[Snyk] Security upgrade @kubernetes/client-node from 0.18.1 to 1.0.0

[schalla0791]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	646
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	646

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution

[dryrunsecurity]

DryRun Security Summary

The pull request updates the versions of @kubernetes/client-node and tar dependencies in package.json and package-lock.json, requiring careful review for potential security implications and ensuring continued application functionality.

Expand for full summary

Summary:

The changes in this pull request primarily involve updating the versions of two dependencies in the package.json and package-lock.json files. The most significant change is the update of the @kubernetes/client-node dependency from version 0.18.1 to 1.0.0. This is a major version update that likely includes new features, bug fixes, and potentially breaking changes.

From an application security perspective, these changes should be carefully reviewed to ensure that they do not introduce any new vulnerabilities or security risks. The new versions of the dependencies may have updated dependencies or changed the way certain functionality is implemented, which could impact the overall security posture of the application. Additionally, the update to the tar dependency, which is a critical component for handling file compression and extraction, should also be thoroughly reviewed for any security implications.

It is recommended to review the release notes and changelogs for the new versions of the dependencies, and to have a robust testing process in place to ensure that the application continues to function as expected after the updates. Additionally, the application's test suite should cover any relevant security-related functionality to ensure that the updates do not introduce any new vulnerabilities.

Files Changed:

1. package.json: The version of the @kubernetes/client-node dependency is being updated from ^0.18.1 to ^1.0.0.
2. package-lock.json: The version of the @kubernetes/client-node dependency is being updated from 0.18.1 to 1.0.0. Additionally, changes to the tar dependency are included in this update.

Code Analysis

We ran 9 analyzers against 2 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	2 findings

View PR in the DryRun Dashboard.