Giters

GoogleContainerTools / skaffold

Easy and Repeatable Kubernetes Development

Home Page:https://skaffold.dev/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Upgrade skaffold go version to 1.22.0

alphanota opened this issue · comments

commented

Current go version skaffold uses (1.21.0) is affected by various vulnerabilties

CVE-2023-44487
CVE-2023-39323
CVE-2023-45285
CVE-2023-39322
CVE-2023-39321
CVE-2023-39326
CVE-2023-39318
CVE-2023-39319

Fixes for these are all in go version 1.21.3 and up

Information

  • Skaffold version: 2.10
  • Operating system: alpine:3.19
  • Installed via: skaffold.dev

Steps to reproduce the behavior

These vulnerabilities are a subset of the vulnerabilities here: https://pantheon.corp.google.com/gcr/images/k8s-skaffold/global/skaffold@sha256:483bcee1aae9a3651d9d5ad487ad8ec1f4a57b94e51dc31aa157b9f73629164c/details?tab=vulnz