Skip to content

[release-1.10] 🌱 Ignore CVE-2025-47914 & CVE-2025-58181 in trivy scans #13038

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
k8s-ci-robot merged 1 commit into from
Nov 24, 2025
Merged

[release-1.10] 🌱 Ignore CVE-2025-47914 & CVE-2025-58181 in trivy scans #13038

k8s-ci-robot merged 1 commit into from
Nov 24, 2025

Conversation

@sbueringer
Copy link
Member

@sbueringer sbueringer commented Nov 24, 2025
edited
Loading

Signed-off-by: Stefan Büringer [email protected]

What this PR does / why we need it:

CVEs are for ssh agent/server which we don't use in our code (govulncheck also reported that the code is not used)

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

@k8s-ci-robot k8s-ci-robot added this to the v1.10 milestone Nov 24, 2025
@k8s-ci-robot k8s-ci-robot added the do-not-merge/needs-area PR is missing an area label label Nov 24, 2025
@k8s-ci-robot k8s-ci-robot requested a review from elmiko November 24, 2025 13:31
@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Nov 24, 2025
@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Nov 24, 2025
@sbueringer
Copy link
Member Author

sbueringer commented Nov 24, 2025

/hold

Can't bump to Go 1.24

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 24, 2025
@k8s-ci-robot k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Nov 24, 2025
@sbueringer sbueringer changed the title [release-1.10] 🌱 Bump golang.org/x/crypto to v0.45 to fix CVE [release-1.10] 🌱 Ignore CVE-2025-47914 & CVE-2025-58181 in trivy scans Nov 24, 2025
fabriziopandini
fabriziopandini reviewed Nov 24, 2025
View reviewed changes
Copy link
Member

@fabriziopandini fabriziopandini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 24, 2025
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Nov 24, 2025

LGTM label has been added.

Git tree hash: 7e41e62a8295e44ef41583c0b4a527940c8ecb28

@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Nov 24, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: fabriziopandini

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 24, 2025
@sbueringer sbueringer added the area/ci Issues or PRs related to ci label Nov 24, 2025
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/needs-area PR is missing an area label label Nov 24, 2025
@fabriziopandini fabriziopandini added the do-not-merge/needs-area PR is missing an area label label Nov 24, 2025
@sbueringer
Copy link
Member Author

sbueringer commented Nov 24, 2025

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 24, 2025
@fabriziopandini fabriziopandini removed the do-not-merge/needs-area PR is missing an area label label Nov 24, 2025
@k8s-ci-robot k8s-ci-robot merged commit 656a5dd into kubernetes-sigs:release-1.10 Nov 24, 2025
28 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fabriziopandini fabriziopandini fabriziopandini left review comments

@elmiko elmiko Awaiting requested review from elmiko

@JoelSpeed JoelSpeed Awaiting requested review from JoelSpeed

Assignees

@fabriziopandini fabriziopandini

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. area/ci Issues or PRs related to ci cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

v1.10

Development

Successfully merging this pull request may close these issues.

3 participants

@sbueringer @k8s-ci-robot @fabriziopandini