Comments (3)
gjenkins8
commented on June 14, 2024
It is unclear what is being asked of Helm here. The "Fix Status" column seems to explains the status?
from helm.
5-sk
commented on June 14, 2024
Updating vulnerability table details for more details,the issue seems to be reported for ,few go binaries/packages used in latest helm packages.but the CVEs have already been fixed in the official "go" related binaries/packages. That is the "Fix Status" referred there.is it possible to incorporate the "go" related binaries to the the same fix version in Helm.
from helm.
rptaylor
commented on June 14, 2024
This looks like a list of CVEs that have already been fixed so it doesn't seem like there is anything to do.
@5-sk Did you look at the CVE links?
For example GHSA-v53g-5gjp-272r says "This issue has been resolved in Helm v3.14.1."
They have all been resolved. Also one of them GHSA-p2g7-xwvr-rrw3 appears to be a vulnerability in FluxCD, not Helm. So I think the issue can be closed.
The most recent major version of Helm is 3.14 https://github.com/helm/helm/releases/tag/v3.14.0 and it uses go 1.21.
from helm.
Related Issues (20)
- error converting YAML to JSON: did not find exected key HOT 1
- error converting YAML to JSON: yaml: line 22: did not find expected key HOT 7
- Update backward compatibility promise in CONTRIBUTING.md to reflect HIP 0004 HOT 3
- Helm Apt install/package is broken and can't be installed HOT 5
- OCI registry authentication: Some registries will require different auth for different URIs HOT 5
- How to instruct Helm not to add "managed-by" label to the STS HOT 2
- Make retryingRoundTripper type public HOT 1
- Unexpected HELM validation manifests behaviour HOT 1
- [Feature] Custom versioning support
- Helm Chart Dependency Versions in chart.lock Not Matching Specified Versions
- Helm doesn't report the right status of the job
- Is mapkubeapis plugin recommended for production by helm for manipulating release manifest ?
- Version 3.15.0 for linux-amd64 is not published. HOT 2
- binary from helm-v3.15.0-linux-amd64.tar.gz reports wrong version HOT 1
- json value gets merged when using custom values yaml file instead of overriding
- Use of Helm build-in objects in Helm templates inside JSON files
- Make funcMap public for unit testing syntax of templates
- The randAscii function returns an error after multiple --dry-run tests HOT 2
- link for 3.15.1 for MacOS - amd64 once download gave me version 3.14.2 using "helm version" HOT 1
- JSON Schema 2019 & 2020 Support
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from helm.