ceph-csi

mirrors/ceph-csi

Fork 0

mirror of https://github.com/ceph/ceph-csi.git synced 2024-09-19 23:19:52 +00:00

Commit Graph

Author	SHA1	Message	Date
dependabot[bot]	e5d9b68d36	rebase: bump the golang-dependencies group with 1 update Bumps the golang-dependencies group with 1 update: [golang.org/x/crypto](https://github.com/golang/crypto). Updates `golang.org/x/crypto` from 0.16.0 to 0.17.0 - [Commits](https://github.com/golang/crypto/compare/v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>	2023-12-21 13:34:39 +00:00
Humble Chirammal	78211b694b	build: update client-go and other kube dependencies to 1.20.6 client-go 1.20.6 has a fix for below CVE: This patch address this via updating client-go and other dependencies. CVE-2019-11250 : The MITRE CVE dictionary describes this issue as: The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected. Ref# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11250 Signed-off-by: Humble Chirammal <hchiramm@redhat.com>	2021-05-26 09:14:10 +00:00
Madhu Rajanna	83559144b1	rebase: update kubernetes to v1.20.0 updated kubernetes packages to latest release. Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>	2020-12-17 16:04:54 +00:00

Author

SHA1

Message

Date

dependabot[bot]

e5d9b68d36

rebase: bump the golang-dependencies group with 1 update

Bumps the golang-dependencies group with 1 update: [golang.org/x/crypto](https://github.com/golang/crypto).


Updates `golang.org/x/crypto` from 0.16.0 to 0.17.0
- [Commits](https://github.com/golang/crypto/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

2023-12-21 13:34:39 +00:00

Humble Chirammal

78211b694b

build: update client-go and other kube dependencies to 1.20.6

client-go 1.20.6 has a fix for below CVE: This patch address this
via updating client-go and other dependencies.

CVE-2019-11250 : The MITRE CVE dictionary describes this issue as:

The Kubernetes client-go library logs request headers at verbosity
levels of 7 or higher. This can disclose credentials to unauthorized
users via logs or command output. Kubernetes components (such as
kube-apiserver) prior to v1.16.0, which make use of basic or bearer
token authentication, and run at high verbosity levels, are affected.

Ref# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11250

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>

2021-05-26 09:14:10 +00:00

Madhu Rajanna

83559144b1

rebase: update kubernetes to v1.20.0

updated kubernetes packages to latest
release.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>

2020-12-17 16:04:54 +00:00

3 Commits