-
Notifications
You must be signed in to change notification settings - Fork 321
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[NET-2420] security: re-enable security scan release block #3628
Merged
Commits on Feb 14, 2024
-
security: upgrade helm/v3 to 3.13.3
Addresses multiple CVEs: - CVE-2023-25165 - CVE-2022-23524 - CVE-2022-23526 - CVE-2022-23525
Configuration menu - View commit details
-
Copy full SHA for 18ab5b1 - Browse repository at this point
Copy the full SHA 18ab5b1View commit details -
Configuration menu - View commit details
-
Copy full SHA for 3449458 - Browse repository at this point
Copy the full SHA 3449458View commit details -
security: upgrade containerd to latest
Addresses GHSA-7ww5-4wqc-m92c (GO-2023-2412)
Configuration menu - View commit details
-
Copy full SHA for 22343e3 - Browse repository at this point
Copy the full SHA 22343e3View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0ffcb83 - Browse repository at this point
Copy the full SHA 0ffcb83View commit details -
Configuration menu - View commit details
-
Copy full SHA for ae2348a - Browse repository at this point
Copy the full SHA ae2348aView commit details -
security: upgrade filepath-securejoin to latest patch
Addresses GHSA-6xv5-86q9-7xr8 (GO-2023-2048)
Configuration menu - View commit details
-
Copy full SHA for c950489 - Browse repository at this point
Copy the full SHA c950489View commit details -
Configuration menu - View commit details
-
Copy full SHA for 57a10bc - Browse repository at this point
Copy the full SHA 57a10bcView commit details -
Configuration menu - View commit details
-
Copy full SHA for 8e9f1e6 - Browse repository at this point
Copy the full SHA 8e9f1e6View commit details
Commits on Feb 17, 2024
-
security: re-enable security scan release block
This was previously disabled due to an unresolved false-positive CVE. Re-enabling both secrets and OSV + Go Modules scanning, which per our current scan results should not be a blocker to future releases. Also add security scans on PR and merge to protected branches to allow proactive triage going forward. See hashicorp/consul#19978 for similar change in that repo, adapted here.
Configuration menu - View commit details
-
Copy full SHA for 8fda3bb - Browse repository at this point
Copy the full SHA 8fda3bbView commit details
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.