Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): Upgrade opentelemetry/http and k8s.io/apimachinery #459

Merged
merged 1 commit into from
Nov 23, 2023

Conversation

spolti
Copy link
Contributor

@spolti spolti commented Nov 23, 2023

chore: This commit fixes the following CVEs:

Motivation

Modifications

Result

@ckadner ckadner requested review from tjohnson31415, ckadner and njhill and removed request for joerunde November 23, 2023 18:14
@ckadner ckadner changed the title vulnerabilities fixes chore(deps): Upgrade opentelemetry/http and k8s.io/apimachinery Nov 23, 2023
@spolti
Copy link
Contributor Author

spolti commented Nov 23, 2023

It seems that this is the cause for the failing tests:

PersistentVolumeClaims. preemption: 0/1 nodes are available: 1 No preemption victims found for incoming pod..

chore: This commit fixes the following CVEs:
- [CVE-2023-37788](https://www.cve.org/CVERecord?id=CVE-2023-37788):  github.com/elazarl/goproxy Denial of Service (DoS)
- [CVE-2022-21698](https://www.cve.org/CVERecord?id=CVE-2022-21698) / [CVE-2023-45142](https://www.cve.org/CVERecord?id=CVE-2023-45142): Allocation of Resources Without Limits or Throttling

Signed-off-by: Spolti <[email protected]>
Copy link
Member

@ckadner ckadner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@kserve-oss-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ckadner, spolti

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ckadner ckadner merged commit 2e3da8e into kserve:main Nov 23, 2023
9 checks passed
@ckadner
Copy link
Member

ckadner commented Nov 23, 2023

Thanks @spolti

@spolti spolti deleted the cve-c branch November 24, 2023 00:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants