Did a little more vuln triaging to satisfy the sca...
# contributee
Ethan Brown
03/29/2024, 3:36 PMDid a little more vuln triaging to satisfy the scanners - have 4 PRs open to update logrus, go-restful, lestrrat-go/jwx and cloudevents 🧵
Ethan Brown
03/29/2024, 3:36 PMEthan Brown
03/29/2024, 3:36 PMEthan Brown
03/29/2024, 3:36 PMEthan Brown
03/29/2024, 3:36 PMEthan Brown
03/29/2024, 3:37 PMThere are also a few that got picked up in go-jose ... but I didn't tackle that one just yet. I see 2 variants of that library in use, which should probably be corrected
k
Kevin Su
03/29/2024, 5:01 PMthank you so much, we will take a look
e
Ethan Brown
03/30/2024, 12:08 AMOne more vuln PR for some of the Go experimental packages - https://github.com/flyteorg/flyte/pull/5152
Ethan Brown
03/30/2024, 12:09 AMMost of those are HTTP2 related
Ethan Brown
03/30/2024, 12:28 AMActually, I'm wrong about the source of those scan results ... that last PR shouldn't be as critical. Updating the grpc probe should resolve most of these issues:
https://github.com/flyteorg/flyte/pull/5153
Ethan Brown
03/30/2024, 8:53 AMAnd I think the last 2 around vuln remediation to make our scanners (Twistlock) happy:
https://github.com/flyteorg/flyte/pull/5155
https://github.com/flyteorg/flyte/pull/5154
Ethan Brown
03/30/2024, 3:42 PMOne more for protobuf - https://github.com/flyteorg/flyte/pull/5156