Did a little more vuln triaging to satisfy the scanners have Flyte #contribute

Did a little more vuln triaging to satisfy the sca...

gorgeous-waitress-5026

03/29/2024, 3:36 PM

Did a little more vuln triaging to satisfy the scanners - have 4 PRs open to update logrus, go-restful, lestrrat-go/jwx and cloudevents 🧵

👍 1

👍🏽 1

👀 2

gorgeous-waitress-5026

03/29/2024, 3:36 PM

https://github.com/flyteorg/flyte/pull/5139

gorgeous-waitress-5026

03/29/2024, 3:36 PM

https://github.com/flyteorg/flyte/pull/5140

gorgeous-waitress-5026

03/29/2024, 3:36 PM

https://github.com/flyteorg/flyte/pull/5142

gorgeous-waitress-5026

03/29/2024, 3:36 PM

https://github.com/flyteorg/flyte/pull/5141

gorgeous-waitress-5026

03/29/2024, 3:37 PM

There are also a few that got picked up in go-jose ... but I didn't tackle that one just yet. I see 2 variants of that library in use, which should probably be corrected

glamorous-carpet-83516

03/29/2024, 5:01 PM

thank you so much, we will take a look

gorgeous-waitress-5026

03/30/2024, 12:08 AM

One more vuln PR for some of the Go experimental packages - https://github.com/flyteorg/flyte/pull/5152

gorgeous-waitress-5026

03/30/2024, 12:09 AM

Most of those are HTTP2 related

gorgeous-waitress-5026

03/30/2024, 12:28 AM

Actually, I'm wrong about the source of those scan results ... that last PR shouldn't be as critical. Updating the grpc probe should resolve most of these issues: https://github.com/flyteorg/flyte/pull/5153

gorgeous-waitress-5026

03/30/2024, 8:53 AM

And I think the last 2 around vuln remediation to make our scanners (Twistlock) happy: https://github.com/flyteorg/flyte/pull/5155 https://github.com/flyteorg/flyte/pull/5154

gorgeous-waitress-5026

03/30/2024, 3:42 PM

One more for protobuf - https://github.com/flyteorg/flyte/pull/5156

2 Views

Open in Slack

Previous Next