Updated Dependencies #134

aschaber1 · 2023-09-28T22:15:18Z

After enabling dependabot (#133) in my fork there were a good few updates to consider.
I merged everything where the tests passed.

You can see what happened here: https://github.com/aschaber1/movetokube-postgres-operator/pulls?q=is%3Apr

If you have any questions, please let me know. I'd gladly help.

Bumps [helm/chart-releaser-action](https://github.com/helm/chart-releaser-action) from 1.4.1 to 1.5.0. - [Release notes](https://github.com/helm/chart-releaser-action/releases) - [Commits](helm/chart-releaser-action@v1.4.1...v1.5.0) --- updated-dependencies: - dependency-name: helm/chart-releaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [actions/checkout](https://github.com/actions/checkout) from 1 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v1...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [golang.org/x/text](https://github.com/golang/text) from 0.3.2 to 0.3.8. - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.3.2...v0.3.8) --- updated-dependencies: - dependency-name: golang.org/x/text dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

…/helm/chart-releaser-action-1.5.0 Bump helm/chart-releaser-action from 1.4.1 to 1.5.0

…/actions/checkout-4 Bump actions/checkout from 1 to 4

…/actions/setup-go-4 Bump actions/setup-go from 3 to 4

…/x/text-0.3.8 Bump golang.org/x/text from 0.3.2 to 0.3.8

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.0.0-20200414173820-0848c9571904 to 0.1.0. - [Commits](https://github.com/golang/crypto/commits/v0.1.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [github.com/lib/pq](https://github.com/lib/pq) from 1.3.0 to 1.10.9. - [Release notes](https://github.com/lib/pq/releases) - [Commits](lib/pq@v1.3.0...v1.10.9) --- updated-dependencies: - dependency-name: github.com/lib/pq dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [github.com/emicklei/go-restful](https://github.com/emicklei/go-restful) from 2.11.1+incompatible to 2.16.0+incompatible. - [Release notes](https://github.com/emicklei/go-restful/releases) - [Changelog](https://github.com/emicklei/go-restful/blob/v3/CHANGES.md) - [Commits](emicklei/go-restful@v2.11.1...v2.16.0) --- updated-dependencies: - dependency-name: github.com/emicklei/go-restful dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

…/x/crypto-0.1.0 Bump golang.org/x/crypto from 0.0.0-20200414173820-0848c9571904 to 0.1.0

…m/emicklei/go-restful-2.16.0incompatible Bump github.com/emicklei/go-restful from 2.11.1+incompatible to 2.16.0+incompatible

…thub.com/lib/pq-1.10.9 Bump github.com/lib/pq from 1.3.0 to 1.10.9

Bumps [github.com/gogo/protobuf](https://github.com/gogo/protobuf) from 1.3.1 to 1.3.2. - [Release notes](https://github.com/gogo/protobuf/releases) - [Commits](gogo/protobuf@v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: github.com/gogo/protobuf dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

…/gogo/protobuf-1.3.2 Bump github.com/gogo/protobuf from 1.3.1 to 1.3.2

Bumps [github.com/go-openapi/spec](https://github.com/go-openapi/spec) from 0.19.4 to 0.20.9. - [Commits](go-openapi/spec@v0.19.4...v0.20.9) --- updated-dependencies: - dependency-name: github.com/go-openapi/spec dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

…hub.com/go-openapi/spec-0.20.9 Bump github.com/go-openapi/spec from 0.19.4 to 0.20.9

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.0.0-20200301022130-244492dfa37a to 0.7.0. - [Commits](https://github.com/golang/net/commits/v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

…/x/net-0.7.0 Bump golang.org/x/net from 0.0.0-20200301022130-244492dfa37a to 0.7.0

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.5.1 to 1.11.1. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.5.1...v1.11.1) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

…m/prometheus/client_golang-1.11.1 Bump github.com/prometheus/client_golang from 1.5.1 to 1.11.1

Bumps [github.com/golang/mock](https://github.com/golang/mock) from 1.3.1 to 1.6.0. - [Release notes](https://github.com/golang/mock/releases) - [Changelog](https://github.com/golang/mock/blob/main/.goreleaser.yml) - [Commits](golang/mock@1.3.1...v1.6.0) --- updated-dependencies: - dependency-name: github.com/golang/mock dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

…thub.com/golang/mock-1.6.0 Bump github.com/golang/mock from 1.3.1 to 1.6.0

Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.12.0 to 1.16.5. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](onsi/ginkgo@v1.12.0...v1.16.5) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

