Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update dependencies, some fixes a few CVEs #3166

Merged
merged 1 commit into from
Oct 27, 2023
Merged

update dependencies, some fixes a few CVEs #3166

merged 1 commit into from
Oct 27, 2023

Conversation

cpanato
Copy link
Contributor

@cpanato cpanato commented Oct 26, 2023

  • update dependencies, some fixes a few CVEs

for etcd, they have fixes in the release-3.5 branch but not released yet, so pinning for the head of the release-3.5 branch

Checklist

@cpanato cpanato requested a review from a team as a code owner October 26, 2023 13:35
@cpanato cpanato requested a review from jiggoha October 26, 2023 13:35
@roger2hk
Copy link
Contributor

According to etcd-io/etcd#16733, v3.5.10 will be officially released in the coming few days to address the CVEs (e.g. GHSA-m425-mq94-257g).

@cpanato
Copy link
Contributor Author

cpanato commented Oct 26, 2023

According to etcd-io/etcd#16733, v3.5.10 will be officially released in the coming few days to address the CVEs (e.g. GHSA-m425-mq94-257g).

I was not aware of that issue, thanks, that is good, we can test this pr in meantime and when they release we just updated here, wdyt?

@roger2hk
Copy link
Contributor

/gcbrun

@roger2hk
Copy link
Contributor

According to etcd-io/etcd#16733, v3.5.10 will be officially released in the coming few days to address the CVEs (e.g. GHSA-m425-mq94-257g).

I was not aware of that issue, thanks, that is good, we can test this pr in meantime and when they release we just updated here, wdyt?

SGTM to run the tests in advance, thanks. I actually have a similar draft PR to bump the etcd dependencies two months ago.

@cpanato
Copy link
Contributor Author

cpanato commented Oct 26, 2023

According to etcd-io/etcd#16733, v3.5.10 will be officially released in the coming few days to address the CVEs (e.g. GHSA-m425-mq94-257g).

I was not aware of that issue, thanks, that is good, we can test this pr in meantime and when they release we just updated here, wdyt?

SGTM to run the tests in advance, thanks. I actually have a similar draft PR to bump the etcd dependencies two months ago.

should I close this one, then?

@roger2hk
Copy link
Contributor

According to etcd-io/etcd#16733, v3.5.10 will be officially released in the coming few days to address the CVEs (e.g. GHSA-m425-mq94-257g).

I was not aware of that issue, thanks, that is good, we can test this pr in meantime and when they release we just updated here, wdyt?

SGTM to run the tests in advance, thanks. I actually have a similar draft PR to bump the etcd dependencies two months ago.

should I close this one, then?

We can make use of this PR to confirm all tests will pass before closing it.

@cpanato
Copy link
Contributor Author

cpanato commented Oct 26, 2023

looks all green :)

@cpanato
Copy link
Contributor Author

cpanato commented Oct 27, 2023

@roger2hk updated the branch to get the 3.5.10 release for etcd

@roger2hk
Copy link
Contributor

/gcbrun

roger2hk
roger2hk reviewed Oct 27, 2023
View reviewed changes
CHANGELOG.md Outdated Show resolved Hide resolved
.github/workflows/test.yaml Outdated Show resolved Hide resolved
@cpanato
update dependencies, some fixes a few CVEs
887e805 
Signed-off-by: cpanato <ctadeu@gmail.com>
@roger2hk
Copy link
Contributor

/gcbrun

@roger2hk roger2hk merged commit 0a1e5c7 into google:master Oct 27, 2023
9 checks passed
@roger2hk
Copy link
Contributor

@cpanato PR merged. Thank you very much for your contribution.

@cpanato cpanato deleted the update-deps branch October 29, 2023 14:23
@roger2hk roger2hk mentioned this pull request Oct 29, 2023
Closed
2 tasks
@cpanato
Copy link
Contributor Author

cpanato commented Oct 31, 2023

@roger2hk any plans for a new release?

@roger2hk
Copy link
Contributor

@roger2hk any plans for a new release?

I believe we will have a v1.5.3 release this week.

@roger2hk
Copy link
Contributor

roger2hk commented Nov 1, 2023

FYI. v1.5.3 is released.

@cpanato
Copy link
Contributor Author

cpanato commented Nov 1, 2023

@roger2hk you are awesome thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@roger2hk roger2hk roger2hk approved these changes

@jiggoha jiggoha Awaiting requested review from jiggoha jiggoha is a code owner automatically assigned from google/trillian-team

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@cpanato @roger2hk