crossplane-contrib/provider-kubernetes

CVE-2024-35255 - GHSA-m5vv-6r4h-3vj9

Closed this issue · 1 comments

https://pkg.go.dev/vuln/GO-2024-2918

Updating github.com/Azure/azure-sdk-for-go/sdk/azidentity to version >= v1.6.0 will mitigate this CVE.

azidentity is an indirect dependency of github.com/Azure/kubelogin. Updating kubelogin to >= v0.1.4 will update the indirect dependency.

github.com/Azure/kubelogin v0.1.1