https://flyte.org logo
#contribute
Title
# contribute
e

Ethan Brown

03/29/2024, 3:36 PM
Did a little more vuln triaging to satisfy the scanners - have 4 PRs open to update logrus, go-restful, lestrrat-go/jwx and cloudevents 🧵
There are also a few that got picked up in go-jose ... but I didn't tackle that one just yet. I see 2 variants of that library in use, which should probably be corrected
k

Kevin Su

03/29/2024, 5:01 PM
thank you so much, we will take a look
e

Ethan Brown

03/30/2024, 12:08 AM
One more vuln PR for some of the Go experimental packages - https://github.com/flyteorg/flyte/pull/5152
Most of those are HTTP2 related
Actually, I'm wrong about the source of those scan results ... that last PR shouldn't be as critical. Updating the grpc probe should resolve most of these issues: https://github.com/flyteorg/flyte/pull/5153
And I think the last 2 around vuln remediation to make our scanners (Twistlock) happy: https://github.com/flyteorg/flyte/pull/5155 https://github.com/flyteorg/flyte/pull/5154