kube-bench

mirror of https://github.com/aquasecurity/kube-bench.git synced 2025-06-27 10:22:38 +00:00

Author	SHA1	Message	Date
dependabot[bot]	98aa7bbfce	build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1890 ) Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.29.14 to 1.29.16. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.29.14...config/v1.29.16) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-version: 1.29.16 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-06-17 13:01:40 +06:00
dependabot[bot]	665c95239a	build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1891 ) Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.57.4 to 1.57.5. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ecs/v1.57.4...service/ecs/v1.57.5) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub dependency-version: 1.57.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-06-17 11:10:02 +06:00
dependabot[bot]	51e849d9f7	build(deps): bump gorm.io/driver/postgres from 1.5.11 to 1.6.0 (#1880 ) Bumps [gorm.io/driver/postgres](https://github.com/go-gorm/postgres) from 1.5.11 to 1.6.0. - [Commits](https://github.com/go-gorm/postgres/compare/v1.5.11...v1.6.0) --- updated-dependencies: - dependency-name: gorm.io/driver/postgres dependency-version: 1.6.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-06-03 13:01:00 +06:00
dependabot[bot]	2077fcf1e0	build(deps): bump k8s.io/client-go from 0.33.0 to 0.33.1 (#1875 ) Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.33.0 to 0.33.1. - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.33.0...v0.33.1) --- updated-dependencies: - dependency-name: k8s.io/client-go dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-05-27 12:34:21 +06:00
dependabot[bot]	dd4ddb59ea	build(deps): bump gorm.io/gorm from 1.26.1 to 1.30.0 (#1878 ) Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.26.1 to 1.30.0. - [Release notes](https://github.com/go-gorm/gorm/releases) - [Commits](https://github.com/go-gorm/gorm/compare/v1.26.1...v1.30.0) --- updated-dependencies: - dependency-name: gorm.io/gorm dependency-version: 1.30.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-05-27 12:08:32 +06:00
dependabot[bot]	6ecc6a2066	build(deps): bump github.com/golang/glog from 1.2.4 to 1.2.5 (#1871 ) Bumps [github.com/golang/glog](https://github.com/golang/glog) from 1.2.4 to 1.2.5. - [Release notes](https://github.com/golang/glog/releases) - [Commits](https://github.com/golang/glog/compare/v1.2.4...v1.2.5) --- updated-dependencies: - dependency-name: github.com/golang/glog dependency-version: 1.2.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-05-13 16:27:15 +06:00
dependabot[bot]	eb8ffc613e	build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1872 ) Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.57.3 to 1.57.4. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/eks/v1.57.3...service/eks/v1.57.4) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub dependency-version: 1.57.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-05-13 14:47:29 +06:00
dependabot[bot]	f0c648d16e	build(deps): bump gorm.io/gorm from 1.25.12 to 1.26.0 (#1865 ) Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.25.12 to 1.26.0. - [Release notes](https://github.com/go-gorm/gorm/releases) - [Commits](https://github.com/go-gorm/gorm/compare/v1.25.12...v1.26.0) --- updated-dependencies: - dependency-name: gorm.io/gorm dependency-version: 1.26.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-05-12 14:59:34 +06:00
dependabot[bot]	23b2a1aa7d	build(deps): bump github.com/spf13/viper from 1.19.0 to 1.20.1 (#1848 ) Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.19.0 to 1.20.1. - [Release notes](https://github.com/spf13/viper/releases) - [Commits](https://github.com/spf13/viper/compare/v1.19.0...v1.20.1) --- updated-dependencies: - dependency-name: github.com/spf13/viper dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-05-06 16:13:04 +06:00
dependabot[bot]	60110935cb	build(deps): bump k8s.io/client-go from 0.32.3 to 0.33.0 (#1866 ) Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.32.3 to 0.33.0. - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.32.3...v0.33.0) --- updated-dependencies: - dependency-name: k8s.io/client-go dependency-version: 0.33.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-05-06 11:33:58 +06:00
dependabot[bot]	190548035d	build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1867 ) Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.57.2 to 1.57.3. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/eks/v1.57.2...service/eks/v1.57.3) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub dependency-version: 1.57.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-05-06 11:13:02 +06:00
dependabot[bot]	00cd12ef19	build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1855 ) Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.57.0 to 1.57.2. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.57.0...service/eks/v1.57.2) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub dependency-version: 1.57.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-04-23 14:28:26 +06:00
