search

kubernetes / apiserver

Library for writing a Kubernetes-style API server.
Apache License 2.0
654 stars 406 forks source link

EOL Component #90

Closed satish-suradkar closed 1 year ago

satish-suradkar commented 1 year ago 
Here is the list of policies natefinch/lumberjack v2.0.0 violates.
Version/Branch EOL
Severity:Major

Category:Security

Scan Modes:Full

Description
Version or branch requested is EOL.   Please update to a supported version.

Conditions
Component Version Approval StatusEQUALS Deprecated
Component UsageNOT EQUAL TO Dev. Tool / Excluded

natefinch/lumberjack v2.0.0 is EOL. Any plant to update it ?

nikhita commented 1 year ago

The maintainer of lumberjack is active in the repo. I've created https://github.com/natefinch/lumberjack/pull/175 to fix CVEs in lumberjack's dependencies (gopkg.in/yaml.v2)...aAlthough they don't really affect kubernetes beacause k8s uses a newer version of gopkg.in/yaml.v2.

Once that PR gets merged, we can bump to a newer patch version of natefinch/lumberjack and that'll get rid of the EOL warnings when a scan is run.

nikhita commented 1 year ago

/assign

k8s-triage-robot commented 1 year ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot commented 1 year ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot commented 1 year ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

k8s-ci-robot commented 1 year ago

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to [this](https://github.com/kubernetes/apiserver/issues/90#issuecomment-1586712427): >The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. > >This bot triages issues according to the following rules: >- After 90d of inactivity, `lifecycle/stale` is applied >- After 30d of inactivity since `lifecycle/stale` was applied, `lifecycle/rotten` is applied >- After 30d of inactivity since `lifecycle/rotten` was applied, the issue is closed > >You can: >- Reopen this issue with `/reopen` >- Mark this issue as fresh with `/remove-lifecycle rotten` >- Offer to help out with [Issue Triage][1] > >Please send feedback to sig-contributor-experience at [kubernetes/community](https://github.com/kubernetes/community). > >/close not-planned > >[1]: https://www.kubernetes.dev/docs/guide/issue-triage/ Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.