Skip to content

Security Vulnerability: Go Package: github.com/grpc-ecosystem/go-grpc-prometheus - End of Life Notification (EOL) #2500

Description

@ThiruDev50

Hello Team,

The latest node-feature-discovery (v0.18.3) still uses grpc-ecosystem/go-grpc-prometheus package which reached its EOL -> https://github.com/kubernetes-sigs/node-feature-discovery/blob/v0.18.3/go.mod#L83

Based on this issue -> #2287, We got to know that, this is due to indirect dependency from kubernetes.

Kubernetes released a new version v1.36.0 (https://github.com/kubernetes/kubernetes/releases/tag/v1.36.0) which contains the fix.

Can we please upgrade node-feature-discovery to use the latest kubernetes? Currently it uses Kubernetes v1.34.1 (https://github.com/kubernetes-sigs/node-feature-discovery/blob/v0.18.3/go.mod#L36)

Thanks in advance

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions