Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolve indirect dep CVE from adal4j #3175

Merged
merged 1 commit into from
Mar 8, 2024
Merged

Resolve indirect dep CVE from adal4j #3175

merged 1 commit into from
Mar 8, 2024

Conversation

codefromthecrypt
Copy link
Contributor

adal4j is an optional dependency. This means that for a project to use it, they must declare their own dependency. As such, it doesn't always show up in CVE reports as we do not require this dependency.

However, some will detect it and I also notice IntelliJ will. After updating its indirect dep, IntelliJ's detector is no longer aware of any CVE related to this.

Hopefully, this buys time, and removes any short term action about adal4j except deleting the code that uses it.

See #3169

Resolve indirect dep CVE from adal4j
d665803 
Signed-off-by: Adrian Cole <adrian@tetrate.io>
@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Mar 8, 2024
@k8s-ci-robot k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Mar 8, 2024
@codefromthecrypt codefromthecrypt mentioned this pull request Mar 8, 2024
Closed
@brendandburns
Copy link
Contributor

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 8, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: brendandburns, codefromthecrypt

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 8, 2024
@k8s-ci-robot k8s-ci-robot merged commit 75f0acd into kubernetes-client:master Mar 8, 2024
15 checks passed
@codefromthecrypt codefromthecrypt deleted the fix-adal4j-cve branch March 8, 2024 22:44
@Babak-abd Babak-abd mentioned this pull request Jul 25, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brendandburns brendandburns Awaiting requested review from brendandburns

@yue9944882 yue9944882 Awaiting requested review from yue9944882

Assignees

@brendandburns brendandburns

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@codefromthecrypt @brendandburns @k8s-ci-robot