…thub.com/onsi/ginkgo-1.16.5 Bump github.com/onsi/ginkgo from 1.12.0 to 1.16.5

aschaber1 · 2023-09-28T22:23:03Z

Also two dependencies were unable to pass test/build pipelines:

aschaber1 · 2023-12-08T20:04:31Z

@hitman99 , there are a few issues even with the current version v1.3.0. Here's a trivy image scan from just now:

I tried to address a few issues when I first created this PR. With the depandabot config in #133 it might become easier to keep the dependencies current and thus reduce the number of findings on the image.


ghcr.io/movetokube/postgres-operator:1.3.0 (redhat 8.9)
=======================================================
Total: 79 (UNKNOWN: 0, LOW: 62, MEDIUM: 17, HIGH: 0, CRITICAL: 0)

┌─────────────────┬──────────────────┬──────────┬──────────────┬───────────────────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐
│     Library     │  Vulnerability   │ Severity │    Status    │       Installed Version       │ Fixed Version │                            Title                             │
├─────────────────┼──────────────────┼──────────┼──────────────┼───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ bzip2-libs      │ CVE-2019-12900   │ LOW      │ will_not_fix │ 1.0.6-26.el8                  │               │ bzip2: out-of-bounds write in function BZ2_decompress        │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2019-12900                   │
├─────────────────┼──────────────────┤          ├──────────────┼───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ ca-certificates │ CVE-2023-37920   │          │ affected     │ 2023.2.60_v7.0.306-80.0.el8_8 │               │ python-certifi: Removal of e-Tugra root certificate          │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-37920                   │
├─────────────────┼──────────────────┼──────────┤              ├───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ curl            │ CVE-2023-46218   │ MEDIUM   │              │ 7.61.1-33.el8                 │               │ curl: information disclosure by exploiting a mixed case flaw │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-46218                   │
│                 ├──────────────────┼──────────┼──────────────┤                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2023-27534   │ LOW      │ will_not_fix │                               │               │ curl: SFTP path ~ resolving discrepancy                      │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-27534                   │
│                 ├──────────────────┤          ├──────────────┤                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2023-28322   │          │ affected     │                               │               │ curl: more POST-after-PUT confusion                          │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-28322                   │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2023-38546   │          │              │                               │               │ curl: cookie injection with none file                        │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-38546                   │
├─────────────────┼──────────────────┤          ├──────────────┼───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ elfutils-libelf │ CVE-2021-33294   │          │ will_not_fix │ 0.189-3.el8                   │               │ an infinite loop was found in the function handle_symtab in  │
│                 │                  │          │              │                               │               │ readelf.c which...                                           │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2021-33294                   │
├─────────────────┼──────────────────┤          │              ├───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ file-libs       │ CVE-2019-8905    │          │              │ 5.33-25.el8                   │               │ file: stack-based buffer over-read in do_core_note in        │
│                 │                  │          │              │                               │               │ readelf.c                                                    │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2019-8905                    │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2019-8906    │          │              │                               │               │ file: out-of-bounds read in do_core_note in readelf.c        │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2019-8906                    │
├─────────────────┼──────────────────┤          │              ├───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ gawk            │ CVE-2023-4156    │          │              │ 4.2.1-4.el8                   │               │ heap out of bound read in builtin.c                          │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-4156                    │
├─────────────────┼──────────────────┤          │              ├───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ glib2           │ CVE-2023-29499   │          │              │ 2.56.4-161.el8                │               │ glib: GVariant offset table entry size is not checked in     │
│                 │                  │          │              │                               │               │ is_normal()                                                  │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-29499                   │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2023-32611   │          │              │                               │               │ glib: g_variant_byteswap() can take a long time with some    │
│                 │                  │          │              │                               │               │ non-normal inputs                                            │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-32611                   │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2023-32636   │          │              │                               │               │ Timeout in fuzz_variant_text                                 │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-32636                   │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2023-32665   │          │              │                               │               │ glib: GVariant deserialisation does not match spec for       │
│                 │                  │          │              │                               │               │ non-normal data                                              │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-32665                   │
├─────────────────┼──────────────────┤          │              ├───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ gmp             │ CVE-2021-43618   │          │              │ 1:6.1.2-10.el8                │               │ gmp: Integer overflow and resultant buffer overflow via      │
│                 │                  │          │              │                               │               │ crafted input                                                │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2021-43618                   │
├─────────────────┼──────────────────┤          │              ├───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ gnupg2          │ CVE-2022-3219    │          │              │ 2.2.20-3.el8_6                │               │ denial of service issue (resource consumption) using         │
│                 │                  │          │              │                               │               │ compressed packets                                           │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2022-3219                    │
├─────────────────┼──────────────────┼──────────┼──────────────┼───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ gnutls          │ CVE-2023-5981    │ MEDIUM   │ affected     │ 3.6.16-7.el8                  │               │ gnutls: timing side-channel in the RSA-PSK authentication    │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-5981                    │
│                 ├──────────────────┼──────────┼──────────────┤                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2021-4209    │ LOW      │ will_not_fix │                               │               │ GnuTLS: Null pointer dereference in MD_UPDATE                │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2021-4209                    │
├─────────────────┼──────────────────┼──────────┤              ├───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ krb5-libs       │ CVE-2020-17049   │ MEDIUM   │              │ 1.18.2-26.el8_9               │               │ Kerberos: delegation constrain bypass in S4U2Proxy           │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2020-17049                   │
├─────────────────┼──────────────────┼──────────┤              ├───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libarchive      │ CVE-2018-1000879 │ LOW      │              │ 3.3.3-5.el8                   │               │ libarchive: NULL pointer dereference in ACL parser resulting │
