Environment:

prometheus-adapter version: v0.12.0
prometheus version:
Kubernetes version (use kubectl version):
Cloud provider or hardware configuration:
Other info:

k8s-ci-robot commented 2 hours ago

This issue is currently awaiting triage.

If prometheus-adapter contributors determine this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.