chore(cve): Fix CVE in the Keda autoscaler library#7066
Merged
Conversation
tyndria
approved these changes
Jan 5, 2026
…go-jose(from previous version of keda), now resolving properly
…anually copy-pasted into the license.txt
Author
|
I am going to merge this PR now. Will fix the CVEs for the Python images in the next. |
vtaskow
added a commit
that referenced
this pull request
Jan 5, 2026
* Upgrade keda from 2.7.1 to 2.12.0 * Update Keda to 2.13.0 * Upgrade Keda to 2.14.0 * Upgrade to Keda 2.15.0 * Upgrade to Keda 2.17.3 * Update transitive dep expr-lang/expr coming from Keda to fix CVE * Add comment in go.mod for cve * Bump k8s libs in executor to resolve go.mod after the changes in the operator * Add replace for expr-lang/expr in go.mod in executor as well * Update licenses for the operator. Remove additional license info for go-jose(from previous version of keda), now resolving properly * Update executor licenses; entry for JohnCGriffin/overflow had to be manually copy-pasted into the license.txt * Update tarball licenses in the operator and executor Dockerfiles
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Motivation
A new CVE appeared at the end of December: GHSA-c4p6-qg4m-9jmr. This PR resolves it and Core 1 now works with Keda 2.17.x to 2.18.3(latest).
What
Summary of changes
Checklist
Testing