│                 │                  │          │              │                               │               │ in a denial of...                                            │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2018-1000879                 │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2018-1000880 │          │              │                               │               │ libarchive: Improper input validation in WARC parser         │
│                 │                  │          │              │                               │               │ resulting in a denial of...                                  │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2018-1000880                 │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2020-21674   │          │              │                               │               │ libarchive: heap-based buffer overflow in                    │
│                 │                  │          │              │                               │               │ archive_string_append_from_wcs function in archive_string.c  │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2020-21674                   │
├─────────────────┼──────────────────┼──────────┼──────────────┼───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libcap          │ CVE-2023-2603    │ MEDIUM   │ fixed        │ 2.48-5.el8                    │ 2.48-5.el8_8  │ libcap: Integer Overflow in _libcap_strdup()                 │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-2603                    │
│                 ├──────────────────┼──────────┤              │                               │               ├──────────────────────────────────────────────────────────────┤
│                 │ CVE-2023-2602    │ LOW      │              │                               │               │ libcap: Memory Leak on pthread_create() Error                │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-2602                    │
├─────────────────┼──────────────────┼──────────┼──────────────┼───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libcurl         │ CVE-2023-46218   │ MEDIUM   │ affected     │ 7.61.1-33.el8                 │               │ curl: information disclosure by exploiting a mixed case flaw │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-46218                   │
│                 ├──────────────────┼──────────┼──────────────┤                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2023-27534   │ LOW      │ will_not_fix │                               │               │ curl: SFTP path ~ resolving discrepancy                      │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-27534                   │
│                 ├──────────────────┤          ├──────────────┤                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2023-28322   │          │ affected     │                               │               │ curl: more POST-after-PUT confusion                          │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-28322                   │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2023-38546   │          │              │                               │               │ curl: cookie injection with none file                        │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-38546                   │
├─────────────────┼──────────────────┼──────────┼──────────────┼───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libgcc          │ CVE-2021-42694   │ MEDIUM   │ will_not_fix │ 8.5.0-20.el8                  │               │ Developer environment: Homoglyph characters can lead to      │
│                 │                  │          │              │                               │               │ trojan source attack                                         │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2021-42694                   │
│                 ├──────────────────┼──────────┤              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2018-20657   │ LOW      │              │                               │               │ libiberty: Memory leak in demangle_template function         │
│                 │                  │          │              │                               │               │ resulting in a denial of service...                          │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2018-20657                   │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2019-14250   │          │              │                               │               │ binutils: integer overflow in simple-object-elf.c leads to a │
│                 │                  │          │              │                               │               │ heap-based buffer overflow                                   │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2019-14250                   │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2022-27943   │          │              │                               │               │ libiberty/rust-demangle.c in GNU GCC 11.2 allows stack       │
│                 │                  │          │              │                               │               │ exhaustion in demangle_const                                 │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2022-27943                   │
├─────────────────┼──────────────────┼──────────┤              ├───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libgcrypt       │ CVE-2019-12904   │ MEDIUM   │              │ 1.8.5-7.el8_6                 │               │ Libgcrypt: physical addresses being available to other       │
│                 │                  │          │              │                               │               │ processes leads to a flush-and-reload...                     │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2019-12904                   │
├─────────────────┼──────────────────┤          │              ├───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libstdc++       │ CVE-2021-42694   │          │              │ 8.5.0-20.el8                  │               │ Developer environment: Homoglyph characters can lead to      │
│                 │                  │          │              │                               │               │ trojan source attack                                         │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2021-42694                   │
│                 ├──────────────────┼──────────┤              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2018-20657   │ LOW      │              │                               │               │ libiberty: Memory leak in demangle_template function         │
│                 │                  │          │              │                               │               │ resulting in a denial of service...                          │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2018-20657                   │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2019-14250   │          │              │                               │               │ binutils: integer overflow in simple-object-elf.c leads to a │
│                 │                  │          │              │                               │               │ heap-based buffer overflow                                   │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2019-14250                   │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2022-27943   │          │              │                               │               │ libiberty/rust-demangle.c in GNU GCC 11.2 allows stack       │
│                 │                  │          │              │                               │               │ exhaustion in demangle_const                                 │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2022-27943                   │
├─────────────────┼──────────────────┤          │              ├───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libtasn1        │ CVE-2018-1000654 │          │              │ 4.13-4.el8_7                  │               │ libtasn1: Infinite loop in _asn1_expand_object_id(ptree)     │
│                 │                  │          │              │                               │               │ leads to memory exhaustion                                   │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2018-1000654                 │
├─────────────────┼──────────────────┼──────────┼──────────────┼───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libxml2         │ CVE-2023-39615   │ MEDIUM   │ affected     │ 2.9.7-16.el8_8.1              │               │ libxml2: crafted xml can cause global buffer overflow        │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-39615                   │
