Closed matttrach closed 1 year ago
This is getting flagged by Prisma Cloud Compute too. Looks like this was fixed upstream almost a year ago to the date. +1
see previous responses to this at https://github.com/kubernetes/client-go/issues/1254#issuecomment-1549999313
client-go does not use the impacted functionality, and there are compatibility issues that need resolving before the module can be updated in master (currently targeting 1.28 release)
Would it be possible to upgrade the github.com/emicklei/go-restful dependency in the release-1.24 branch for next patch release? Trivy is finding https://github.com/advisories/GHSA-r48q-9g5r-8q2h in kubernetes/kubernetes:v1.24.14.
Sorry if this is a duplicate, or if this is not feasible, we are attempting to reduce CVEs as much as possible.
Even while these CVEs may not be easily exploitable, we are attempting to meet compliance goals and guidelines.