fix: CVE in n4k-1.10

[VedRatan]

Explanation

Ved@nc692knxm3s-MacBook-Pro ~/D/n/g/kyverno (fix-cve-1.10-1)> trivy image ko.local/github.com/kyverno/kyverno/cmd/kyverno:24269f11794999bf4c51869f2b9c38be62ce345
25474741caec37e6e708a404c
2025-02-06T10:37:05+05:30       INFO    [vulndb] Need to update DB
2025-02-06T10:37:05+05:30       INFO    [vulndb] Downloading vulnerability DB...
2025-02-06T10:37:05+05:30       INFO    [vulndb] Downloading artifact...        repo="mirror.gcr.io/aquasec/trivy-db:2"
58.90 MiB / 58.90 MiB [----------------------------------------------------------------------------------------------------------------] 100.00% 1.52 MiB p/s 39s
2025-02-06T10:37:46+05:30       INFO    [vulndb] Artifact successfully downloaded       repo="mirror.gcr.io/aquasec/trivy-db:2"
2025-02-06T10:37:46+05:30       INFO    [vuln] Vulnerability scanning is enabled
2025-02-06T10:37:46+05:30       INFO    [secret] Secret scanning is enabled
2025-02-06T10:37:46+05:30       INFO    [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-02-06T10:37:46+05:30       INFO    [secret] Please see also https://aquasecurity.github.io/trivy/v0.58/docs/scanner/secret#recommendation for faster secret detection
2025-02-06T10:37:47+05:30       INFO    Detected OS     family="wolfi" version="20230201"
2025-02-06T10:37:47+05:30       INFO    [wolfi] Detecting vulnerabilities...    pkg_num=3
2025-02-06T10:37:47+05:30       INFO    Number of language-specific files       num=1
2025-02-06T10:37:47+05:30       INFO    [gobinary] Detecting vulnerabilities...

ko.local/github.com/kyverno/kyverno/cmd/kyverno:24269f11794999bf4c51869f2b9c38be62ce34525474741caec37e6e708a404c (wolfi 20230201)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

Ved@nc692knxm3s-MacBook-Pro ~/D/n/g/kyverno (fix-cve-1.10-1)> grype ko.local/github.com/kyverno/kyverno/cmd/kyverno:24269f11794999bf4c51869f2b9c38be62ce345254747
41caec37e6e708a404c
 ✔ Vulnerability DB                [updated]  
 ✔ Loaded image                                ko.local/github.com/kyverno/kyverno/cmd/kyverno:24269f11794999bf4c51869f2b9c38be62ce34525474741caec37e6e708a404c
 ✔ Parsed image                                                                         sha256:70a39137acc02f2f3d7ea81e1b1bdbfd4cd27db95cdd94358a06b21e8ad565df
 ✔ Cataloged contents                                                                          ba73f0c786170b1fc53c93fb8b8b6830cdaec235536ad530918bf794294a4da0
   ├── ✔ Packages                        [310 packages]  
   ├── ✔ File digests                    [703 files]  
   ├── ✔ File metadata                   [703 locations]  
   └── ✔ Executables                     [1 executables]  
 ✔ Scanned for vulnerabilities     [0 vulnerability matches]  
   ├── by severity: 0 critical, 0 high, 0 medium, 0 low, 0 negligible
   └── by status:   0 fixed, 0 not-fixed, 0 ignored 
No vulnerabilities found

This PR fixes couple of CVE's in n4k-1.10 which occurred recently

Related issue

Milestone of this PR

Documentation (required for features)

My PR contains new or altered behavior to Kyverno.

• I have sent the draft PR to add or update the documentation and the link is:

What type of PR is this

Proposed Changes

Proof Manifests

Checklist

• I have read the contributing guidelines.
• I have read the PR documentation guide and followed the process including adding proof manifests to this PR.
• This is a bug fix and I have added unit tests that prove my fix is effective.
• This is a feature and I have added CLI tests that are applicable.
• My PR needs to be cherry picked to a specific release branch which is .
• My PR contains new or altered behavior to Kyverno and
  • CLI support should be added and my PR doesn't contain that functionality.

Further Comments

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

📢 Thoughts on this report? Let us know!