chore(deps): address CVE-2023-39325, CVE-2023-47108 and GHSA-m425-mq9… #402
Conversation
|
This other PR is blocking #402
|
tiagolobocastro
added
the
DO NOT MERGE
The release seems to be there though? https://github.com/kubernetes-csi/node-driver-registrar/releases/tag/v2.10.0 |
Yes, the release is there, but the image has not been published. AFAIK that's done in a different repo (basically the one I've created that other PR). |
Ah, which other PR? |
Apologies! I was pasting the wrong PR link 🤦 : kubernetes/k8s.io#6256 |
no worries, it happens :) |
|
@tiagolobocastro csi-node-driver-registrar v2.10.0 image is available already. |
cmontemuino
force-pushed
the
address-vulnerabilities-csi-images
branch
from
16b488d
to
7c6b029
Compare
…4-257g CVE-2023-47108 and CVE-2023-39325 fixed in v2.10.0 from node-driver-registar GHSA-m425-mq94-257g fixed in v2.10.0 from node-driver-registar, and v6.3.3 from csi-snapshotter (and controller) images. https://avd.aquasec.com/nvd/2023/cve-2023-47108/ https://avd.aquasec.com/nvd/2023/cve-2023-39325/ GHSA-m425-mq94-257g Signed-off-by: cmontemuino <1761056+cmontemuino@users.noreply.github.com>
cmontemuino
force-pushed
the
address-vulnerabilities-csi-images
branch
from
7c6b029
to
d4e7102
Compare
|
@niladrih @Abhinandan-Purkait can we get a review here? thanks |
|
bors merge |
|
👎 Rejected by label |
tiagolobocastro
removed
the
DO NOT MERGE
|
bors merge |
|
Build succeeded: |
Upgrade images to fix the following vulnerabilities:
Description
CVE-2023-47108 and CVE-2023-39325 fixed in v2.10.0 from node-driver-registar
GHSA-m425-mq94-257g fixed in v2.10.0 from node-driver-registar, and v6.3.3 from csi-snapshotter (and controller) images.
Motivation and Context
Have no HIGH vulnerabilities in mayastor-extensions
Regression
No
--- see how your change affects other areas of the code, etc. -->
Types of changes
Checklist: