deps: Bump go autorest #44
Conversation
openshift-ci-robot
added
the
approved
|
/retest |
.gitignore
Outdated
| @@ -1,7 +1,7 @@ | |||
| query.log | |||
| Corefile | |||
| *.swp | |||
| ^coredns$ | |||
| coredns | |||
There was a problem hiding this comment.
Won't this match vendor/github.com/coredns?
There was a problem hiding this comment.
Ah, yea, Ill drop this change
There was a problem hiding this comment.
I think /coredns will work. Ill add the gitignore commit back.
plugin/chaos/zowners.go
Outdated
| @@ -1,5 +1,4 @@ | |||
| package chaos | |||
|
|
|||
| // Owners are all GitHub handlers of all maintainers. | |||
| var Owners = []string{"Miciah", "bradbeam", "chrisohaver", "danehans", "dilyevsky", "ekleiner", "fastest963", "greenpau", "grobie", "inigohu", "ironcladlou", "isolus", "johnbelamaric", "knobunc", "miekg", "nchrisdk", "nitisht", "pmoroney", "rajansandeep", "rdrozhdzh", "rtreffer", "smarterclayton", "superq", "varyoo", "yongtang"} | |||
|
|
|||
| var Owners = []string{"bradbeam", "chrisohaver", "darshanime", "dilyevsky", "ekleiner", "fastest963", "greenpau", "grobie", "ihac", "inigohu", "isolus", "johnbelamaric", "miekg", "nchrisdk", "nitisht", "pmoroney", "rajansandeep", "rdrozhdzh", "rtreffer", "stp-ip", "superq", "varyoo", "ykhr53", "yongtang"} | |||
There was a problem hiding this comment.
Fixed. This is not the first time i've accidentally commited changes to zowners.go. Seems like I somehow accidentally ran make gen.
Azure/go-autorest recently switched from using the unmaintained dgrijalva/jwt-go to a newly maintained fork, form3tech-oss/jwt-go. Azure/go-autorest is the only coredns dependency that required dgrijalva/jwt-go, which has recently been identified as vulnerable via CVE-2020-26160. While Azure/go-autorest did not make use of any of the vulnerable code in dgrijalva/jwt-go, this bump essentially removes dgrijalva/jwt-go from the vendor/ directory to prevent security auditing tools from raising concern over the not-needed vulnerable code.
sgreene570
force-pushed
the
bump-go-autorest
branch
from
a75b11e
to
283fd14
Compare
|
@Miciah updated this PR per your comments. Thanks! |
|
/retest |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Miciah, sgreene570 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
1 similar comment
|
/retest Please review the full test history for this PR and help us cut down flakes. |
Azure/go-autorest recently switched from using the unmaintained dgrijalva/jwt-go to a newly maintained fork, form3tech-oss/jwt-go.
Azure/go-autorest is the only coredns dependency that required dgrijalva/jwt-go, which has recently been identified as vulnerable via CVE-2020-26160. While Azure/go-autorest did not make use of any of the vulnerable code in dgrijalva/jwt-go, this bump essentially removes dgrijalva/jwt-go from the vendor/ directory to prevent security auditing tools from raising concern over the not-needed vulnerable code.
This PR also fixes the
corednsbinary regex in the.gitignore. The prior regex (^coredns$) was not working for me on my system for some reason.