CVE-2024-24786: bump google.golang.org/protobuf to v1.33.0

kubernetes-sigs / vsphere-csi-driver

vSphere storage Container Storage Interface (CSI) plugin

https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/index.html

Apache License 2.0

293 stars 177 forks source link

CVE-2024-24786: bump google.golang.org/protobuf to v1.33.0 #2820

Closed dobsonj closed 5 months ago

dobsonj commented 5 months ago

What this PR does / why we need it:

Bump google.golang.org/protobuf@v1.33.0 and github.com/golang/protobuf@v1.5.4 to address CVE-2024-24786.

https://pkg.go.dev/vuln/GO-2024-2611 https://github.com/advisories/GHSA-8r3f-844c-mc37

Which issue(s) this PR fixes:

/kind bug

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

Update google.golang.org/protobuf to v1.33.0 to resolve CVE-2024-24786

k8s-ci-robot commented 5 months ago

Skipping CI for Draft Pull Request. If you want CI signal for your change, please convert it to an actual PR. You can still manually trigger a test run with /test all

divyenpatel commented 5 months ago

/ok-to-test

divyenpatel commented 5 months ago

@dobsonj can you rebase the PR?

dobsonj commented 5 months ago

@dobsonj can you rebase the PR?

done!

RomanBednar commented 5 months ago

/lgtm

k8s-ci-robot commented 5 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: divyenpatel, dobsonj

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kubernetes-sigs/vsphere-csi-driver/blob/master/OWNERS)~~ [divyenpatel] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment