Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: upgrade cookiejar to avoid CVE-2022-25901 #12030

Merged
merged 1 commit into from Feb 3, 2023
Merged

chore: upgrade cookiejar to avoid CVE-2022-25901 #12030

merged 1 commit into from Feb 3, 2023

Conversation

crenshaw-dev
Copy link
Collaborator

@crenshaw-dev crenshaw-dev commented Jan 18, 2023
edited

This is a medium-severity issue. I'd like to get it out of the scans for 2.6. But it shouldn't be cherry-picked further back.

@crenshaw-dev
chore: upgrade cookiejar to avoid CVE-2022-25901
6022a8e 
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
@codecov
Copy link

codecov bot commented Jan 18, 2023

Codecov Report

Base: 47.30% // Head: 47.30% // No change to project coverage 👍

Coverage data is based on head (6022a8e) compared to base (70f9de4).
Patch has no changes to coverable lines.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master   #12030   +/-   ##
=======================================
  Coverage   47.30%   47.30%           
=======================================
  Files         245      245           
  Lines       41670    41670           
=======================================
  Hits        19712    19712           
  Misses      19972    19972           
  Partials     1986     1986

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

leoluz
leoluz approved these changes Feb 3, 2023
View reviewed changes
Copy link
Collaborator

@leoluz leoluz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@crenshaw-dev crenshaw-dev merged commit 02eb67a into argoproj:master Feb 3, 2023
crenshaw-dev added a commit that referenced this pull request Feb 3, 2023
@crenshaw-dev
chore: upgrade cookiejar to avoid CVE-2022-25901 (#12030)
8074e6f 
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
@crenshaw-dev crenshaw-dev deleted the upgrade-cookiejar-CVE-2022-25901 branch February 3, 2023 15:42
@crenshaw-dev
Copy link
Collaborator Author

Cherry-picked onto release-2.6 for 2.6.0-rc8.

schakrad pushed a commit to schakrad/argo-cd that referenced this pull request Mar 14, 2023
@crenshaw-dev @schakrad
chore: upgrade cookiejar to avoid CVE-2022-25901 (argoproj#12030)
8946bfc 
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: schakrad <chakradari.sindhu@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leoluz leoluz leoluz approved these changes

Assignees
No one assigned
Labels
cherry-pick/2.6
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@crenshaw-dev @leoluz