Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Ensure kubeclient >= 4.9.3 to avoid CVE-2022-0759
Hi, I see your code uses `Kubeclient::Config.read(ENV['KUBECONFIG'])`. 4.9.3 fixed a severe issue in Config, in some scenarios causing insecure VERIFY_NONE connections that may leak cluster credentials — ManageIQ/kubeclient#554 Your dependency range already allowed 4.9.3 but it's safer to disallow the older versions.
- Loading branch information