This commit updates golang, alpine docker images, and several packages
including github.com/emicklei/go-restful/v3 and golang.org/x/net to fix
multiple CVE bugs.
CVE ID: PRISMA-2022-0227
Issue: https://github.com/emicklei/go-restful/issues/497
Description: The go-restful/v3 module prior to v3.10.0 is vulnerable to
Authentication Bypass by Primary Weakness due to an inconsistency in URL
path parsing. This could lead to security check bypass in a complex system.
CVE ID: CVE-2023-45288
Issue: https://pkg.go.dev/vuln/GO-2024-2687
Description: An attacker may cause an HTTP/2 endpoint to read arbitrary
amounts of header data by sending an excessive number of CONTINUATION
frames. The fix sets a limit on the amount of excess header frames we will
process before closing a connection.
CVE ID: CVE-2024-4741
Issue: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4741
Description: openssl: Use After Free with SSL_free_buffers
Test Plan:
PASSED: Metrics consumed properly by a scraping tool without
any error.
PASSED: Validate necessary information is being displayed with
new metric type Gauge.
PASSED: API Test with SRIOV enabled, VF Pods created and
verified if the information is retrieved properly
Story: 2010918
Task: 50521
Change-Id: Ia7effb3161a84193fc1fbb3425e25b39d80dec7b
Signed-off-by: AbhishekJ <abhishek.jaiswal@windriver.com>
4e1f29dd73