Update go-restful module to version >= 3.8.0 due to security issues

kubernetes / apiserver

Library for writing a Kubernetes-style API server.

Apache License 2.0

647 stars 400 forks source link

Update go-restful module to version >= 3.8.0 due to security issues #87

Closed rsvalerio closed 1 year ago

rsvalerio commented 2 years ago

Hi all!

I saw this commit updating go-restful to version 3.7.5 for the next release.

Would it be possible to update it to something >= 3.8.0?

I'm asking because of this security issue trivy found

Thanks in advance.

damemi commented 2 years ago

You might want to open this issue against github.com/kubernetes/kubernetes, the code in this repo is just synced from there so I don't think issues in this repo get much attention

k8s-triage-robot commented 1 year ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue or PR as fresh with /remove-lifecycle stale
Mark this issue or PR as rotten with /lifecycle rotten
Close this issue or PR with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot commented 1 year ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue or PR as fresh with /remove-lifecycle rotten
Close this issue or PR with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

dims commented 1 year ago

/close

k8s-ci-robot commented 1 year ago

@dims: Closing this issue.

In response to [this](https://github.com/kubernetes/apiserver/issues/87#issuecomment-1333832210): >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.