search

uniget-org / tools

Tool definitions for uniget
https://tools.uniget.dev
MIT License
2 stars 3 forks source link

chore(deps): update dependency kube-burner/kube-burner to v1.10.1 #5697

Closed uniget-bot closed 6 days ago

uniget-bot commented 6 days ago

This PR contains the following updates:

Package Update Change
kube-burner/kube-burner patch 1.10.0 -> 1.10.1

[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

kube-burner/kube-burner (kube-burner/kube-burner) ### [`v1.10.1`](https://togithub.com/kube-burner/kube-burner/releases/tag/v1.10.1) [Compare Source](https://togithub.com/kube-burner/kube-burner/compare/v1.10.0...v1.10.1) #### Changelog - [`5d1b1c1`](https://togithub.com/kube-burner/kube-burner/commit/5d1b1c1e83cc5f38c325dd128fe9849df360faf2): Remove env var ([#​654](https://togithub.com/kube-burner/kube-burner/issues/654)) ([@​rsevilla87](https://togithub.com/rsevilla87)) - [`64d897e`](https://togithub.com/kube-burner/kube-burner/commit/64d897eab38c1a9c26c7006aea1bd231a29d7539): Remove incompatibility check ([#​659](https://togithub.com/kube-burner/kube-burner/issues/659)) ([@​rsevilla87](https://togithub.com/rsevilla87))

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Renovate Bot.

github-actions[bot] commented 6 days ago

:mag: Vulnerabilities of ghcr.io/uniget-org/tools/kube-burner:1.10.1

:package: Image Reference ghcr.io/uniget-org/tools/kube-burner:1.10.1
digestsha256:978167681a592436c2fcc93d4bbc4839ebea98652b1489f685805c163aaf7471
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0 unspecified: 1
platformlinux/amd64
size30 MB
packages70
critical: 0 high: 0 medium: 0 low: 0 unspecified: 1stdlib 1.21.11 (golang) pkg:golang/stdlib@1.21.11
unspecified : CVE--2024--24791
Affected range<1.21.12
Fixed version1.21.12
Description
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
github-actions[bot] commented 6 days ago

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/9797583295.

github-actions[bot] commented 6 days ago

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/9797583295.