Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RHCLOUD-36134] upgrade aws-sdk-go and golang-jwt to the latest version #238

Merged
merged 2 commits into from
Nov 7, 2024
Merged

[RHCLOUD-36134] upgrade aws-sdk-go and golang-jwt to the latest version #238

merged 2 commits into from
Nov 7, 2024

Conversation

petracihalova
Copy link
Contributor

@petracihalova petracihalova commented Nov 7, 2024
edited
Loading

RHCLOUD-36134

upgrade github.com/aws/aws-sdk-go package to the latest version => generate new image with latest base image and fix some vulnerabilities

and upgrade github.com/golang-jwt/jwt/v4 to the latest version and fix vulnerability GHSA-29wx-vh33-7x7r

NAME                          INSTALLED          FIXED-IN            TYPE       VULNERABILITY        SEVERITY 
bzip2-libs                    1.0.6-26.el8       0:1.0.6-27.el8_10   rpm        CVE-2019-12900       Low       
github.com/golang-jwt/jwt/v4  v4.5.0             4.5.1               go-module  GHSA-29wx-vh33-7x7r  Low       
krb5-libs                     1.18.2-29.el8_10   0:1.18.2-30.el8_10  rpm        CVE-2024-3596        High      
openssl-libs                  1:1.1.1k-12.el8_9  1:1.1.1k-14.el8_6   rpm        CVE-2024-5535        Low       
stdlib                        go1.20.10          1.21.11, 1.22.4     go-module  CVE-2024-24790       Critical  
stdlib                        go1.20.10          1.21.0-0            go-module  CVE-2023-24531       Critical  
stdlib                        go1.20.10          1.22.7, 1.23.1      go-module  CVE-2024-34158       High      
stdlib                        go1.20.10          1.22.7, 1.23.1      go-module  CVE-2024-34156       High      
stdlib                        go1.20.10          1.21.12, 1.22.5     go-module  CVE-2024-24791       High      
stdlib                        go1.20.10          1.21.8, 1.22.1      go-module  CVE-2024-24784       High      
stdlib                        go1.20.10          1.21.9, 1.22.2      go-module  CVE-2023-45288       High      
stdlib                        go1.20.10          1.20.12, 1.21.5     go-module  CVE-2023-45285       High      
stdlib                        go1.20.10          1.22.7, 1.23.1      go-module  CVE-2024-34155       Medium    
stdlib                        go1.20.10          1.21.11, 1.22.4     go-module  CVE-2024-24789       Medium    
stdlib                        go1.20.10          1.21.10, 1.22.3     go-module  CVE-2024-24787       Medium    
stdlib                        go1.20.10          1.21.8, 1.22.1      go-module  CVE-2024-24783       Medium    
stdlib                        go1.20.10          1.21.8, 1.22.1      go-module  CVE-2023-45289       Medium    
stdlib                        go1.20.10          1.20.12, 1.21.5     go-module  CVE-2023-39326       Medium    
stdlib                        go1.20.10          1.21.8, 1.22.1      go-module  CVE-2024-24785       Unknown   
stdlib                        go1.20.10          1.21.8, 1.22.1      go-module  CVE-2023-45290       Unknown

@petracihalova petracihalova changed the title [RHCLOUD-36134] upgrade github.com/aws/aws-sdk-go package to the latest version [RHCLOUD-36134] upgrade aws-sdk-go and golang-jwt to the latest version Nov 7, 2024
@petracihalova
Copy link
Contributor Author

/retest

Ellen-Yi-Dong
Ellen-Yi-Dong approved these changes Nov 7, 2024
View reviewed changes
Copy link
Contributor

@Ellen-Yi-Dong Ellen-Yi-Dong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@petracihalova
Copy link
Contributor Author

we can ignore the failing security test

NAME        INSTALLED     FIXED-IN           TYPE       VULNERABILITY   SEVERITY 
bzip2-libs  1.0.6-26.el8  0:1.0.6-27.el8_10  rpm        CVE-2019-12900  Low       
stdlib      go1.21.13     1.22.7, 1.23.1     go-module  CVE-2024-34158  High      
stdlib      go1.21.13     1.22.7, 1.23.1     go-module  CVE-2024-34156  High      
stdlib      go1.21.13     1.22.7, 1.23.1     go-module  CVE-2024-34155  Medium

stdlib (go1.21.13):

@petracihalova petracihalova merged commit 4a0e25e into RedHatInsights:main Nov 7, 2024
8 of 9 checks passed
@petracihalova petracihalova deleted the aws-sdk-go-update branch November 7, 2024 21:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ellen-Yi-Dong Ellen-Yi-Dong Ellen-Yi-Dong approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@petracihalova @Ellen-Yi-Dong