Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade mongo-go-driver for CVE-2021-20329 #6450

Closed
reginapizza opened this issue May 26, 2023 · 1 comment · Fixed by #6383
Closed

upgrade mongo-go-driver for CVE-2021-20329 #6450

reginapizza opened this issue May 26, 2023 · 1 comment · Fixed by #6383
Assignees
@everettraven
Labels
priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Milestone
v1.30.0

Comments

@reginapizza
Copy link

Bug Report

CVE Advisory: GHSA-f6mq-5m25-4r72

Operator-sdk is currently using github.com/golang-migrate/migrate/v4 v4.6.2 (source) which uses mongo-go-driver v1.1.0 (source). All versions of mongo-go-driver that are <1.5.1 are affected by this CVE. Could it please be updated?
@emmajiafan
Copy link
Contributor

@reginapizza Thank you for the reminder. Already traced the problem.

@jberkhahn jberkhahn added this to the Backlog milestone Jun 5, 2023
@jberkhahn jberkhahn added the priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. label Jun 5, 2023
@jberkhahn jberkhahn removed this from the Backlog milestone Jun 5, 2023
@grokspawn grokspawn mentioned this issue Jun 6, 2023
Merged
5 tasks
@varshaprasad96 varshaprasad96 modified the milestones: v1.29.0, v1.30.0 Jun 12, 2023
@everettraven everettraven mentioned this issue Jun 21, 2023
Merged
2 tasks
@theishshah theishshah mentioned this issue Aug 14, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@everettraven everettraven

Labels
priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Projects
None yet
Milestone
v1.30.0
Development

Successfully merging a pull request may close this issue.

(chore): bump dependencies to resolve CVE issues everettraven/operator-sdk
5 participants
@jberkhahn @everettraven @emmajiafan @varshaprasad96 @reginapizza