jbrule
commented
1 year ago This is getting flagged by Prisma Cloud Compute too. Looks like this was fixed upstream almost a year ago to the date. +1
Closed matttrach closed 1 year ago
jbrule
commented
1 year ago This is getting flagged by Prisma Cloud Compute too. Looks like this was fixed upstream almost a year ago to the date. +1
liggitt
commented
1 year ago see previous responses to this at https://github.com/kubernetes/client-go/issues/1254#issuecomment-1549999313
client-go does not use the impacted functionality, and there are compatibility issues that need resolving before the module can be updated in master (currently targeting 1.28 release)
Would it be possible to upgrade the github.com/emicklei/go-restful dependency in the release-1.24 branch for next patch release? Trivy is finding https://github.com/advisories/GHSA-r48q-9g5r-8q2h in kubernetes/kubernetes:v1.24.14.
Sorry if this is a duplicate, or if this is not feasible, we are attempting to reduce CVEs as much as possible.
Even while these CVEs may not be easily exploitable, we are attempting to meet compliance goals and guidelines.