dependabot[bot]	d1e948acd3	build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1847 ) Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.29.9 to 1.29.12. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.29.9...config/v1.29.12) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-04-23 14:14:56 +06:00
dependabot[bot]	c4c5317f44	build(deps): bump github.com/magiconair/properties from 1.8.9 to 1.8.10 (#1854 ) Bumps [github.com/magiconair/properties](https://github.com/magiconair/properties) from 1.8.9 to 1.8.10. - [Release notes](https://github.com/magiconair/properties/releases) - [Commits](https://github.com/magiconair/properties/compare/v1.8.9...v1.8.10) --- updated-dependencies: - dependency-name: github.com/magiconair/properties dependency-version: 1.8.10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-04-23 13:18:08 +06:00
Masashi Honma	6e454a1dd5	Fix CVEs (#1857 ) Resolves #1852. usr/local/bin/kube-bench (gobinary) Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 0) ┌──────────────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬──────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├──────────────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────┤ │ golang.org/x/net │ CVE-2025-22872 │ MEDIUM │ fixed │ v0.36.0 │ 0.38.0 │ The tokenizer incorrectly interprets tags with unquoted │ │ │ │ │ │ │ │ attribute valu ... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-22872 │ ├──────────────────┼────────────────┤ │ ├───────────────────┼────────────────┼──────────────────────────────────────────────────────────┤ │ stdlib │ CVE-2025-22871 │ │ │ v1.24.1 │ 1.23.8, 1.24.2 │ net/http: Request smuggling due to acceptance of invalid │ │ │ │ │ │ │ │ chunked data in net/http... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-22871 │ └──────────────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴──────────────────────────────────────────────────────────┘ Signed-off-by: Masashi Honma <masashi.honma@gmail.com>	2025-04-23 12:54:40 +06:00
dependabot[bot]	6edf7e590c	build(deps): bump k8s.io/client-go from 0.32.2 to 0.32.3 (#1833 ) Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.32.2 to 0.32.3. - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.32.2...v0.32.3) --- updated-dependencies: - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-03-18 17:13:33 +06:00
dependabot[bot]	a686691252	build(deps): bump k8s.io/apimachinery from 0.32.2 to 0.32.3 (#1834 ) Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.32.2 to 0.32.3. - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.32.2...v0.32.3) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-03-18 16:55:05 +06:00
dependabot[bot]	486272f8db	build(deps): bump golang.org/x/net from 0.33.0 to 0.36.0 (#1830 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.33.0 to 0.36.0. - [Commits](https://github.com/golang/net/compare/v0.33.0...v0.36.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-03-18 13:51:13 +06:00
dependabot[bot]	eb375f4d9d	build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1826 ) Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.56.1 to 1.57.0. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.56.1...service/s3/v1.57.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-03-11 11:43:18 +06:00
dependabot[bot]	8c385ffb08	build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1827 ) Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.29.8 to 1.29.9. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.29.8...config/v1.29.9) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-03-11 11:24:39 +06:00
dependabot[bot]	01afe91352	build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 (#1809 ) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.8.1 to 1.9.1. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.8.1...v1.9.1) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-03-05 14:49:20 +06:00
dependabot[bot]	d85a765a00	build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1824 ) Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.55.8 to 1.56.1. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/wafv2/v1.55.8...service/s3/v1.56.1) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-03-05 14:28:05 +06:00
dependabot[bot]	99d3eb6a9e	build(deps): bump k8s.io/client-go from 0.32.1 to 0.32.2 (#1811 ) Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.32.1 to 0.32.2. - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.32.1...v0.32.2) --- updated-dependencies: - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-03-05 14:16:31 +06:00
dependabot[bot]	bd6eae0c97	build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1821 ) Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.29.4 to 1.29.8. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.29.4...config/v1.29.8) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: afdesk <work@afdesk.com>	2025-03-05 13:54:22 +06:00
dependabot[bot]	7f2f0f3227	build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.36.0 to 1.36.3 (#1822 ) Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.36.0 to 1.36.3. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.36.0...v1.36.3) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-03-04 17:58:09 +06:00
