Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of deps: upgrade protobuf lib to 1.33.0 into release/1.5.x #20101

Merged
merged 1 commit into from
Mar 8, 2024
Merged

Backport of deps: upgrade protobuf lib to 1.33.0 into release/1.5.x #20101

merged 1 commit into from
Mar 8, 2024

Conversation

hc-github-team-nomad-core
Copy link
Contributor

Backport

This PR is auto-generated from #20100 to be assessed for backporting due to the inclusion of the label backport/1.5.x.

🚨

Warning automatic cherry-pick of commits failed. If the first commit failed,
you will see a blank no-op commit below. If at least one commit succeeded, you
will see the cherry-picked commits up to, not including, the commit where
the merge conflict occurred.

The person who merged in the original PR is:
@tgross
This person should manually cherry-pick the original PR into a new backport PR,
and close this one when the manual backport PR is merged in.

merge conflict error: POST https://api.github.com/repos/hashicorp/nomad/merges: 409 Merge conflict []

The below text is copied from the body of the original PR.

Although Nomad is not vulnerable to CVE-2024-24786 because it's configured to discard unknown messages during unmarshaling, we should upgrade so that third-party vulnerability scanners don't detect the vulnerable version and complain.

I've also updated the changelog for our Go 1.22.1 update to include references to the CVEs it fixes for us.

Overview of commits

@hashicorp-cla
Copy link

hashicorp-cla commented Mar 8, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

@tgross
deps: upgrade protobuf lib to 1.33.0 (#20100)
806921d 
Although Nomad is not vulnerable to CVE-2024-24786 because it's configured to
discard unknown messages during unmarshaling, we should upgrade so that
third-party vulnerability scanners don't detect the vulnerable version and
complain.

Also update go1.22.1 changelog entry to include CVEs
@tgross tgross force-pushed the backport/deps-protobuf/manually-related-shrew branch from 5199d74 to 806921d Compare March 8, 2024 16:36
@tgross tgross marked this pull request as ready for review March 8, 2024 16:37
@tgross tgross merged commit bb5c853 into release/1.5.x Mar 8, 2024
23 of 25 checks passed
@tgross tgross deleted the backport/deps-protobuf/manually-related-shrew branch March 8, 2024 16:56
@github-actions GitHub Actions
Copy link

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 17, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@tgross tgross tgross approved these changes

Assignees

@tgross tgross

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hc-github-team-nomad-core @hashicorp-cla @tgross