mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-01-18 10:49:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,745 Commits 29 Branches 40 Tags 168 MiB
9546818863
Commit Graph

9 Commits

Author SHA1 Message Date
Niels de Vos
d95c784457 rebase: update golang.org/x/net to v0.14 
golang.org/x/net/html v0.12 is vulnerable against CVE-2023-3978.
Exploiting it through Ceph-CSI is non-trivial, but rebasing
golang.org/x/net should take away any concerns.

See-also: https://pkg.go.dev/vuln/GO-2023-1988
Signed-off-by: Niels de Vos <ndevos@ibm.com>
(cherry picked from commit a129b1c4ab)
 2023-08-08 11:00:15 +02:00
Humble Chirammal
d721ed6c5c build: fix CVEs in the image 
This commit update dependencies which is required to fix below CVEs.

CVE-2022-27664
CVE-2022-27191

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
 2022-11-16 15:16:16 +00:00
dependabot[bot]
807f776132 rebase: bump github.com/onsi/ginkgo/v2 from 2.3.1 to 2.4.0 
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.3.1 to 2.4.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.3.1...v2.4.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-25 12:57:58 +00:00
dependabot[bot]
9a9c69cba2 rebase: bump github.com/aws/aws-sdk-go from 1.43.3 to 1.43.8 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.43.3 to 1.43.8.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.43.3...v1.43.8)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-01 08:11:06 +00:00
Madhu Rajanna
51a5bde97f ci: update golang dependencies to 1.17.5 release 
updating the depencendices to golang 1.17.5
release

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
 2021-12-13 07:32:54 +00:00
Madhu Rajanna
5762da3e91 rebase: update kubernetes to v1.23.0 
updating go dependency to latest kubernetes
released version i.e v1.23.0

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
 2021-12-13 07:32:54 +00:00
Rakshith R
1b23d78113 rebase: update kubernetes to v1.21.2 
Updated kubernetes packages to latest release.
resizefs package has been included into k8s.io/mount-utils
package. updated code to use the same.

Updates: #1968

Signed-off-by: Rakshith R <rar@redhat.com>
 2021-07-01 03:35:23 +00:00
Madhu Rajanna
fb7dc13dfe rebase: update packages in go.mod to latest releases 
updated few packages in go.mod to latest
available release.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
 2021-06-04 11:52:22 +00:00
Niels de Vos
2b7f078943 rebase: vendor golang.org/x/crypto and update to latest 
The new SecretsMetadataKMS provider encrypts/decrypts DEKs as they are
stored in the metadata of volumes. The encryption/decryption uses
golang.org/x/crypto/scrypt to generate the encryption key from a
passphrase.

While vendoring golang.org/x/crypto, already vendored sub-packages have
been updated.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
 2021-03-12 10:11:47 +00:00