Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2023-48795: bump golang.org/x/crypto to v0.17.0 #1132

Merged
merged 1 commit into from
Dec 19, 2023
Merged

CVE-2023-48795: bump golang.org/x/crypto to v0.17.0 #1132

merged 1 commit into from
Dec 19, 2023

Conversation

dobsonj
Copy link
Member

@dobsonj dobsonj commented Dec 19, 2023
edited
Loading

What type of PR is this?
/kind bug

What this PR does / why we need it:
fix: CVE-2023-48795

Release note:

fix: CVE-2023-48795

@k8s-ci-robot
Copy link
Contributor

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Dec 19, 2023
@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Dec 19, 2023
@dobsonj dobsonj marked this pull request as ready for review December 19, 2023 18:21
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Dec 19, 2023
@msau42
Copy link
Collaborator

msau42 commented Dec 19, 2023

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 19, 2023
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dobsonj, msau42

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 19, 2023
@dobsonj
Copy link
Member Author

dobsonj commented Dec 19, 2023

/retest

@k8s-ci-robot k8s-ci-robot merged commit 771d9c1 into kubernetes-csi:master Dec 19, 2023
1 check passed
@sunnylovestiramisu
Copy link
Contributor

/cherry-pick release-3.6

@k8s-infra-cherrypick-robot
Copy link

@sunnylovestiramisu: #1132 failed to apply on top of branch "release-3.6":

Applying: CVE-2023-48795: bump golang.org/x/crypto to v0.17.0
Using index info to reconstruct a base tree...
M	go.mod
M	go.sum
M	vendor/golang.org/x/crypto/ssh/handshake.go
M	vendor/golang.org/x/crypto/ssh/server.go
M	vendor/modules.txt
Falling back to patching base and 3-way merge...
Auto-merging vendor/modules.txt
CONFLICT (content): Merge conflict in vendor/modules.txt
Auto-merging vendor/golang.org/x/crypto/ssh/server.go
CONFLICT (content): Merge conflict in vendor/golang.org/x/crypto/ssh/server.go
Auto-merging vendor/golang.org/x/crypto/ssh/handshake.go
Auto-merging go.sum
CONFLICT (content): Merge conflict in go.sum
Auto-merging go.mod
CONFLICT (content): Merge conflict in go.mod
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 CVE-2023-48795: bump golang.org/x/crypto to v0.17.0
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherry-pick release-3.6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@sunnylovestiramisu sunnylovestiramisu mentioned this pull request Dec 21, 2023
Merged
@mpatlasov mpatlasov mentioned this pull request Mar 21, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrishenzie chrishenzie Awaiting requested review from chrishenzie

@sunnylovestiramisu sunnylovestiramisu Awaiting requested review from sunnylovestiramisu

@gnufied gnufied Awaiting requested review from gnufied

@xing-yang xing-yang Awaiting requested review from xing-yang

Assignees

@msau42 msau42

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@dobsonj @k8s-ci-robot @msau42 @sunnylovestiramisu @k8s-infra-cherrypick-robot