Merge pull request #137 from spolti/RHOAIENG-1777

Address vulnerability on goproxy
opendatahub-io · Jan 16, 2024 · a7eed86 · a7eed86
2 parents f6d9217 + 21d0429
commit a7eed86
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/go.mod b/go.mod
@@ -99,3 +99,8 @@ require (
  sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
  sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 )
+
+// remove when upgrade to controller-runtime 0.15.xor apimachinery to 0.27.x
+// Fixes github.com/elazarl/goproxy Denial of Service (DoS)
+// This dependency was remove from apimachinery 0.27.0
+replace k8s.io/apimachinery => k8s.io/apimachinery v0.27.0
diff --git a/go.sum b/go.sum
@@ -482,8 +482,8 @@ k8s.io/api v0.26.4 h1:qSG2PmtcD23BkYiWfoYAcak870eF/hE7NNYBYavTT94=
 k8s.io/api v0.26.4/go.mod h1:WwKEXU3R1rgCZ77AYa7DFksd9/BAIKyOmRlbVxgvjCk=
 k8s.io/apiextensions-apiserver v0.26.4 h1:9D2RTxYGxrG5uYg6D7QZRcykXvavBvcA59j5kTaedQI=
 k8s.io/apiextensions-apiserver v0.26.4/go.mod h1:cd4uGFGIgzEqUghWpRsr9KE8j2KNTjY8Ji8pnMMazyw=
-k8s.io/apimachinery v0.26.4 h1:rZccKdBLg9vP6J09JD+z8Yr99Ce8gk3Lbi9TCx05Jzs=
-k8s.io/apimachinery v0.26.4/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I=
+k8s.io/apimachinery v0.27.0 h1:vEyy/PVMbPMCPutrssCVHCf0JNZ0Px+YqPi82K2ALlk=
+k8s.io/apimachinery v0.27.0/go.mod h1:5ikh59fK3AJ287GUvpUsryoMFtH9zj/ARfWCo3AyXTM=
 k8s.io/client-go v0.26.4 h1:/7P/IbGBuT73A+G97trf44NTPSNqvuBREpOfdLbHvD4=
 k8s.io/client-go v0.26.4/go.mod h1:6qOItWm3EwxJdl/8p5t7FWtWUOwyMdA8N9ekbW4idpI=
 k8s.io/component-base v0.26.4 h1:Bg2xzyXNKL3eAuiTEu3XE198d6z22ENgFgGQv2GGOUk=