Fix CVE-2022-1996 by upgrading k8s.io/client-go (!3951) · Merge requests · GitLab.org / gitlab-runner

Axel von Bertoldi requested to merge avonbertoldi/29630-go-restful-vuln into main Feb 28, 2023

CVE-2022-1996 reports a vulnerability against github.com/emicklei/go-restful. That module is pulled in by k8s.io/client-go. This MR upgrade the latter to pull in a newer version of the former, which includes a fix for CVE-2022-1996.

fixes https://gitlab.com/gitlab-org/gitlab-runner/-/security/vulnerabilities/63559070

Aside from the integration and incept tests, I don't know what else there is to tests here.

Edited Mar 02, 2023 by Axel von Bertoldi

Fix CVE-2022-1996 by upgrading k8s.io/client-go

Merge request reports