Upgrade the grpc_health_probe version to v0.4.11 to resolve security vulnerability CVE-2022-27191 #1875
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
I upgraded the grpc_health_probe version to v0.4.11 to resolve security vulnerability CVE-2022-27191.
Also, I added the primaryPodLabels to tfjob's example.
$ trivy image --severity CRITICAL,HIGH docker.io/kubeflowkatib/katib-db-manager:latest 2022-05-25T23:37:21.684+0900 INFO Detected OS: alpine 2022-05-25T23:37:21.684+0900 INFO Detecting Alpine vulnerabilities... 2022-05-25T23:37:21.685+0900 INFO Number of language-specific files: 2 2022-05-25T23:37:21.685+0900 INFO Detecting gobinary vulnerabilities... docker.io/kubeflowkatib/katib-db-manager:latest (alpine 3.15.4) Total: 0 (HIGH: 0, CRITICAL: 0) app/katib-db-manager (gobinary) Total: 0 (HIGH: 0, CRITICAL: 0) bin/grpc_health_probe (gobinary) Total: 1 (HIGH: 1, CRITICAL: 0) ┌─────────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬───────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├─────────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼───────────────────────────────────────────────────┤ │ golang.org/x/crypto │ CVE-2022-27191 │ HIGH │ v0.0.0-20210513164829-c07d793c2f9a │ 0.0.0-20220315160706-3147a52a75dd │ golang: crash in a golang.org/x/crypto/ssh server │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ └─────────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴───────────────────────────────────────────────────┘
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when PR gets merged):Fixes #
Checklist: