Skip to content

Resolve security vulnerabilities #373

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 24, 2022
Merged

Resolve security vulnerabilities #373

merged 1 commit into from
Apr 24, 2022

Conversation

petrovicboban
Copy link
Contributor

@petrovicboban petrovicboban commented Feb 14, 2022
edited by mumoshu
Loading

Fixes #372

@petrovicboban petrovicboban force-pushed the master branch 2 times, most recently from 6164ee4 to 890bd63 Compare February 14, 2022 23:51
mumoshu
mumoshu reviewed Feb 15, 2022
View reviewed changes
go.mod Outdated
@@ -25,7 +25,7 @@ require (
k8s.io/apimachinery v0.21.0
k8s.io/cli-runtime v0.21.0
k8s.io/client-go v0.21.0
k8s.io/helm v2.16.12+incompatible
k8s.io/helm/v3 v3.6.1
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will never work as we still need the k8s.io/helm pkg for helm v2 support and k8s.io/helm/v3 is for helm 3.

@z0rc
Copy link
Contributor

z0rc commented Feb 18, 2022

Helm v2 is deprecated for more than a year per https://helm.sh/blog/helm-v2-deprecation-timeline/, there are zero support for this version, even from security standpoint. What's the point to maintaining helm v2 support here? Users who still use helm v2 can use older version of helm-diff.

Can we please just drop helm v2 support already?

@mumoshu
Copy link
Collaborator

mumoshu commented Feb 19, 2022

What's the point to maintaining helm v2 support here? Users who still use helm v2 can use older version of helm-diff.

Can we please just drop helm v2 support already?

@z0rc Maybe. I don't personally use helm v2 but I still occasionally see some users using helm v2 and helm-diff with helmfile and I don't know what i should do for them.

Anyway, helm-diff doesn't seem to be affected by the cve of helm and if you use helm-diff with helm v3 you have even less change of being affected by that cve. #372 (comment)

mumoshu
mumoshu approved these changes Apr 24, 2022
View reviewed changes
Copy link
Collaborator

@mumoshu mumoshu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks for the fix!

@mumoshu mumoshu merged commit 598d938 into databus23:master Apr 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mumoshu mumoshu mumoshu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Security vulnerabilities in golang modules
3 participants
@petrovicboban @z0rc @mumoshu