Masashi Honma	fcb6517b8b	Bump golang from 1.23.5 to 1.23.6 to fix CVE-2025-22866 (#1800 ) This is the scan result of Trivy. usr/local/bin/kube-bench (gobinary) =================================== Total: 1 (UNKNOWN: 1, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬──────────────────────────────┬────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├─────────┼────────────────┼──────────┼────────┼───────────────────┼──────────────────────────────┼────────────────────────────────────────────┤ │ stdlib │ CVE-2025-22866 │ UNKNOWN │ fixed │ 1.23.5 │ 1.22.12, 1.23.6, 1.24.0-rc.3 │ Timing sidechannel for P-256 on ppc64le in │ │ │ │ │ │ │ │ crypto/internal/nistec │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-22866 │ └─────────┴────────────────┴──────────┴────────┴───────────────────┴──────────────────────────────┴────────────────────────────────────────────┘ Signed-off-by: Masashi Honma <masashi.honma@gmail.com>	2025-02-10 12:11:21 +06:00
dependabot[bot]	c04b700d8a	build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1794 ) Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.55.3 to 1.55.8. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/iot/v1.55.3...service/wafv2/v1.55.8) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-02-04 18:01:51 +06:00
dependabot[bot]	4d82ee7f9a	build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1795 ) Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.28.10 to 1.29.4. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.28.10...config/v1.29.4) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-02-04 17:43:45 +06:00
dependabot[bot]	62a54424cb	build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.32.8 to 1.36.0 (#1796 ) Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.32.8 to 1.36.0. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.32.8...v1.36.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-02-04 17:30:37 +06:00
dependabot[bot]	a7bd33cd02	build(deps): bump k8s.io/client-go from 0.32.0 to 0.32.1 (#1785 ) Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.32.0 to 0.32.1. - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.32.0...v0.32.1) --- updated-dependencies: - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-02-04 17:18:32 +06:00
Masashi Honma	c9985a6e9b	Bump golang from 1.23.4 to 1.23.5 to fix vulnerabilities. (#1793 ) This is the scan result of Trivy. usr/local/bin/kube-bench (gobinary) Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 0) ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────────────────┬──────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├─────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ stdlib │ CVE-2024-45336 │ MEDIUM │ fixed │ v1.23.4 │ 1.22.11, 1.23.5, 1.24.0-rc2 │ golang: net/http: net/http: sensitive headers incorrectly │ │ │ │ │ │ │ │ sent after cross-domain redirect │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-45336 │ │ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤ │ │ CVE-2024-45341 │ │ │ │ │ golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can │ │ │ │ │ │ │ │ bypass URI name... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-45341 │ └─────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────────────────┴──────────────────────────────────────────────────────────────┘ Signed-off-by: Masashi Honma <masashi.honma@gmail.com>	2025-02-04 17:06:14 +06:00
dependabot[bot]	368a8b5017	build(deps): bump k8s.io/apimachinery from 0.32.0 to 0.32.1 (#1782 ) Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.32.0 to 0.32.1. - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.32.0...v0.32.1) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-02-04 16:55:04 +06:00
afdesk	08574d779f	chore: bump up Go version to 1.23.4 (#1776 ) * chore; bump up Go version to 1.23.4 * chore(ci): set up a timeout for go linter * chore: remove deprecated linter checks * chore: bump up golinter timeout to 10sec * chore: bump up golinter action version to v1.61 * chore: fix linter errors * chore: set up a timeout for golinter in Github action	2025-01-15 23:02:16 +06:00
dependabot[bot]	4e70640598	build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1770 ) Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.55.0 to 1.55.3. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.55.0...service/iot/v1.55.3) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-01-15 15:46:30 +06:00
dependabot[bot]	362e95a219	build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1769 ) Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.28.6 to 1.28.10. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.28.6...config/v1.28.10) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-01-15 15:01:02 +06:00
dependabot[bot]	9e526e6c5f	build(deps): bump github.com/golang/glog from 1.2.3 to 1.2.4 (#1774 ) Bumps [github.com/golang/glog](https://github.com/golang/glog) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/golang/glog/releases) - [Commits](https://github.com/golang/glog/compare/v1.2.3...v1.2.4) --- updated-dependencies: - dependency-name: github.com/golang/glog dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-01-14 15:50:02 +06:00
