Coder Social home page Coder Social logo

Comments (15)

Madhan-SWE avatar Madhan-SWE commented on August 29, 2024

Upgrading k8s.io/kubernetes v1.22.3 creates below issue.

go: downloading k8s.io/kubernetes v1.22.3
go get: k8s.io/[email protected] requires
	k8s.io/[email protected]: reading k8s.io/component-helpers/go.mod at revision v0.0.0: unknown revision

from ibm-powervs-block-csi-driver.

Madhan-SWE avatar Madhan-SWE commented on August 29, 2024

No patch available to solve vulnerabilities in Golang-jwt package.
Dependabot is suggesting to use version 3.2.1.

But, unable to upgrade to version 3.2.1

[root@madhan-multinode-kube-master powervs-csi-driver]# go get github.com/dgrijalva/[email protected]
go get github.com/dgrijalva/[email protected]: github.com/dgrijalva/[email protected]: invalid version: unknown revision v3.2.1

Even updating the Golang-jwt package to the latest version shows the current version and updated version as same vulnerable version.

[root@madhan-multinode-kube-master powervs-csi-driver]# go get github.com/dgrijalva/jwt-go
[root@madhan-multinode-kube-master powervs-csi-driver]# go list -m all | grep jwt
github.com/auth0/go-jwt-middleware v0.0.0-20170425171159-5493cabe49f7
github.com/dgrijalva/jwt-go v3.2.0+incompatible
[root@madhan-multinode-kube-master powervs-csi-driver]#

from ibm-powervs-block-csi-driver.

Madhan-SWE avatar Madhan-SWE commented on August 29, 2024

/assign

from ibm-powervs-block-csi-driver.

Madhan-SWE avatar Madhan-SWE commented on August 29, 2024

@Karthik-K-N any thoughts on this?

from ibm-powervs-block-csi-driver.

Karthik-K-N avatar Karthik-K-N commented on August 29, 2024

Did you try this go mod edit -require=k8s.io/[email protected] then go mod tidy

from ibm-powervs-block-csi-driver.

mkumatag avatar mkumatag commented on August 29, 2024

No patch available to solve vulnerabilities in Golang-jwt package.
Dependabot is suggesting to use version 3.2.1.

But, unable to upgrade to version 3.2.1

[root@madhan-multinode-kube-master powervs-csi-driver]# go get github.com/dgrijalva/[email protected]
go get github.com/dgrijalva/[email protected]: github.com/dgrijalva/[email protected]: invalid version: unknown revision v3.2.1

Even updating the Golang-jwt package to the latest version shows the current version and updated version as same vulnerable version.

[root@madhan-multinode-kube-master powervs-csi-driver]# go get github.com/dgrijalva/jwt-go
[root@madhan-multinode-kube-master powervs-csi-driver]# go list -m all | grep jwt
github.com/auth0/go-jwt-middleware v0.0.0-20170425171159-5493cabe49f7
github.com/dgrijalva/jwt-go v3.2.0+incompatible
[root@madhan-multinode-kube-master powervs-csi-driver]#

Can you try using: github.com/golang-jwt/jwt instead..

from ibm-powervs-block-csi-driver.

Madhan-SWE avatar Madhan-SWE commented on August 29, 2024

Did you try this go mod edit -require=k8s.io/[email protected] then go mod tidy

fails with same error

[root@madhan-multinode-kube-master powervs-csi-driver]# go mod edit -require=k8s.io/[email protected]
[root@madhan-multinode-kube-master powervs-csi-driver]# go mod tidy
go: k8s.io/[email protected] requires
	k8s.io/[email protected]: reading k8s.io/component-helpers/go.mod at revision v0.0.0: unknown revision v0.0.0

from ibm-powervs-block-csi-driver.

Karthik-K-N avatar Karthik-K-N commented on August 29, 2024

then give shot with earlier version like k8s.io/kubernetes

from ibm-powervs-block-csi-driver.

Madhan-SWE avatar Madhan-SWE commented on August 29, 2024

No patch available to solve vulnerabilities in Golang-jwt package.
Dependabot is suggesting to use version 3.2.1.
But, unable to upgrade to version 3.2.1

[root@madhan-multinode-kube-master powervs-csi-driver]# go get github.com/dgrijalva/[email protected]
go get github.com/dgrijalva/[email protected]: github.com/dgrijalva/[email protected]: invalid version: unknown revision v3.2.1

Even updating the Golang-jwt package to the latest version shows the current version and updated version as same vulnerable version.

[root@madhan-multinode-kube-master powervs-csi-driver]# go get github.com/dgrijalva/jwt-go
[root@madhan-multinode-kube-master powervs-csi-driver]# go list -m all | grep jwt
github.com/auth0/go-jwt-middleware v0.0.0-20170425171159-5493cabe49f7
github.com/dgrijalva/jwt-go v3.2.0+incompatible
[root@madhan-multinode-kube-master powervs-csi-driver]#

Can you try using: github.com/golang-jwt/jwt instead..

Changing from github.com/dgrijalva/jwt-go to github.com/golang-jwt/jwt solves the issue.

from ibm-powervs-block-csi-driver.

Madhan-SWE avatar Madhan-SWE commented on August 29, 2024

then give shot with earlier version like k8s.io/kubernetes

The current version is 1.19.14. I can upgrade to any of the 1.19.x version. But, I can't upgrade to 1.20.0 or more than that.
But the latest version is 1.22.3

As per the security alert, upgrading to 1.19.5 will solve the issue. But, that's far away from the latest version.

from ibm-powervs-block-csi-driver.

Madhan-SWE avatar Madhan-SWE commented on August 29, 2024

I am using Kubernetes cluster version 1.19.2. I think that's why I cannot install client beyond 1.19.x.
I will create a single node cluster with latest Kubernetes version and test there.

from ibm-powervs-block-csi-driver.

Madhan-SWE avatar Madhan-SWE commented on August 29, 2024

Deployed new Kubernetes cluster version 1.22.2.
Tried to upgrade the kubernetes package to v1.22.3.
Still getting the same error

[root@madhan-1-kube-1-22-2 powervs-csi-driver]# go get k8s.io/[email protected] requires
go: k8s.io/[email protected] requires
	k8s.io/[email protected]: reading k8s.io/component-helpers/go.mod at revision v0.0.0: unknown revision v0.0.0

from ibm-powervs-block-csi-driver.

mkumatag avatar mkumatag commented on August 29, 2024

best way to fix them via replace directive in the go.mod file, e.g: https://github.com/kubernetes-csi/csi-driver-nfs/blob/96d13a56e5974310618f0064e5026211a23dd340/go.mod#L25:L52

from ibm-powervs-block-csi-driver.

Madhan-SWE avatar Madhan-SWE commented on August 29, 2024

best way to fix them via replace directive in the go.mod file, e.g: https://github.com/kubernetes-csi/csi-driver-nfs/blob/96d13a56e5974310618f0064e5026211a23dd340/go.mod#L25:L52

fixes the issue. Thanks

from ibm-powervs-block-csi-driver.

Madhan-SWE avatar Madhan-SWE commented on August 29, 2024

Updating the dependencies to the latest version requires the go version 1.16 to build and test.
Working on go installation.

from ibm-powervs-block-csi-driver.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.