-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updated KUBECTL_VERSION to 1.31.0 for fixing vulnerabilities #1690
Conversation
jdesouza
commented
Sep 25, 2024
•
edited by afdesk
Loading
edited by afdesk
Looks good although a kubectl vulnerability is likely to remain |
@jdesouza Could you please update this PR to upgrade only the kubectl version? Thanks! |
WDYT now? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Thanks!
@mozillazg wdyt?
go.mod
Outdated
@@ -1,6 +1,6 @@ | |||
module github.com/aquasecurity/kube-bench | |||
|
|||
go 1.22 | |||
go 1.22.7 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMHO, we should avoid updating this version in the go.mod file. This change will force all developers (including kube-bench maintainers and downstream project developers) to download go >=1.22.7.
@afdesk wdyt?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mozillazg I definitely agree with you!
my point was that we already use Go 1.22.7 for building in pipelines.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the review! Just reverted the go change. Now we have just the kubectl update
Alpine version was alredy bumped via #1676 |
@jdesouza @mozillazg thanks for your efforts! |
…urity#1690) * Bumped Go to 1.22.7 for fixing Critical/High vulberabilities * Bumped Go to 1.22.7 for fixing Critical/High vulberabilities * Bumped kubectl version for fixing vulnerabilities * Fixed kubectl version * Update go.mod