│                 ├──────────────────┼──────────┼──────────────┤                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2023-45322   │ LOW      │ will_not_fix │                               │               │ libxml2: use-after-free in xmlUnlinkNode() in tree.c         │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-45322                   │
├─────────────────┼──────────────────┤          │              ├───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libzstd         │ CVE-2021-24032   │          │              │ 1.4.4-1.el8                   │               │ Race condition allows attacker to access world-readable      │
│                 │                  │          │              │                               │               │ destination file                                             │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2021-24032                   │
├─────────────────┼──────────────────┼──────────┤              ├───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ lz4-libs        │ CVE-2019-17543   │ MEDIUM   │              │ 1.8.3-3.el8_4                 │               │ lz4: heap-based buffer overflow in LZ4_write32               │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2019-17543                   │
├─────────────────┼──────────────────┼──────────┤              ├───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ ncurses-base    │ CVE-2018-19211   │ LOW      │              │ 6.1-10.20180224.el8           │               │ ncurses: Null pointer dereference at function                │
│                 │                  │          │              │                               │               │ _nc_parse_entry in parse_entry.c                             │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2018-19211                   │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2018-19217   │          │              │                               │               │ ncurses: Null pointer dereference at function _nc_name_match │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2018-19217                   │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2020-19185   │          │              │                               │               │ ncurses: Heap buffer overflow in one_one_mapping function in │
│                 │                  │          │              │                               │               │ progs/dump_entry.c:1373                                      │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2020-19185                   │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2020-19186   │          │              │                               │               │ ncurses: Buffer overflow in _nc_find_entry function in       │
│                 │                  │          │              │                               │               │ tinfo/comp_hash.c:66                                         │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2020-19186                   │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2020-19187   │          │              │                               │               │ ncurses: Heap buffer overflow in fmt_entry function in       │
│                 │                  │          │              │                               │               │ progs/dump_entry.c:1100                                      │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2020-19187                   │
│                 ├──────────────────┤          ├──────────────┤                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2020-19188   │          │ affected     │                               │               │ ncurses: Stack buffer overflow in fmt_entry function in      │
│                 │                  │          │              │                               │               │ progs/dump_entry.c:1116                                      │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2020-19188                   │
│                 ├──────────────────┤          ├──────────────┤                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2020-19189   │          │ will_not_fix │                               │               │ ncurses: Heap buffer overflow in postprocess_terminfo        │
│                 │                  │          │              │                               │               │ function in tinfo/parse_entry.c:997                          │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2020-19189                   │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2020-19190   │          │              │                               │               │ ncurses: Heap buffer overflow in _nc_find_entry in           │
│                 │                  │          │              │                               │               │ tinfo/comp_hash.c:70                                         │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2020-19190                   │
│                 ├──────────────────┤          ├──────────────┤                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2021-39537   │          │ affected     │                               │               │ heap-based buffer overflow in _nc_captoinfo() in captoinfo.c │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2021-39537                   │
├─────────────────┼──────────────────┤          ├──────────────┤                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│ ncurses-libs    │ CVE-2018-19211   │          │ will_not_fix │                               │               │ ncurses: Null pointer dereference at function                │
│                 │                  │          │              │                               │               │ _nc_parse_entry in parse_entry.c                             │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2018-19211                   │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2018-19217   │          │              │                               │               │ ncurses: Null pointer dereference at function _nc_name_match │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2018-19217                   │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2020-19185   │          │              │                               │               │ ncurses: Heap buffer overflow in one_one_mapping function in │
│                 │                  │          │              │                               │               │ progs/dump_entry.c:1373                                      │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2020-19185                   │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2020-19186   │          │              │                               │               │ ncurses: Buffer overflow in _nc_find_entry function in       │
│                 │                  │          │              │                               │               │ tinfo/comp_hash.c:66                                         │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2020-19186                   │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2020-19187   │          │              │                               │               │ ncurses: Heap buffer overflow in fmt_entry function in       │
│                 │                  │          │              │                               │               │ progs/dump_entry.c:1100                                      │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2020-19187                   │
│                 ├──────────────────┤          ├──────────────┤                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2020-19188   │          │ affected     │                               │               │ ncurses: Stack buffer overflow in fmt_entry function in      │
│                 │                  │          │              │                               │               │ progs/dump_entry.c:1116                                      │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2020-19188                   │
│                 ├──────────────────┤          ├──────────────┤                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2020-19189   │          │ will_not_fix │                               │               │ ncurses: Heap buffer overflow in postprocess_terminfo        │
│                 │                  │          │              │                               │               │ function in tinfo/parse_entry.c:997                          │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2020-19189                   │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2020-19190   │          │              │                               │               │ ncurses: Heap buffer overflow in _nc_find_entry in           │
│                 │                  │          │              │                               │               │ tinfo/comp_hash.c:70                                         │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2020-19190                   │
