vuln fix for CVE-2023-28840

[czhujer]

No description provided.

[czhujer]

copy from: chartmuseum#189

[leventyalcin]

Hi @czhujer,

Out of curiosity, are you planing to use helm-push from your own repository? If I'm not the only one who feels things are moving too slow on the original repo, I could take a similar approach at some point. That's a too big responsibility to take, however, it will be easier to progress I suppose.

Cheers,

[czhujer]

Hi @leventyalcin,

for now, probably i have to :)
Because I wanted use version from origin main, because there are fixed some CVEs.
But looks like bump version of cobra library's caused some issues chartmuseum#187.
And after i've send MR/PR with fix, I'm cherry picked also your's FIX :)

[leventyalcin]

I totally understand. I was going to do the same but I'm only trying to avoid that because of an approval processes I have to go through. The last time I had to ping org owners thorugh Twitter. However, I'm reluctant to do it regularly 🤷‍♂️

[czhujer]

Yes, we will see :)

[leventyalcin]

@czhujer Just to let you know, your PR and mines are merged and a new version released. 👍

[czhujer]

@leventyalcin yes, i've seen. thank you for info :)