Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: Bump Azure/go-autorest #470

Merged
merged 2 commits into from Oct 8, 2020
Merged

deps: Bump Azure/go-autorest #470

merged 2 commits into from Oct 8, 2020

Conversation

sgreene570
Copy link
Contributor

Azure/go-autorest recently switched from using the unmaintained dgrijalva/jwt-go to a newly maintained fork, form3tech-oss/jwt-go.
Azure/go-autorest is the only ingress-operator dependency that required dgrijalva/jwt-go, which has recently been identified as vulnerable via CVE-2020-26160. While Azure/go-autorest did not make use of any of the vulnerable code in dgrijalva/jwt-go, this bump essentially removes dgrijalva/jwt-go from the vendor/ directory to prevent security auditing tools from raising concern over the not-needed vulnerable code.

@sgreene570
go.mod: Bump Azure/go-autorest
eef05fb 
Azure/go-autorest recently switched from using the unmaintained
dgrijalva/jwt-go to a newly maintained fork, form3tech-oss/jwt-go.
Azure/go-autorest is the only ingress-operator depedency that required
dgrijalva/jwt-go, which has recently been identified as vulnerable via
CVE-2020-26160. While Azure/go-autorest did not make use of any of
the vulnerable code in dgrijalva/jwt-go, this bump essentially removes
dgrijalva/jwt-go from the vendor/ directory to prevent security auditing
tools from raising concern over the not-needed vulnerable code.
@sgreene570
vendor: Bump Azure/go-autorest
ccfcda4
@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 7, 2020
@Miciah
Copy link
Contributor

Miciah commented Oct 7, 2020

/lgtm

@openshift-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Miciah, sgreene570

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Oct 7, 2020
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-merge-robot openshift-merge-robot merged commit c7bdf5a into openshift:master Oct 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frobware frobware Awaiting requested review from frobware

@Miciah Miciah Awaiting requested review from Miciah

Assignees

@Miciah Miciah

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@sgreene570 @Miciah @openshift-ci-robot @openshift-bot @openshift-merge-robot