│                 ├──────────────────┤          ├──────────────┤                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2021-39537   │          │ affected     │                               │               │ heap-based buffer overflow in _nc_captoinfo() in captoinfo.c │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2021-39537                   │
├─────────────────┼──────────────────┤          ├──────────────┼───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ openldap        │ CVE-2023-2953    │          │ will_not_fix │ 2.4.46-18.el8                 │               │ null pointer dereference in ber_memalloc_x function          │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-2953                    │
├─────────────────┼──────────────────┤          │              ├───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ openssl-libs    │ CVE-2023-0464    │          │              │ 1:1.1.1k-9.el8_7              │               │ openssl: Denial of service by excessive resource usage in    │
│                 │                  │          │              │                               │               │ verifying X509 policy...                                     │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-0464                    │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2023-0465    │          │              │                               │               │ openssl: Invalid certificate policies in leaf certificates   │
│                 │                  │          │              │                               │               │ are silently ignored                                         │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-0465                    │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2023-0466    │          │              │                               │               │ openssl: Certificate policy check not enabled                │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-0466                    │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2023-2650    │          │              │                               │               │ openssl: Possible DoS translating ASN.1 object identifiers   │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-2650                    │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2023-3446    │          │              │                               │               │ openssl: Excessive time spent checking DH keys and           │
│                 │                  │          │              │                               │               │ parameters                                                   │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-3446                    │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2023-3817    │          │              │                               │               │ OpenSSL: Excessive time spent checking DH q parameter value  │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-3817                    │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2023-5678    │          │              │                               │               │ openssl: Generating excessively long X9.42 DH keys or        │
│                 │                  │          │              │                               │               │ checking excessively long X9.42...                           │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2023-5678                    │
├─────────────────┼──────────────────┼──────────┤              ├───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ rpm             │ CVE-2021-35937   │ MEDIUM   │              │ 4.14.3-26.el8                 │               │ rpm: TOCTOU race in checks for unsafe symlinks               │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2021-35937                   │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2021-35938   │          │              │                               │               │ rpm: races with chown/chmod/capabilities calls during        │
│                 │                  │          │              │                               │               │ installation                                                 │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2021-35938                   │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2021-35939   │          │              │                               │               │ rpm: checks for unsafe symlinks are not performed for        │
│                 │                  │          │              │                               │               │ intermediary directories                                     │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2021-35939                   │
├─────────────────┼──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│ rpm-libs        │ CVE-2021-35937   │          │              │                               │               │ rpm: TOCTOU race in checks for unsafe symlinks               │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2021-35937                   │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2021-35938   │          │              │                               │               │ rpm: races with chown/chmod/capabilities calls during        │
│                 │                  │          │              │                               │               │ installation                                                 │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2021-35938                   │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2021-35939   │          │              │                               │               │ rpm: checks for unsafe symlinks are not performed for        │
│                 │                  │          │              │                               │               │ intermediary directories                                     │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2021-35939                   │
├─────────────────┼──────────────────┼──────────┤              ├───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ sqlite-libs     │ CVE-2019-19244   │ LOW      │              │ 3.26.0-18.el8_8               │               │ sqlite: allows a crash if a sub-select uses both DISTINCT    │
│                 │                  │          │              │                               │               │ and window...                                                │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2019-19244                   │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2019-9936    │          │              │                               │               │ sqlite: heap-based buffer over-read in function              │
│                 │                  │          │              │                               │               │ fts5HashEntrySort in sqlite3.c                               │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2019-9936                    │
│                 ├──────────────────┤          │              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2019-9937    │          │              │                               │               │ sqlite: null-pointer dereference in function                 │
│                 │                  │          │              │                               │               │ fts5ChunkIterate in sqlite3.c                                │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2019-9937                    │
├─────────────────┼──────────────────┼──────────┤              ├───────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ systemd-libs    │ CVE-2018-20839   │ MEDIUM   │              │ 239-78.el8                    │               │ systemd: mishandling of the current keyboard mode check      │
│                 │                  │          │              │                               │               │ leading to passwords being...                                │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2018-20839                   │
│                 ├──────────────────┼──────────┤              │                               ├───────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2021-3997    │ LOW      │              │                               │               │ Uncontrolled recursion in systemd-tmpfiles when removing     │
│                 │                  │          │              │                               │               │ files                                                        │
│                 │                  │          │              │                               │               │ https://avd.aquasec.com/nvd/cve-2021-3997                    │
└─────────────────┴──────────────────┴──────────┴──────────────┴───────────────────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘

