Comments (4)
It is unclear what is being asked of Helm here. The "Fix Status" column seems to explains the status?
from helm.
Updating vulnerability table details for more details,the issue seems to be reported for ,few go binaries/packages used in latest helm packages.but the CVEs have already been fixed in the official "go" related binaries/packages. That is the "Fix Status" referred there.is it possible to incorporate the "go" related binaries to the the same fix version in Helm.
from helm.
This looks like a list of CVEs that have already been fixed so it doesn't seem like there is anything to do.
@5-sk Did you look at the CVE links?
For example GHSA-v53g-5gjp-272r says "This issue has been resolved in Helm v3.14.1."
They have all been resolved. Also one of them GHSA-p2g7-xwvr-rrw3 appears to be a vulnerability in FluxCD, not Helm. So I think the issue can be closed.
The most recent major version of Helm is 3.14 https://github.com/helm/helm/releases/tag/v3.14.0 and it uses go 1.21.
from helm.
This issue has been marked as stale because it has been open for 90 days with no activity. This thread will be automatically closed in 30 days if no further activity occurs.
from helm.
Related Issues (20)
- Helm Registry only supports a single set of credentials per registry. HOT 3
- Pull chart image HOT 2
- when using indent getting parse Error HOT 3
- `helm dep build --skip-refresh` doesn't work as expected HOT 1
- Improvement of OpenSSF Scorecard Score HOT 3
- `helm dependency update` and `helm dependency build` generate a `Chart.lock` using arbitrary build info ordering HOT 3
- helm template defaults to --kube-version (Capabilities.KubeVersion) without mentioning it in the --help output HOT 2
- enhancement: helm template, flag to show values HOT 2
- Helm converts large integers to Scientific Notation HOT 2
- Using helm variables from _helpers.tpl for generating TLS certificates. Wrong type for value; expected []interface {}; got string HOT 1
- Add ActiveHelp to Helm's shell completion support HOT 1
- Proposal: (ref. #13236) Adoption of CUE for Enhanced Values Processing and Validation in Helm HOT 3
- CVE-2024-24791
- `helm search repo` broken after v3.14.0 - chart.metadata.name is invalid HOT 3
- Helm is casting one of our secrets to integer, instead of treating it as a string HOT 1
- Helm upgrade for charts that contain statefulsets and set replicas to 0 and wait is true,It seems like helm not wait statefulset related pods deleted. HOT 1
- is there any problem at broadcom repo? HOT 3
- Proposal: Support for Alternative Manifest Generation Tools HOT 1
- Helm uninstall --cascade orphan command deletes existing K8s resources HOT 2
- .helmignore does not ignore symlinks HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from helm.