Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade skaffold go version to 1.22.0 #9288

Closed
alphanota opened this issue Jan 30, 2024 · 0 comments · Fixed by #9364
Closed

Upgrade skaffold go version to 1.22.0 #9288

alphanota opened this issue Jan 30, 2024 · 0 comments · Fixed by #9364
Assignees
@ericzzzzzzz

Comments

@alphanota
Copy link
Contributor

alphanota commented Jan 30, 2024
edited
Loading

Current go version skaffold uses (1.21.0) is affected by various vulnerabilties

CVE-2023-44487
CVE-2023-39323
CVE-2023-45285
CVE-2023-39322
CVE-2023-39321
CVE-2023-39326
CVE-2023-39318
CVE-2023-39319

Fixes for these are all in go version 1.21.3 and up

Information

  • Skaffold version: 2.10
  • Operating system: alpine:3.19
  • Installed via: skaffold.dev

Steps to reproduce the behavior

These vulnerabilities are a subset of the vulnerabilities here: https://pantheon.corp.google.com/gcr/images/k8s-skaffold/global/skaffold@sha256:483bcee1aae9a3651d9d5ad487ad8ec1f4a57b94e51dc31aa157b9f73629164c/details?tab=vulnz
@ericzzzzzzz ericzzzzzzz self-assigned this Feb 7, 2024
@alphanota alphanota changed the title Upgrade skaffold go version to 1.21.6 Upgrade skaffold go version to 1.22.0 Mar 22, 2024
This was referenced Mar 22, 2024
Closed
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ericzzzzzzz ericzzzzzzz

Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@alphanota @ericzzzzzzz