usr/local/bin/postgres-operator (gobinary)
==========================================
Total: 19 (UNKNOWN: 0, LOW: 0, MEDIUM: 6, HIGH: 12, CRITICAL: 1)

┌─────────────────────────────────────┬────────────────┬──────────┬──────────┬────────────────────────────────────┬──────────────────────────────────────────┬──────────────────────────────────────────────────────────────┐
│               Library               │ Vulnerability  │ Severity │  Status  │         Installed Version          │              Fixed Version               │                            Title                             │
├─────────────────────────────────────┼────────────────┼──────────┼──────────┼────────────────────────────────────┼──────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ github.com/dgrijalva/jwt-go         │ CVE-2020-26160 │ HIGH     │ affected │ v3.2.0+incompatible                │                                          │ jwt-go: access restriction bypass vulnerability              │
│                                     │                │          │          │                                    │                                          │ https://avd.aquasec.com/nvd/cve-2020-26160                   │
├─────────────────────────────────────┼────────────────┼──────────┼──────────┼────────────────────────────────────┼──────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ github.com/emicklei/go-restful      │ CVE-2022-1996  │ CRITICAL │ fixed    │ v2.11.1+incompatible               │ 2.16.0                                   │ Authorization Bypass Through User-Controlled Key             │
│                                     │                │          │          │                                    │                                          │ https://avd.aquasec.com/nvd/cve-2022-1996                    │
├─────────────────────────────────────┼────────────────┼──────────┤          ├────────────────────────────────────┼──────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ github.com/gogo/protobuf            │ CVE-2021-3121  │ HIGH     │          │ v1.3.1                             │ 1.3.2                                    │ gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain   │
│                                     │                │          │          │                                    │                                          │ index validation                                             │
│                                     │                │          │          │                                    │                                          │ https://avd.aquasec.com/nvd/cve-2021-3121                    │
├─────────────────────────────────────┼────────────────┤          │          ├────────────────────────────────────┼──────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ github.com/prometheus/client_golang │ CVE-2022-21698 │          │          │ v1.5.1                             │ 1.11.1                                   │ prometheus/client_golang: Denial of service using            │
│                                     │                │          │          │                                    │                                          │ InstrumentHandlerCounter                                     │
│                                     │                │          │          │                                    │                                          │ https://avd.aquasec.com/nvd/cve-2022-21698                   │
├─────────────────────────────────────┼────────────────┤          │          ├────────────────────────────────────┼──────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ golang.org/x/crypto                 │ CVE-2020-29652 │          │          │ v0.0.0-20200414173820-0848c9571904 │ 0.0.0-20201216223049-8b5274cf687f        │ crafted authentication request can lead to nil pointer       │
│                                     │                │          │          │                                    │                                          │ dereference                                                  │
│                                     │                │          │          │                                    │                                          │ https://avd.aquasec.com/nvd/cve-2020-29652                   │
│                                     ├────────────────┤          │          │                                    ├──────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                     │ CVE-2021-43565 │          │          │                                    │ 0.0.0-20211202192323-5770296d904e        │ empty plaintext packet causes panic                          │
│                                     │                │          │          │                                    │                                          │ https://avd.aquasec.com/nvd/cve-2021-43565                   │
│                                     ├────────────────┤          │          │                                    ├──────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                     │ CVE-2022-27191 │          │          │                                    │ 0.0.0-20220314234659-1baeb1ce4c0b        │ crash in a golang.org/x/crypto/ssh server                    │
│                                     │                │          │          │                                    │                                          │ https://avd.aquasec.com/nvd/cve-2022-27191                   │
├─────────────────────────────────────┼────────────────┤          │          ├────────────────────────────────────┼──────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ golang.org/x/net                    │ CVE-2021-33194 │          │          │ v0.0.0-20200301022130-244492dfa37a │ 0.0.0-20210520170846-37e1c6afe023        │ infinite loop in ParseFragment                               │
│                                     │                │          │          │                                    │                                          │ https://avd.aquasec.com/nvd/cve-2021-33194                   │
│                                     ├────────────────┤          │          │                                    ├──────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                     │ CVE-2022-27664 │          │          │                                    │ 0.0.0-20220906165146-f3363e06e74c        │ golang: net/http: handle server errors after sending GOAWAY  │
│                                     │                │          │          │                                    │                                          │ https://avd.aquasec.com/nvd/cve-2022-27664                   │
│                                     ├────────────────┤          │          │                                    ├──────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                     │ CVE-2022-41723 │          │          │                                    │ 0.7.0                                    │ net/http, golang.org/x/net/http2: avoid quadratic complexity │
│                                     │                │          │          │                                    │                                          │ in HPACK decoding                                            │
