Skip to content

Remediate vulnerabilities in GCSFuse CSI sidecar-mounter v1.17.9-gke.4#1337

Open
Sneha-at wants to merge 1 commit into
GoogleCloudPlatform:release-1.17from
Sneha-at:release-1.17
Open

Remediate vulnerabilities in GCSFuse CSI sidecar-mounter v1.17.9-gke.4#1337
Sneha-at wants to merge 1 commit into
GoogleCloudPlatform:release-1.17from
Sneha-at:release-1.17

Conversation

@Sneha-at
Copy link
Copy Markdown
Collaborator

@Sneha-at Sneha-at commented Apr 29, 2026

This PR remediates vulnerabilities found in the GCSFuse CSI driver sidecar mounter image v1.17.9-gke.4.

Changes:

  • Updated Golang base image to 1.25.8@sha256:3ac2864710f25e84381bf5d4272261c7ba73ada0339d62034df4de20dabb33ca across all Dockerfiles.
  • Upgraded google.golang.org/grpc to v1.79.3 to address CVE-2026-33186.
  • Upgraded github.com/go-jose/go-jose/v4 to v4.1.4 to address CVE-2026-34986.
  • Refreshed vendor directory.
  • Preserved go 1.23.0 in go.mod as per project standards.

/cc @snehaaradhey

@Sneha-at
Remediate vulnerabilities in GCSFuse CSI driver sidecar-mounter image…
e16a172 
… v1.17.9-gke.4

- Updated Golang base image in Dockerfiles to 1.25.8@sha256:3ac2864710f25e84381bf5d4272261c7ba73ada0339d62034df4de20dabb33ca
- Updated google.golang.org/grpc to v1.79.3
- Updated github.com/go-jose/go-jose/v4 to v4.1.4
- Refreshed vendor directory
- Preserved go 1.23.0 version in go.mod per project constraints
@google-oss-prow
Copy link
Copy Markdown

google-oss-prow Bot commented Apr 29, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Sneha-at

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@gemini-code-assist
Copy link
Copy Markdown

gemini-code-assist Bot commented Apr 29, 2026

Note

The number of changes in this pull request is too large for Gemini Code Assist to generate a review.

@Sneha-at
Copy link
Copy Markdown
Collaborator Author

Sneha-at commented Apr 29, 2026

Test PR

@Sneha-at Sneha-at closed this Apr 29, 2026
@Sneha-at Sneha-at reopened this May 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Sneha-at