Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug 1889955: Bump dependencies to mitigate CVE-2020-8564 #193

Merged
merged 2 commits into from Dec 2, 2020
Merged

Bug 1889955: Bump dependencies to mitigate CVE-2020-8564 #193

merged 2 commits into from Dec 2, 2020

Conversation

coreydaley
Copy link
Member

No description provided.

@openshift-ci-robot openshift-ci-robot added bugzilla/severity-medium Referenced Bugzilla bug's severity is medium for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. labels Dec 1, 2020
@openshift-ci-robot
Copy link
Contributor

@coreydaley: This pull request references Bugzilla bug 1889955, which is valid. The bug has been updated to refer to the pull request using the external bug tracker.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.6.z) matches configured target release for branch (4.6.z)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
  • dependent bug Bugzilla bug 1889957 is in the state VERIFIED, which is one of the valid states (VERIFIED, RELEASE_PENDING, CLOSED (ERRATA))
  • dependent Bugzilla bug 1889957 targets the "4.7.0" release, which is one of the valid target releases: 4.7.0
  • bug has dependents

In response to this:

Bug 1889955: Bump dependencies to mitigate CVE-2020-8564

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@coreydaley
Copy link
Member Author

/assign @adambkaplan

@coreydaley
Copy link
Member Author

/retest

1 similar comment
@coreydaley
Copy link
Member Author

/retest

adambkaplan
adambkaplan reviewed Dec 2, 2020
View reviewed changes
Copy link
Contributor

@adambkaplan adambkaplan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

pkg/build/builder/daemonless_test.go
@@ -26,7 +26,7 @@ func Test_mergeNodeCredentials(t *testing.T) {
{
name: "invalid namespace credentials file",
nsCreds: "testdata/empty.txt",
errstr: "unexpected end of JSON input",
errstr: "error occurred while trying to unmarshal json",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see why we don't have this in 4.7 - my fix for Bug 1883803 got rid of the returned error.

See #180

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Dec 2, 2020
@openshift-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: adambkaplan, coreydaley

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 2, 2020
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@sdodson sdodson added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Dec 2, 2020
@openshift-merge-robot openshift-merge-robot merged commit d762c23 into openshift:release-4.6 Dec 2, 2020
@openshift-ci-robot
Copy link
Contributor

@coreydaley: Some pull requests linked via external trackers have merged:

The following pull requests linked via external trackers have not merged:

These pull request must merge or be unlinked from the Bugzilla bug in order for it to move to the next state. Once unlinked, request a bug refresh with /bugzilla refresh.

Bugzilla bug 1889955 has not been moved to the MODIFIED state.

In response to this:

Bug 1889955: Bump dependencies to mitigate CVE-2020-8564

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot mentioned this pull request Dec 2, 2020
Merged
@coreydaley
Copy link
Member Author

/cherry-pick release-4.5

@openshift-cherrypick-robot
Copy link

@coreydaley: #193 failed to apply on top of branch "release-4.5":

Applying: bump (*) to mitigate CVE-2020-8564
Using index info to reconstruct a base tree...
M	go.mod
M	go.sum
M	vendor/k8s.io/api/apps/v1beta1/types.go
A	vendor/k8s.io/api/apps/v1beta1/zz_generated.prerelease-lifecycle.go
M	vendor/k8s.io/api/apps/v1beta2/types.go
A	vendor/k8s.io/api/apps/v1beta2/zz_generated.prerelease-lifecycle.go
M	vendor/k8s.io/api/extensions/v1beta1/types.go
A	vendor/k8s.io/api/extensions/v1beta1/zz_generated.prerelease-lifecycle.go
A	vendor/k8s.io/component-base/logs/registry.go
M	vendor/k8s.io/kubernetes/pkg/credentialprovider/config.go
M	vendor/modules.txt
Falling back to patching base and 3-way merge...
Auto-merging vendor/modules.txt
CONFLICT (content): Merge conflict in vendor/modules.txt
Auto-merging vendor/k8s.io/kubernetes/pkg/credentialprovider/config.go
CONFLICT (content): Merge conflict in vendor/k8s.io/kubernetes/pkg/credentialprovider/config.go
CONFLICT (modify/delete): vendor/k8s.io/component-base/logs/registry.go deleted in HEAD and modified in bump (*) to mitigate CVE-2020-8564. Version bump (*) to mitigate CVE-2020-8564 of vendor/k8s.io/component-base/logs/registry.go left in tree.
CONFLICT (modify/delete): vendor/k8s.io/api/extensions/v1beta1/zz_generated.prerelease-lifecycle.go deleted in HEAD and modified in bump (*) to mitigate CVE-2020-8564. Version bump (*) to mitigate CVE-2020-8564 of vendor/k8s.io/api/extensions/v1beta1/zz_generated.prerelease-lifecycle.go left in tree.
Auto-merging vendor/k8s.io/api/extensions/v1beta1/types.go
CONFLICT (content): Merge conflict in vendor/k8s.io/api/extensions/v1beta1/types.go
CONFLICT (modify/delete): vendor/k8s.io/api/apps/v1beta2/zz_generated.prerelease-lifecycle.go deleted in HEAD and modified in bump (*) to mitigate CVE-2020-8564. Version bump (*) to mitigate CVE-2020-8564 of vendor/k8s.io/api/apps/v1beta2/zz_generated.prerelease-lifecycle.go left in tree.
Auto-merging vendor/k8s.io/api/apps/v1beta2/types.go
CONFLICT (content): Merge conflict in vendor/k8s.io/api/apps/v1beta2/types.go
CONFLICT (modify/delete): vendor/k8s.io/api/apps/v1beta1/zz_generated.prerelease-lifecycle.go deleted in HEAD and modified in bump (*) to mitigate CVE-2020-8564. Version bump (*) to mitigate CVE-2020-8564 of vendor/k8s.io/api/apps/v1beta1/zz_generated.prerelease-lifecycle.go left in tree.
Auto-merging vendor/k8s.io/api/apps/v1beta1/types.go
CONFLICT (content): Merge conflict in vendor/k8s.io/api/apps/v1beta1/types.go
Auto-merging go.sum
CONFLICT (content): Merge conflict in go.sum
Auto-merging go.mod
CONFLICT (content): Merge conflict in go.mod
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 bump (*) to mitigate CVE-2020-8564
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherry-pick release-4.5

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@coreydaley coreydaley mentioned this pull request Dec 2, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adambkaplan adambkaplan adambkaplan left review comments

@gabemontero gabemontero Awaiting requested review from gabemontero

Assignees

@adambkaplan adambkaplan

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/severity-medium Referenced Bugzilla bug's severity is medium for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@coreydaley @openshift-ci-robot @openshift-bot @openshift-cherrypick-robot @adambkaplan @sdodson @openshift-merge-robot