│                                     │                │          │          │                                    │                                          │ https://avd.aquasec.com/nvd/cve-2022-41723                   │
│                                     ├────────────────┤          │          │                                    ├──────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                     │ CVE-2023-39325 │          │          │                                    │ 0.17.0                                   │ golang: net/http, x/net/http2: rapid stream resets can cause │
│                                     │                │          │          │                                    │                                          │ excessive work (CVE-2023-44487)                              │
│                                     │                │          │          │                                    │                                          │ https://avd.aquasec.com/nvd/cve-2023-39325                   │
│                                     ├────────────────┼──────────┤          │                                    ├──────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                     │ CVE-2021-31525 │ MEDIUM   │          │                                    │ 0.0.0-20210428140749-89ef3d95e781        │ panic in ReadRequest and ReadResponse when reading a very    │
│                                     │                │          │          │                                    │                                          │ large header                                                 │
│                                     │                │          │          │                                    │                                          │ https://avd.aquasec.com/nvd/cve-2021-31525                   │
│                                     ├────────────────┤          │          │                                    ├──────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                     │ CVE-2023-3978  │          │          │                                    │ 0.13.0                                   │ golang.org/x/net/html: Cross site scripting                  │
│                                     │                │          │          │                                    │                                          │ https://avd.aquasec.com/nvd/cve-2023-3978                    │
│                                     ├────────────────┤          │          │                                    ├──────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                     │ CVE-2023-44487 │          │          │                                    │ 0.17.0                                   │ HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable   │
│                                     │                │          │          │                                    │                                          │ to a DDoS attack...                                          │
│                                     │                │          │          │                                    │                                          │ https://avd.aquasec.com/nvd/cve-2023-44487                   │
├─────────────────────────────────────┼────────────────┤          │          ├────────────────────────────────────┼──────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ golang.org/x/sys                    │ CVE-2022-29526 │          │          │ v0.0.0-20220405052023-b1e9470b6e64 │ 0.0.0-20220412211240-33da011f77ad        │ faccessat checks wrong group                                 │
│                                     │                │          │          │                                    │                                          │ https://avd.aquasec.com/nvd/cve-2022-29526                   │
├─────────────────────────────────────┼────────────────┼──────────┤          ├────────────────────────────────────┼──────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ golang.org/x/text                   │ CVE-2021-38561 │ HIGH     │          │ v0.3.2                             │ 0.3.7                                    │ golang: out-of-bounds read in golang.org/x/text/language     │
│                                     │                │          │          │                                    │                                          │ leads to DoS                                                 │
│                                     │                │          │          │                                    │                                          │ https://avd.aquasec.com/nvd/cve-2021-38561                   │
│                                     ├────────────────┤          │          │                                    ├──────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                     │ CVE-2022-32149 │          │          │                                    │ 0.3.8                                    │ golang: golang.org/x/text/language: ParseAcceptLanguage      │
│                                     │                │          │          │                                    │                                          │ takes a long time to parse complex tags                      │
│                                     │                │          │          │                                    │                                          │ https://avd.aquasec.com/nvd/cve-2022-32149                   │
│                                     ├────────────────┼──────────┤          │                                    ├──────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                     │ CVE-2020-14040 │ MEDIUM   │          │                                    │ 0.3.3                                    │ golang.org/x/text: possibility to trigger an infinite loop   │
│                                     │                │          │          │                                    │                                          │ in encoding/unicode could lead to...                         │
│                                     │                │          │          │                                    │                                          │ https://avd.aquasec.com/nvd/cve-2020-14040                   │
├─────────────────────────────────────┼────────────────┤          │          ├────────────────────────────────────┼──────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ k8s.io/client-go                    │ CVE-2020-8565  │          │          │ v0.18.2                            │ 0.19.6, 0.20.0-alpha.2, 0.18.14, 0.17.16 │ kubernetes: Incomplete fix for CVE-2019-11250 allows for     │
│                                     │                │          │          │                                    │                                          │ token leak in logs when...                                   │
│                                     │                │          │          │                                    │                                          │ https://avd.aquasec.com/nvd/cve-2020-8565                    │
└─────────────────────────────────────┴────────────────┴──────────┴──────────┴────────────────────────────────────┴──────────────────────────────────────────┴──────────────────────────────────────────────────────────────┘

