mirror of https://github.com/ceph/ceph-csi.git synced 2025-04-11 18:13:00 +00:00

Niels de Vos bec6090996 build: move e2e dependencies into e2e/go.mod

Several packages are only used while running the e2e suite. These
packages are less important to update, as the they can not influence the
final executable that is part of the Ceph-CSI container-image.

By moving these dependencies out of the main Ceph-CSI go.mod, it is
easier to identify if a reported CVE affects Ceph-CSI, or only the
testing (like most of the Kubernetes CVEs).

Signed-off-by: Niels de Vos <ndevos@ibm.com>

2025-03-07 16:05:04 +00:00

727 B

Raw Blame History

Security Policy

If you have discovered a security vulnerability in this project, please report it privately. Do not disclose it as a public issue. This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released.

You may submit the report in the following ways:

send an email to go-logr-security@googlegroups.com
send us a private vulnerability report

Please provide the following information in your report:

A description of the vulnerability and its impact
How to reproduce the issue

We ask that you give us 90 days to work on a fix before public exposure.

727 B Raw Blame History

Security Policy

727 B

Raw Blame History