Security update kube-lineage to go version 1.22.4 and removed cve's #14
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ates Bumps the go_modules group with 1 update in the / directory: [helm.sh/helm/v3](https://github.com/helm/helm). Updates `helm.sh/helm/v3` from 3.8.0 to 3.14.3 - [Release notes](https://github.com/helm/helm/releases) - [Commits](helm/helm@v3.8.0...v3.14.3) Updates `github.com/containerd/containerd` from 1.5.9 to 1.7.12 - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](containerd/containerd@v1.5.9...v1.7.12) Updates `github.com/cyphar/filepath-securejoin` from 0.2.3 to 0.2.4 - [Release notes](https://github.com/cyphar/filepath-securejoin/releases) - [Commits](cyphar/filepath-securejoin@v0.2.3...v0.2.4) Updates `github.com/docker/distribution` from 2.7.1+incompatible to 2.8.2+incompatible - [Release notes](https://github.com/docker/distribution/releases) - [Commits](distribution/distribution@v2.7.1...v2.8.2) Updates `github.com/docker/docker` from 20.10.12+incompatible to 24.0.7+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v20.10.12...v24.0.7) Updates `github.com/prometheus/client_golang` from 1.11.0 to 1.16.0 - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.11.0...v1.16.0) Updates `golang.org/x/crypto` from 0.0.0-20211117183948-ae814b36b871 to 0.17.0 - [Commits](https://github.com/golang/crypto/commits/v0.17.0) Updates `golang.org/x/net` from 0.0.0-20220107192237-5cfca573fb4d to 0.17.0 - [Commits](https://github.com/golang/net/commits/v0.17.0) Updates `golang.org/x/sys` from 0.0.0-20211216021012-1d35b9e2eb4e to 0.15.0 - [Commits](https://github.com/golang/sys/commits/v0.15.0) Updates `golang.org/x/text` from 0.3.7 to 0.14.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.3.7...v0.14.0) Updates `google.golang.org/grpc` from 1.43.0 to 1.58.3 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.43.0...v1.58.3) Updates `google.golang.org/protobuf` from 1.27.1 to 1.31.0 Updates `gopkg.in/yaml.v3` from 3.0.0-20210107192922-496545a6307b to 3.0.1 --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/containerd/containerd dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/cyphar/filepath-securejoin dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/docker/distribution dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/docker/docker dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/prometheus/client_golang dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/crypto dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/sys dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/text dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/grpc dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/protobuf dependency-type: indirect dependency-group: go_modules - dependency-name: gopkg.in/yaml.v3 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>
…es-de2fb0d841 chore(deps): Bump the go_modules group across 1 directory with 13 updates
feat: Increase client-go QPS to handle clusters with large amount of CRDs
Working version
Working version
Working version
Working version
Avi-Robusta
changed the title
Avi-Robusta
added a commit
to robusta-dev/holmesgpt
that referenced
this pull request
Jul 14, 2024
We might want to do something different with the binaries for kube-lineage tested in arm (locally) and amd Notes: - created a version of kube-lineage without go cve's - Removed krew since it was no longer needed with our kubelineage binary - removed gcloud and aws cli due to cves, we dont need them in cluster (I made a seperate docker image for local running) - updated packages urllib3 and certifi due to cves PR for kube lineage tohjustin/kube-lineage#14 my Kube lineage fork: https://github.com/Avi-Robusta/kube-lineage
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I scanned it in my cluster and a lot of cves came up in it
I removed them and also added it to build standalone binaries in the git action for amd and arm
I have my own fork if anyone needs it till its merged:
https://github.com/Avi-Robusta/kube-lineage/releases/tag/v2.0.2