Skip to content

Force to use KubernetesClient 17.0.14 #1903

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Sep 18, 2025
Merged

Force to use KubernetesClient 17.0.14 #1903

merged 7 commits into from
Sep 18, 2025

Conversation

reakaleek
Copy link
Member

@reakaleek reakaleek commented Sep 18, 2025
edited
Loading

Context

workflows are currently failing with

  /home/runner/work/docs-builder/docs-builder/src/tooling/docs-assembler/docs-assembler.csproj : error NU1902: Warning As Error: Package 'KubernetesClient' 17.0.4 has a known moderate severity vulnerability, https://github.com/advisories/GHSA-w7r3-mgwf-4mqq [/home/runner/work/docs-builder/docs-builder/docs-builder.sln]
    Failed to restore /home/runner/work/docs-builder/docs-builder/src/tooling/docs-assembler/docs-assembler.csproj (in 3.76 sec).
  
  Build FAILED.
  
  /home/runner/work/docs-builder/docs-builder/src/tooling/docs-assembler/docs-assembler.csproj : error NU1902: Warning As Error: Package 'KubernetesClient' 17.0.4 has a known moderate severity vulnerability, https://github.com/advisories/GHSA-w7r3-mgwf-4mqq [/home/runner/work/docs-builder/docs-builder/docs-builder.sln]
      0 Warning(s)
      1 Error(s)

using dotnet list package --include-transitive I identified that the cause are the "Aspire.Hosting.*" dependencies.

Also see: GHSA-w7r3-mgwf-4mqq

Changes

  • Use <CentralPackageTransitivePinningEnabled>true</CentralPackageTransitivePinningEnabled>
  • And add KubernetesClient 17.0.14
  • This required updates to other packages as well.

@reakaleek reakaleek requested a review from a team as a code owner September 18, 2025 08:21
@reakaleek reakaleek requested a review from cotti September 18, 2025 08:21
@reakaleek reakaleek changed the title Update Aspire.Hosting.* dependencies Force to use KubernetesClient 17.0.14 Sep 18, 2025
@reakaleek reakaleek self-assigned this Sep 18, 2025
@reakaleek reakaleek added the fix label Sep 18, 2025
@reakaleek
Copy link
Member Author

Force merging this because it's blocking.

@reakaleek reakaleek merged commit 236e61e into main Sep 18, 2025
18 of 20 checks passed
@reakaleek reakaleek deleted the feature/fix-cve branch September 18, 2025 09:05
@reakaleek
Copy link
Member Author

cc @Mpdreamz

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cotti cotti Awaiting requested review from cotti cotti is a code owner automatically assigned from elastic/docs-engineering

Assignees

@reakaleek reakaleek

Labels
fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@reakaleek