-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update dependency k0sproject/k0s to v1.31.1+k0s.0 #7427
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Auto-approved because label type/renovate is present.
🔍 Vulnerabilities of
|
digest | sha256:c7a5b438641df5cd0f8c67504e038676432020d5e56a77e4fa976b238097a6e4 |
vulnerabilities | |
platform | linux/amd64 |
size | 188 MB |
packages | 252 |
github.com/opencontainers/runc
|
Affected range | <1.2.0-rc.1 |
Fixed version | 1.2.0-rc.1 |
CVSS Score | 7.2 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Description
Withdrawn Advisory
This advisory has been withdrawn because it was incorrectly attributed to runc. Please see the issue here for more information.
Original Description
A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system. This issue has its root in how runc handles Config Annotations lists.
k8s.io/apiserver 0.31.1
(golang)
pkg:golang/k8s.io/[email protected]
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range | <1.15.10 |
Fixed version | 1.15.10, 1.16.7, 1.17.3 |
CVSS Score | 4.3 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Description
The Kubernetes API server component has been found to be vulnerable to a denial of service attack via successful API requests.
Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/11110462329. |
PR has unknown mergeable_state (dirty) and can not be merged. See https://github.com/uniget-org/tools/actions/runs/11110462329. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Auto-approved because label type/renovate is present.
Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/11111829127. |
PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/11111829127. |
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
87f886c
to
58ceced
Compare
Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/11140297518. |
PR has unknown mergeable_state (unstable) and can not be merged. See https://github.com/uniget-org/tools/actions/runs/11140297518. |
58ceced
to
2b231cd
Compare
Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/11140361238. |
PR has unknown mergeable_state (unstable) and can not be merged. See https://github.com/uniget-org/tools/actions/runs/11140361238. |
This PR contains the following updates:
1.30.4+k0s.0
->1.31.1+k0s.0
Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
k0sproject/k0s (k0sproject/k0s)
v1.31.1+k0s.0
: v1.31.1+k0s.0Compare Source
What's Changed
check-metricsscraper-singlenode
by @twz123 in https://github.com/k0sproject/k0s/pull/4419kube-bridge
interface for api/etcd address by @jnummelin in https://github.com/k0sproject/k0s/pull/4467Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.