Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update github.com/prometheus/client_golang to v1.11.1 #2213

Merged
merged 1 commit into from Mar 30, 2022
Merged

Update github.com/prometheus/client_golang to v1.11.1 #2213

merged 1 commit into from Mar 30, 2022

Conversation

maya-r
Copy link
Contributor

@maya-r maya-r commented Mar 29, 2022

Meant to address a denial of service vulnerability CVE-2022-21698
GHSA-cg3q-j54f-5p7p

Release note:

Update github.com/prometheus/client_golang to v1.11.1 as it contains a security fix

@kubevirt-bot kubevirt-bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. labels Mar 29, 2022
@maya-r
Update github.com/prometheus/client_golang to v1.11.1
0a296f4 
Meant to address a denial of service vulnerability CVE-2022-21698
GHSA-cg3q-j54f-5p7p

Signed-off-by: Maya Rashish <mrashish@redhat.com>
@akalenyu
Copy link
Collaborator

/lgtm

@kubevirt-bot kubevirt-bot added the lgtm Indicates that a PR is ready to be merged. label Mar 29, 2022
@akalenyu
Copy link
Collaborator

error: timed out waiting for the condition on cdis/cdi in some lanes, a little concerning

@maya-r
Copy link
Contributor Author

maya-r commented Mar 29, 2022

/retest

@mhenriks
Copy link
Member

/lgtm
/approve

@kubevirt-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mhenriks

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kubevirt-bot kubevirt-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 29, 2022
@maya-r
Copy link
Contributor Author

maya-r commented Mar 30, 2022

/retest

@kubevirt-bot kubevirt-bot merged commit 61b7123 into kubevirt:main Mar 30, 2022
@maya-r
Copy link
Contributor Author

maya-r commented Mar 30, 2022

/cherry-pick release-v0.12

@kubevirt-bot
Copy link
Contributor

@maya-r: cannot checkout release-v0.12: error checking out release-v0.12: exit status 1. output: error: pathspec 'release-v0.12' did not match any file(s) known to git

In response to this:

/cherry-pick release-v0.12

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@maya-r
Copy link
Contributor Author

maya-r commented Mar 30, 2022

/cherry-pick release-v1.43

@kubevirt-bot
Copy link
Contributor

@maya-r: #2213 failed to apply on top of branch "release-v1.43":

Applying: Update github.com/prometheus/client_golang to v1.11.1
Using index info to reconstruct a base tree...
M	go.mod
M	go.sum
M	vendor/modules.txt
Falling back to patching base and 3-way merge...
Auto-merging vendor/modules.txt
CONFLICT (content): Merge conflict in vendor/modules.txt
Auto-merging go.sum
Auto-merging go.mod
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 Update github.com/prometheus/client_golang to v1.11.1
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherry-pick release-v1.43

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

maya-r added a commit to maya-r/containerized-data-importer that referenced this pull request Mar 30, 2022
@maya-r
Update github.com/prometheus/client_golang to v1.11.1 (kubevirt#2213)
f92e865 
Meant to address a denial of service vulnerability CVE-2022-21698
GHSA-cg3q-j54f-5p7p

Signed-off-by: Maya Rashish <mrashish@redhat.com>
@maya-r maya-r mentioned this pull request Mar 30, 2022
Merged
kubevirt-bot pushed a commit that referenced this pull request Apr 1, 2022
@maya-r
Update github.com/prometheus/client_golang to v1.11.1 (#2213) (#2216)
707e6dd 
Meant to address a denial of service vulnerability CVE-2022-21698
GHSA-cg3q-j54f-5p7p

Signed-off-by: Maya Rashish <mrashish@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akalenyu akalenyu akalenyu left review comments

@aglitke aglitke Awaiting requested review from aglitke

@mhenriks mhenriks Awaiting requested review from mhenriks

Assignees

@mhenriks mhenriks

@akalenyu akalenyu

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@maya-r @akalenyu @mhenriks @kubevirt-bot