Conversation
Signed-off-by: cpu1 <patwal.chetan@gmail.com>
|
@cPu1: The label(s) DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: cPu1 The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
![bulwark-spectrocloud[bot]](https://avatars.githubusercontent.com/u/36211249?s=60&v=4){kind=small}
There was a problem hiding this comment.
- GO-2025-3553
- Module: github.com/golang-jwt/jwt/v4
- Found in: v4.5.1
- Fixed in: v4.5.2
- Example Traces:
1. pkg/rosa/client.go:51:70: rosa.NewOCMClient calls ocm.Build, which eventually calls authentication.Build
- GO-2025-4123
- Module: github.com/dvsekhvalnov/jose2go
- Found in: v1.6.0
- Fixed in: v1.7.0
- Example Traces:
1. pkg/rosa/client.go:51:70: rosa.NewOCMClient calls ocm.Build, which eventually calls keyring.Get
Please review these findings and fix the issues before merging.
There was a problem hiding this comment.
- G401: Use of weak cryptographic primitive, Severity: MEDIUM
-
- File: /home/runner/work/bulwark/bulwark/target-repo/pkg/cloud/services/eks/iam/iam.go:532:13
-
- G505: Blocklisted import crypto/sha1: weak cryptographic primitive, Severity: MEDIUM
-
- File: /home/runner/work/bulwark/bulwark/target-repo/pkg/cloud/services/eks/iam/iam.go:22:2
-
Please review these findings and fix the issues before merging.
2 participants
What type of PR is this?
/kind feature
What this PR does / why we need it:
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #
Special notes for your reviewer:
Checklist:
Release note: