kubevirt-bot
commented
10 months ago [APPROVALNOTIFIER] This PR is NOT APPROVED
This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please assign alonakaplan for approval. For more information see the Kubernetes Code Review Process.
The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
- **[OWNERS](https://github.com/kubevirt/kubesecondarydns/blob/main/OWNERS)**
Approvers can indicate their approval by writing `/approve` in a comment
Approvers can cancel approval by writing `/approve cancel` in a comment
RamLavi
oshoval
What this PR does / why we need it: We still have potential indirect uses (go.sum) of affected
google.golang.org/grpcaccording Snyk. For examplecloud.google.com/go v0.97.0.Note that it is not actually linked, else it would be on go.mod as well. Moreover in this case grpc isn't even vendored.
Bump grpc to a fixed version (using replace directive). This in turn also auto deprecate some old versions, for example it replaced here
cloud.google.com/go v0.97.0. It will make the scanner happy, and also avoid silent possible use of the affected package in the future.https://github.com/advisories/GHSA-qppj-fm5r-hxr3
Special notes for your reviewer: