Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

go.mod update for CVE-2024-45337 #411

Merged
merged 1 commit into from
Dec 13, 2024

Conversation

saikat-royc
Copy link
Collaborator

@saikat-royc saikat-royc commented Dec 13, 2024

generated by
go mod vendor
go mod tidy

smoke test:

  1. build and push the container images to the registry
PROJECT=<my-gcp-project> make build-image-and-push-multi-arch BUILD_GCSFUSE_FROM_SOURCE=false REGISTRY=<gcr.io/my-gcp-project> STAGINGVERSION=v1
  1. Run scan for images gcs-fuse-csi-driver-metadata-prefetch, gcs-fuse-csi-driver, gcs-fuse-csi-driver-webhook
gcloud artifacts docker images scan <container image uri> --remote --experimental-package-types=GO | yq '.response.scan' | xargs -I {} gcloud artifacts docker images list-vulnerabilities {} | yq '.[] | select(.packageIssue.[].fixAvailable == "true")'

Note: gcs-fuse-csi-driver-sidecar-mounter still reports the CVE since the fix is required in gcsfuse binary

@saikat-royc saikat-royc requested a review from tyuchn December 13, 2024 21:09
@tyuchn
Copy link
Collaborator

tyuchn commented Dec 13, 2024

/lgtm
/approve

@saikat-royc saikat-royc merged commit 909db59 into GoogleCloudPlatform:main Dec 13, 2024
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants