Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-1.3] Fix security issues forcing a few dependencies #1057

Merged
merged 1 commit into from
Jan 16, 2021
Merged

[release-1.3] Fix security issues forcing a few dependencies #1057

merged 1 commit into from
Jan 16, 2021

Conversation

tiraboschi
Copy link
Member

Fixes various security issues forcing newer versions
of affected dependencies.

  • github.com/dgrijalva/jwt-go v4.0.0-preview1
  • github.com/gorilla/websocket v1.4.2
  • golang.org/x/crypto/ssh/terminal v0.0.0-20201221181555-eec23a3978ad

Fixes:

This is a manual cherry-pick of #1056

Signed-off-by: Simone Tiraboschi [email protected]

Release note:

Fix security issues forcing a few dependencies

@tiraboschi
[release-1.3] Fix security issues forcing a few dependencies
82c6cf1 
Fixes various security issues forcing newer versions
of affected dependencies.

- github.com/dgrijalva/jwt-go v4.0.0-preview1
- github.com/gorilla/websocket v1.4.2
- golang.org/x/crypto/ssh/terminal v0.0.0-20201221181555-eec23a3978ad
Fixes:

- https://bugzilla.redhat.com/1887821
- https://bugzilla.redhat.com/1902649
- https://bugzilla.redhat.com/1909967

This is a manual cherry-pick of #1056

Signed-off-by: Simone Tiraboschi <[email protected]>
@kubevirt-bot kubevirt-bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. size/S labels Jan 15, 2021
@kubevirt-bot kubevirt-bot requested a review from sradco January 15, 2021 16:16
@hco-bot
Copy link
Collaborator

hco-bot commented Jan 15, 2021

hco-e2e-image-index-aws, hco-e2e-image-index-azure lanes succeeded.
/override ci/prow/hco-e2e-image-index-gcp

@kubevirt-bot
Copy link
Contributor

@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-image-index-gcp

In response to this:

hco-e2e-image-index-aws, hco-e2e-image-index-azure lanes succeeded.
/override ci/prow/hco-e2e-image-index-gcp

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tiraboschi
Copy link
Member Author

/retest

@openshift-ci
Copy link

openshift-ci bot commented Jan 16, 2021

@tiraboschi: The following tests failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
ci/prow/hco-e2e-image-index-gcp 82c6cf1 link /test hco-e2e-image-index-gcp
ci/prow/hco-e2e-upgrade-aws 82c6cf1 link /test hco-e2e-upgrade-aws

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@hco-bot
Copy link
Collaborator

hco-bot commented Jan 16, 2021

hco-e2e-upgrade-azure lane succeeded.
/override ci/prow/hco-e2e-upgrade-aws

@kubevirt-bot
Copy link
Contributor

@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-upgrade-aws

In response to this:

hco-e2e-upgrade-azure lane succeeded.
/override ci/prow/hco-e2e-upgrade-aws

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@erkanerol
Copy link
Contributor

/approve
/lgtm

@kubevirt-bot kubevirt-bot added the lgtm Indicates that a PR is ready to be merged. label Jan 16, 2021
@kubevirt-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: erkanerol

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kubevirt-bot kubevirt-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 16, 2021
@erkanerol
Copy link
Contributor

/test pull-hyperconverged-cluster-operator-e2e-k8s-1.17

@openshift-ci-robot
Copy link
Collaborator

@erkanerol: The specified target(s) for /test were not found.
The following commands are available to trigger jobs:

  • /test ci-index
  • /test hco-e2e-image-index-aws
  • /test hco-e2e-image-index-azure
  • /test hco-e2e-image-index-gcp
  • /test hco-e2e-upgrade-aws
  • /test hco-e2e-upgrade-azure
  • /test hco-e2e-upgrade-prev-aws
  • /test hco-e2e-upgrade-prev-azure
  • /test images

Use /test all to run all jobs.

In response to this:

/test pull-hyperconverged-cluster-operator-e2e-k8s-1.17

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tiraboschi
Copy link
Member Author

kubevirtci infra is down for maintenance, openshift-ci tests are enough in this case since we are not really introducing any code change
/override pull-hyperconverged-cluster-operator-e2e-k8s-1.17

@kubevirt-bot
Copy link
Contributor

@tiraboschi: Overrode contexts on behalf of tiraboschi: pull-hyperconverged-cluster-operator-e2e-k8s-1.17

In response to this:

kubevirtci infra is down for maintenance, openshift-ci tests are enough in this case since we are not really introducing any code change
/override pull-hyperconverged-cluster-operator-e2e-k8s-1.17

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@kubevirt-bot kubevirt-bot merged commit aa0f8b1 into kubevirt:release-1.3 Jan 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@erkanerol erkanerol Awaiting requested review from erkanerol

@nunnatsa nunnatsa Awaiting requested review from nunnatsa

@sradco sradco Awaiting requested review from sradco

Assignees

@erkanerol erkanerol

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/S
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@tiraboschi @hco-bot @kubevirt-bot @erkanerol @openshift-ci-robot