Upgrade github.com/open-policy-agent/opa in 0.12 release

microsoft / hcsshim

Windows - Host Compute Service Shim

MIT License

564 stars 253 forks source link

Upgrade github.com/open-policy-agent/opa in 0.12 release #2178

Open RemindD opened 2 months ago

RemindD commented 2 months ago

There is a vulnerability in the package prior to 0.44.0. Could you please upgrade the package in 0.12 release build? Here is the vulerablity link: https://pkg.go.dev/vuln/GO-2022-0978

lordalek commented 2 months ago

this is affecting us as well in aws.

HafdisE commented 1 month ago

Yes, if you could update the packages that have known critical and high vulnerabilities for the next release, that would be wonderful 🙌

go-jwx also needs to be updated, as well as opencontainers/runc

See: https://nvd.nist.gov/vuln/detail/CVE-2024-21664 https://nvd.nist.gov/vuln/detail/CVE-2024-21626