Skip to content
This repository has been archived by the owner on Sep 2, 2024. It is now read-only.

fix vulnerabilities #1060

Merged
merged 1 commit into from
Jan 17, 2022
Merged

fix vulnerabilities #1060

merged 1 commit into from
Jan 17, 2022

Conversation

steven0711dong
Copy link
Contributor

@steven0711dong steven0711dong commented Jan 14, 2022
edited
Loading

Fixes #

Proposed Changes

Release Note

Fixes the following vulnerabilities: 
github.com/knative/pkg contains dependency that is subject to DoS attack. 
githun.com/kubernetes/utils contains a security issue that was discovered where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.

Docs

@knative-prow-robot knative-prow-robot added needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Jan 14, 2022
@knative-prow-robot knative-prow-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Jan 14, 2022
matzew
matzew approved these changes Jan 17, 2022
View reviewed changes
Copy link
Contributor

@matzew matzew left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@knative-prow-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: matzew, steven0711dong

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [matzew,steven0711dong]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@knative-prow-robot knative-prow-robot added the lgtm Indicates that a PR is ready to be merged. label Jan 17, 2022
@knative-prow-robot knative-prow-robot merged commit c6197ce into main Jan 17, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@matzew matzew matzew approved these changes

Assignees

@matzew matzew

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@steven0711dong @knative-prow-robot @matzew