Skip to content

Commit

Permalink
Bump kubeclient >= 4.9.3 to avoid Kubeclient::Config vulnerability
Browse files Browse the repository at this point in the history 
4.9.3 fixed [CVE-2022-0759 in `Kubeclient::Config`](ManageIQ/kubeclient#554), which I see you do use, at least in `create_client_from_config`.
Current "~> 4.3" range already allows 4.9.x but safer to force it as minimum.
  • Loading branch information
@cben
cben committed May 11, 2022
1 parent 641a120 commit ff697ea
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion fog-kubevirt.gemspec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,5 +32,5 @@ Gem::Specification.new do |spec|
spec.add_development_dependency "webmock", "~> 3.5"

spec.add_dependency("fog-core", "~> 2.1")
spec.add_dependency("kubeclient", "~> 4.3")
spec.add_dependency("kubeclient", ">= 4.9.3", "< 5.0.0")
end

0 comments on commit ff697ea

Please sign in to comment.