-
Notifications
You must be signed in to change notification settings - Fork 445
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OCPTOOLS-320: Bump github.com/containers/podman/v4 from 4.7.1 to 4.9.4 #1789
Conversation
Fixes the following CVE(s): * CVE-2024-24786 * CVE-2024-28180
@sayan-biswas: This pull request references OCPTOOLS-320 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "4.16.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
@sayan-biswas: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
github.com/fsnotify/fsnotify v1.6.0 // indirect | ||
github.com/go-jose/go-jose/v3 v3.0.0 // indirect | ||
github.com/fsnotify/fsnotify v1.7.0 // indirect | ||
github.com/go-jose/go-jose/v3 v3.0.1 // indirect |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Following advisory GHSA-c5q2-7r4c-mv6g, I'm wondering if it should've been upgraded to the patched version 3.0.3
. But I see this is an indirect dependency.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right. Makes more sense to update to the patched version. But this PR is merged, will have to open another one.
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ramessesii2, sayan-biswas The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/docs-approved |
bbec217
into
openshift:master
/refresh |
/cherry-pick release-4.15 |
/label backport-risk-assessed |
/cherry-pick release-4.15 |
/jira refresh |
It seems cherry-pick is not working |
Fixes the following CVE(s):