Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: bump dependency used by Azure backups to fix CVE #17269

Merged
merged 1 commit into from
Apr 4, 2024
Merged

deps: bump dependency used by Azure backups to fix CVE #17269

merged 1 commit into from
Apr 4, 2024

Conversation

npepinpe
Copy link
Member

@npepinpe npepinpe commented Apr 3, 2024

Description

This PR bumps a dependency used by Azure backups to fix the following CVE: https://security.snyk.io/vuln/SNYK-JAVA-COMNIMBUSDS-6247633

Related issues

closes https://security.snyk.io/vuln/SNYK-JAVA-COMNIMBUSDS-6247633

Definition of Done

Not all items need to be done depending on the issue and the pull request.

Code changes:

  • The changes are backwards compatibility with previous versions
  • If it fixes a bug then PRs are created to backport the fix to the last two minor versions. You can trigger a backport by assigning labels (e.g. backport stable/1.3) to the PR, in case that fails you need to create backports manually.

Testing:

  • There are unit/integration tests that verify all acceptance criterias of the issue
  • New tests are written to ensure backwards compatibility with further versions
  • The behavior is tested manually
  • The change has been verified by a QA run
  • The impact of the changes is verified by a benchmark

Documentation:

  • The documentation is updated (e.g. BPMN reference, configuration, examples, get-started guides, etc.)
  • If the PR changes how BPMN processes are validated (e.g. support new BPMN element) then the Camunda modeling team should be informed to adjust the BPMN linting.

Other teams:
If the change impacts another team an issue has been created for this team, explaining what they need to do to support this change.

Please refer to our review guidelines.

@github-actions github-actions bot added component/zeebe Related to the Zeebe component/team component/operate Related to the Operate component/team labels Apr 3, 2024
@npepinpe npepinpe added backport stable/8.2 Backport a pull request to 8.2.x backport stable/8.3 Backport a pull request to 8.3.x backport stable/8.4 Backport a pull request to 8.4.x and removed component/zeebe Related to the Zeebe component/team component/operate Related to the Operate component/team labels Apr 3, 2024
@npepinpe
Copy link
Member Author

npepinpe commented Apr 3, 2024

Please add the backport stable/8.5 when it exists, as I think if I create it now, it will break the release workflow :)

@npepinpe npepinpe self-assigned this Apr 3, 2024
@lenaschoenburg lenaschoenburg added the backport stable/8.5 Backport a pull request to stable/8.5 label Apr 4, 2024
@lenaschoenburg lenaschoenburg added this pull request to the merge queue Apr 4, 2024
Merged via the queue into main with commit a11a29d Apr 4, 2024
47 of 49 checks passed
@lenaschoenburg lenaschoenburg deleted the np-fix-cve-2023-52428-8.5 branch April 4, 2024 10:07
@backport-action
Copy link
Collaborator

Backport failed for stable/8.2, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin stable/8.2
git worktree add -d .worktree/backport-17269-to-stable/8.2 origin/stable/8.2
cd .worktree/backport-17269-to-stable/8.2
git switch --create backport-17269-to-stable/8.2
git cherry-pick -x 96089975a62991e2b50ff6f0a0fe023cd292ef92

@backport-action
Copy link
Collaborator

Backport failed for stable/8.3, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin stable/8.3
git worktree add -d .worktree/backport-17269-to-stable/8.3 origin/stable/8.3
cd .worktree/backport-17269-to-stable/8.3
git switch --create backport-17269-to-stable/8.3
git cherry-pick -x 96089975a62991e2b50ff6f0a0fe023cd292ef92

@backport-action
Copy link
Collaborator

Backport failed for stable/8.4, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin stable/8.4
git worktree add -d .worktree/backport-17269-to-stable/8.4 origin/stable/8.4
cd .worktree/backport-17269-to-stable/8.4
git switch --create backport-17269-to-stable/8.4
git cherry-pick -x 96089975a62991e2b50ff6f0a0fe023cd292ef92

@backport-action
Copy link
Collaborator

Successfully created backport PR for stable/8.5:

@backport-action backport-action mentioned this pull request Apr 4, 2024
Merged
github-merge-queue bot pushed a commit that referenced this pull request Apr 9, 2024
@npepinpe
[Backport stable/8.5] deps: bump dependency used by Azure backups to …
08d5d28 
…fix CVE (#17304)

# Description
Backport of #17269 to `stable/8.5`.

relates to
original author: @npepinpe
@Zelldon Zelldon added the version:8.5.1 Marks an issue as being completely or in parts released in 8.5.1 label May 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lenaschoenburg lenaschoenburg lenaschoenburg approved these changes

Assignees

@npepinpe npepinpe

Labels
backport stable/8.2 Backport a pull request to 8.2.x backport stable/8.3 Backport a pull request to 8.3.x backport stable/8.4 Backport a pull request to 8.4.x backport stable/8.5 Backport a pull request to stable/8.5 version:8.5.1 Marks an issue as being completely or in parts released in 8.5.1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@npepinpe @backport-action @lenaschoenburg @Zelldon