aschaber1 and others added 27 commits September 28, 2023 23:35

ci(dependabot): add dependabot configuration

f5b0fbc

Merge pull request #1 from aschaber1/dependabot/github_actions/master…

3bcac55

…/helm/chart-releaser-action-1.5.0 Bump helm/chart-releaser-action from 1.4.1 to 1.5.0

Merge pull request #2 from aschaber1/dependabot/github_actions/master…

61ee201

…/actions/checkout-4 Bump actions/checkout from 1 to 4

Merge pull request #3 from aschaber1/dependabot/github_actions/master…

2ad3a48

…/actions/setup-go-4 Bump actions/setup-go from 3 to 4

Merge pull request #4 from aschaber1/dependabot/go_modules/golang.org…

004967f

…/x/text-0.3.8 Bump golang.org/x/text from 0.3.2 to 0.3.8

Merge pull request #7 from aschaber1/dependabot/go_modules/golang.org…

f01233a

…/x/crypto-0.1.0 Bump golang.org/x/crypto from 0.0.0-20200414173820-0848c9571904 to 0.1.0

Merge pull request #15 from aschaber1/dependabot/go_modules/github.co…

60534d6

…m/emicklei/go-restful-2.16.0incompatible Bump github.com/emicklei/go-restful from 2.11.1+incompatible to 2.16.0+incompatible

Merge pull request #12 from aschaber1/dependabot/go_modules/master/gi…

a5a6a95

…thub.com/lib/pq-1.10.9 Bump github.com/lib/pq from 1.3.0 to 1.10.9

Merge pull request #9 from aschaber1/dependabot/go_modules/github.com…

aa557ee

…/gogo/protobuf-1.3.2 Bump github.com/gogo/protobuf from 1.3.1 to 1.3.2

Merge pull request #8 from aschaber1/dependabot/go_modules/master/git…

4ff6890

…hub.com/go-openapi/spec-0.20.9 Bump github.com/go-openapi/spec from 0.19.4 to 0.20.9

Merge pull request #6 from aschaber1/dependabot/go_modules/golang.org…

a9d0b66

…/x/net-0.7.0 Bump golang.org/x/net from 0.0.0-20200301022130-244492dfa37a to 0.7.0

Merge pull request #10 from aschaber1/dependabot/go_modules/github.co…

e2a936d

…m/prometheus/client_golang-1.11.1 Bump github.com/prometheus/client_golang from 1.5.1 to 1.11.1

Merge pull request #13 from aschaber1/dependabot/go_modules/master/gi…

da986d8

…thub.com/golang/mock-1.6.0 Bump github.com/golang/mock from 1.3.1 to 1.6.0

Merge pull request #16 from aschaber1/dependabot/go_modules/master/gi…

da3153e

…thub.com/onsi/ginkgo-1.16.5 Bump github.com/onsi/ginkgo from 1.12.0 to 1.16.5

pcallewaert closed this May 8, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Updated Dependencies #134

Updated Dependencies #134

Uh oh!

aschaber1 commented Sep 28, 2023 •

edited

Loading

Uh oh!

aschaber1 commented Sep 28, 2023

Uh oh!

aschaber1 commented Dec 8, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Updated Dependencies #134

Updated Dependencies #134

Uh oh!

Conversation

aschaber1 commented Sep 28, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

aschaber1 commented Sep 28, 2023

Uh oh!

aschaber1 commented Dec 8, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

aschaber1 commented Sep 28, 2023 •

edited

Loading