New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update okio
to version 1.17.6
#5587
Conversation
@bjornjorgensen I have rebased your branch, let me know if it's an issue |
Kudos, SonarCloud Quality Gate passed! 0 Bugs No Coverage information The version of Java (11.0.21) you have used to run this analysis is deprecated and we will stop accepting it soon. Please update to at least Java 17. |
@manusa is this PR ok? |
LGTM @manusa |
The PR is OK, we can merge it for now. However, the overall idea is to get rid of the dependency: #5632 |
### What changes were proposed in this pull request? Upgrade `kubernetes-client` from 6.9.1 to 6.10.0 [Release notes 6.10.0](https://github.com/fabric8io/kubernetes-client/releases/tag/v6.10.0) [Release notes 6.9.2](https://github.com/fabric8io/kubernetes-client/releases/tag/v6.9.2) ### Why are the changes needed? [Updated okio to version 1.17.6 to avoid CVE-2023-3635](fabric8io/kubernetes-client#5587) [Upgrade Kubernetes Model to Kubernetes v1.29.0](fabric8io/kubernetes-client#5686) ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass GA ### Was this patch authored or co-authored using generative AI tooling? No. Closes #44672 from bjornjorgensen/kubclient6.10. Authored-by: Bjørn Jørgensen <bjornjorgensen@gmail.com> Signed-off-by: Dongjoon Hyun <dhyun@apple.com>
Hi, we are checking apache spark now hoping to have a new version 4.0. even okhttp 3.14.9 https://mvnrepository.com/artifact/com.squareup.okhttp3/okhttp/3.14.9 have this CVE @swankjesse any planes to update okhttp version 3.12.X ? @dongjoon-hyun FYI |
@bjornjorgensen : KubernetesClient offers alternatives to switching underlying HTTPClient . You can exclude For more information, please see https://github.com/fabric8io/kubernetes-client/blob/main/doc/MIGRATION-v6.md#apiimpl-split |
Description
This is a PR to fix CVE-2023-3635
The patch has been backported to branch 1.x thru square/okio#1334
fix #5485
Type of change
test, version modification, documentation, etc.)
Checklist