go.mod vulnerabilities fixed in master; when 0.8.16 release

kubernetes / node-problem-detector

This is a place for various problem detectors running on the Kubernetes nodes.

Apache License 2.0

2.95k stars 627 forks source link

go.mod vulnerabilities fixed in master; when 0.8.16 release #862

Closed zees-dev closed 6 months ago

zees-dev commented 7 months ago

trivy has identified vulnerabilities in both v0.8.14 and v0.8.15:

running trivy fs --scanners vuln ./ in v0.8.15

The vulnerabilities appear to be fixed in master (probably from a dependency update?):

Wondering about the timeline for the next release; or wanting to know about any blockers which need to be remediated before the next release?

JohnRusk commented 7 months ago

@vteratipally I see you made the most recent release. Will you be making the next? If so, what do you think about timing of 0.8.16 - given that it 0.8.15 contains these unpatched vulnerabilites?

nick-rager commented 6 months ago

@vteratipally @JohnRusk Do we have any updates on this issue or timelines to share?

vteratipally commented 6 months ago

There is a new release 0.8.17. Could you please check.

JohnRusk commented 6 months ago

Yes, it's good. @zees-dev let's close this.