dependabot[bot]	2cab7f9ecb	build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.32.6 to 1.32.8 (#1771 ) Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.32.6 to 1.32.8. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.32.6...v1.32.8) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-01-13 10:53:57 +06:00
jdesouza	acab94ea50	CVE-2024-45338: Inefficient Regular Expression Complexity (#1766 )	2025-01-13 10:36:52 +06:00
dependabot[bot]	e26eff019c	build(deps): bump golang.org/x/crypto from 0.24.0 to 0.31.0 (#1754 ) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.24.0 to 0.31.0. - [Commits](https://github.com/golang/crypto/compare/v0.24.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-12-12 14:53:40 +06:00
dependabot[bot]	cce6b9d24f	build(deps): bump github.com/magiconair/properties from 1.8.7 to 1.8.9 (#1750 ) Bumps [github.com/magiconair/properties](https://github.com/magiconair/properties) from 1.8.7 to 1.8.9. - [Release notes](https://github.com/magiconair/properties/releases) - [Commits](https://github.com/magiconair/properties/compare/v1.8.7...v1.8.9) --- updated-dependencies: - dependency-name: github.com/magiconair/properties dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-12-12 13:39:04 +06:00
dependabot[bot]	3ee8299bc4	build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1743 ) Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.28.4 to 1.28.6. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.28.4...config/v1.28.6) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-12-05 15:56:34 +06:00
dependabot[bot]	6aa242e2e5	build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1745 ) Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.54.6 to 1.55.0. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/kendra/v1.54.6...service/s3/v1.55.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-12-05 15:43:04 +06:00
dependabot[bot]	6da5ff4026	build(deps): bump gorm.io/driver/postgres from 1.5.9 to 1.5.11 (#1742 ) Bumps [gorm.io/driver/postgres](https://github.com/go-gorm/postgres) from 1.5.9 to 1.5.11. - [Commits](https://github.com/go-gorm/postgres/compare/v1.5.9...v1.5.11) --- updated-dependencies: - dependency-name: gorm.io/driver/postgres dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-12-05 15:25:34 +06:00
dependabot[bot]	09aa59e0cc	build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#1736 ) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.9.0 to 1.10.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.9.0...v1.10.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-11-29 13:20:56 +06:00
dependabot[bot]	2500ceed5b	build(deps): bump k8s.io/client-go from 0.31.2 to 0.31.3 (#1738 ) Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.31.2 to 0.31.3. - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.31.2...v0.31.3) --- updated-dependencies: - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-11-29 12:41:36 +06:00
dependabot[bot]	7ce327f1db	build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1728 ) Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.27.37 to 1.28.4. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.37...config/v1.28.4) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-11-15 18:21:14 +06:00
dependabot[bot]	8656945200	build(deps): bump github.com/golang/glog from 1.2.2 to 1.2.3 (#1726 ) Bumps [github.com/golang/glog](https://github.com/golang/glog) from 1.2.2 to 1.2.3. - [Release notes](https://github.com/golang/glog/releases) - [Commits](https://github.com/golang/glog/compare/v1.2.2...v1.2.3) --- updated-dependencies: - dependency-name: github.com/golang/glog dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-11-15 17:53:09 +06:00
dependabot[bot]	702107daff	build(deps): bump github.com/spf13/viper from 1.18.2 to 1.19.0 (#1720 ) Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.18.2 to 1.19.0. - [Release notes](https://github.com/spf13/viper/releases) - [Commits](https://github.com/spf13/viper/compare/v1.18.2...v1.19.0) --- updated-dependencies: - dependency-name: github.com/spf13/viper dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-11-15 17:34:30 +06:00
dependabot[bot]	5fac7f626b	build(deps): bump github.com/fatih/color from 1.16.0 to 1.18.0 (#1719 ) Bumps [github.com/fatih/color](https://github.com/fatih/color) from 1.16.0 to 1.18.0. - [Release notes](https://github.com/fatih/color/releases) - [Commits](https://github.com/fatih/color/compare/v1.16.0...v1.18.0) --- updated-dependencies: - dependency-name: github.com/fatih/color dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-11-15 16:14:30 +06:00
dependabot[bot]	9f0f5567ae	build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1724 ) Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.54.4 to 1.54.6. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.54.4...service/lambda/v1.54.6) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-11-15 11:32:36 +06:00

1 2 3 4

185 Commits