search

kubernetes / cloud-provider-aws

Cloud provider for AWS
https://cloud-provider-aws.sigs.k8s.io/
Apache License 2.0
374 stars 299 forks source link

update golang version to silence GO-2024-2824 #918

Closed dims closed 1 month ago

dims commented 1 month ago

from: https://github.com/kubernetes/cloud-provider-aws/actions/runs/9127157592/job/25096868187?pr=917

=== Symbol Results ===

Vulnerability #1: GO-2024-2824
    Malformed DNS message can cause infinite loop in net
  More info: https://pkg.go.dev/vuln/GO-2024-2824
  Standard library
    Found in: net@go1.22.2
    Fixed in: net@go1.22.3
    Example traces found:
Error:       #1: pkg/providers/v1/aws_sdk.go:220:44: providers.awsSDKProvider.KeyManagement calls session.NewSessionWithOptions, which eventually calls net.Dial
Error:       #2: pkg/providers/v1/aws_ec2.go:134:41: providers.awsSdkEC2.RevokeSecurityGroupIngress calls ec2.EC2.RevokeSecurityGroupIngress, which eventually calls net.Dialer.DialContext
Error:       #3: cmd/ecr-credential-provider/main.go:246:50: ecr.main calls cobra.Command.Execute, which eventually calls net.ListenConfig.Listen
Error:       #4: pkg/providers/v1/aws_sdk.go:220:44: providers.awsSDKProvider.KeyManagement calls session.NewSessionWithOptions, which eventually calls net.LookupHost

Your code is affected by 1 vulnerability from the Go standard library.
This scan also found 0 vulnerabilities in packages you import and 1
vulnerability in modules you require, but your code doesn't appear to call these
vulnerabilities.
Use '-show verbose' for more details.
Error: Process completed with exit code 3.
k8s-ci-robot commented 1 month ago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please ask for approval from dims. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/kubernetes/cloud-provider-aws/blob/master/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
k8s-ci-robot commented 1 month ago

This issue is currently awaiting triage.

If cloud-provider-aws contributors determine this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.
hakman commented 1 month ago

@dims Please check https://github.com/kubernetes/cloud-provider-aws/pull/919