Several packages are only used while running the e2e suite. These
packages are less important to update, as the they can not influence the
final executable that is part of the Ceph-CSI container-image.
By moving these dependencies out of the main Ceph-CSI go.mod, it is
easier to identify if a reported CVE affects Ceph-CSI, or only the
testing (like most of the Kubernetes CVEs).
Signed-off-by: Niels de Vos <ndevos@ibm.com>
client-go 1.20.6 has a fix for below CVE: This patch address this
via updating client-go and other dependencies.
CVE-2019-11250 : The MITRE CVE dictionary describes this issue as:
The Kubernetes client-go library logs request headers at verbosity
levels of 7 or higher. This can disclose credentials to unauthorized
users via logs or command output. Kubernetes components (such as
kube-apiserver) prior to v1.16.0, which make use of basic or bearer
token authentication, and run at high verbosity levels, are affected.
Ref# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11250
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
