Upgrade Helm v3 dependency #152

janotav · 2020-06-17T07:53:50Z

There is currently helm.sh/helm/v3 v3.1.0 dependency. This version of Helm is subject to following vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2020-11013

Could you please either:
a) upgrade the dependency to 3.2.x that is not affected
b) confirm that 2to3 is not affected by the vulnerability

Thanks!

hickeyma · 2020-06-17T10:02:37Z

@janotav Thanks for raising. The plugin is not affected by the vulnerability.

I think though you raise a good point and it should be updated to the latest version of the libs.

janotav · 2020-06-17T10:08:47Z

@hickeyma thank you for the confirmation

The dependency upgrade actually cascades and it was my impression that https://github.com/maorfr/helm-plugin-utils currently does not support the new APIs.

Shall I close this or do you want to keep it open for the sake of the upgrade?

hickeyma · 2020-06-17T10:37:44Z

It is ok as it is not affected either by the vulnerabilities.

Lets leave the issue open, as can use it for updating the libs. 👍

hickeyma added the enhancement New feature or request label Jun 19, 2020

maxlegault mentioned this issue Jul 10, 2020

Bump up version to 0.6.0 #155

Merged

hickeyma mentioned this issue Aug 27, 2020

chore(*): Update to latest Helm v2 and v3 versions #163

Merged

hickeyma self-assigned this Aug 28, 2020

hickeyma closed this as completed in #163 Aug 28, 2020

Provide feedback