github-actions[bot]
commented
6 days ago :mag: Vulnerabilities of ghcr.io/uniget-org/tools/kapp:0.63.1
:package: Image Reference ghcr.io/uniget-org/tools/kapp:0.63.1
| digest | sha256:5fb39b4f0dc3ed3d8b207fbe77d72017fc0b43c7378c004dfbe2f39843d7a9c6 |
| vulnerabilities |      |
| platform | linux/amd64 |
| size | 27 MB |
| packages | 61 |
pkg:golang/k8s.io/apiserver@0.30.2 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
DescriptionThe Kubernetes API server component has been found to be vulnerable to a denial of service attack via successful API requests. | ||||||||
pkg:golang/stdlib@1.22.4
DescriptionThe net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. |
k8s.io/apiserver 
stdlib
This PR contains the following updates:
0.62.1->0.63.1Release Notes
carvel-dev/kapp (carvel-dev/kapp)
### [`v0.63.1`](https://togithub.com/carvel-dev/kapp/releases/tag/v0.63.1) [Compare Source](https://togithub.com/carvel-dev/kapp/compare/v0.62.1...v0.63.1)
##### Installation ##### By downloading binary from the release For instance, if you are using Linux on an AMD64 architecture: ```shell ### Download the binary curl -LO https://github.com/carvel-dev/kapp/releases/download/v0.63.1/kapp-linux-amd64 ### Move the binary in to your PATH mv kapp-linux-amd64 /usr/local/bin/kapp ### Make the binary executable chmod +x /usr/local/bin/kapp ``` ##### Via Homebrew (macOS or Linux) ```shell $ brew tap carvel-dev/carvel $ brew install kapp $ kapp version ``` ##### Verify checksums file signature The checksums file provided within the artifacts attached to this release is signed using [Cosign](https://docs.sigstore.dev/cosign/overview/) with GitHub OIDC(Refer [this](https://docs.sigstore.dev/system_config/installation/) page for cosign installation). To validate the signature of this file, run the following commands: ```shell ### Download the checksums file, certificate and signature curl -LO https://github.com/carvel-dev/kapp/releases/download/v0.63.1/checksums.txt curl -LO https://github.com/carvel-dev/kapp/releases/download/v0.63.1/checksums.txt.pem curl -LO https://github.com/carvel-dev/kapp/releases/download/v0.63.1/checksums.txt.sig ### Verify the checksums file cosign verify-blob checksums.txt \ --certificate checksums.txt.pem \ --signature checksums.txt.sig \ --certificate-identity-regexp=https://github.com/carvel-dev \ --certificate-oidc-issuer=https://token.actions.githubusercontent.com ``` ##### Verify binary integrity To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature. ```shell ### Verify the binary using the checksums file sha256sum -c checksums.txt --ignore-missing ```Installation and signature verification
Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.