Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCPTOOLS-320: Bump github.com/containers/podman/v4 from 4.7.1 to 4.9.4 #1789

Merged
merged 1 commit into from
May 6, 2024
Merged

OCPTOOLS-320: Bump github.com/containers/podman/v4 from 4.7.1 to 4.9.4 #1789

merged 1 commit into from
May 6, 2024

Conversation

sayan-biswas
Copy link
Contributor

@sayan-biswas sayan-biswas commented May 3, 2024
edited

Fixes the following CVE(s):

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label May 3, 2024
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented May 3, 2024
edited by openshift-ci bot

@sayan-biswas: This pull request references OCPTOOLS-320 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "4.16.0" version, but no target version was set.

In response to this:

Fixes the following CVE(s):

  • CVE-2024-24786
  • CVE-2024-28180

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 3, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented May 3, 2024

@sayan-biswas: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/security 7020638 link false /test security

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

ramessesii2
ramessesii2 approved these changes May 6, 2024
View reviewed changes
Copy link
Member

@ramessesii2 ramessesii2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

go.mod
github.com/fsnotify/fsnotify v1.6.0 // indirect
github.com/go-jose/go-jose/v3 v3.0.0 // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/go-jose/go-jose/v3 v3.0.1 // indirect
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Following advisory GHSA-c5q2-7r4c-mv6g, I'm wondering if it should've been upgraded to the patched version 3.0.3. But I see this is an indirect dependency.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right. Makes more sense to update to the patched version. But this PR is merged, will have to open another one.

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label May 6, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented May 6, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ramessesii2, sayan-biswas

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [ramessesii2,sayan-biswas]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ramessesii2
Copy link
Member

/docs-approved
/px-approved
/qe-approved

@openshift-merge-bot openshift-merge-bot bot merged commit bbec217 into openshift:master May 6, 2024
7 of 8 checks passed
@ramessesii2
Copy link
Member

/refresh

@ramessesii2
Copy link
Member

/cherry-pick release-4.15

@ramessesii2 ramessesii2 mentioned this pull request May 8, 2024
Merged
@sayan-biswas
Copy link
Contributor Author

/label backport-risk-assessed
/label cherry-pick-approved
/label px-approved
/label docs-approved
/label qe-approved

@openshift-ci openshift-ci bot added backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. px-approved Signifies that Product Support has signed off on this PR docs-approved Signifies that Docs has signed off on this PR qe-approved Signifies that QE has signed off on this PR labels May 8, 2024
@sayan-biswas
Copy link
Contributor Author

/cherry-pick release-4.15

@sayan-biswas
Copy link
Contributor Author

/jira refresh

@avinal
Copy link
Member

avinal commented May 8, 2024

It seems cherry-pick is not working

This was referenced May 8, 2024
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ramessesii2 ramessesii2 ramessesii2 approved these changes

@apoorvajagtap apoorvajagtap Awaiting requested review from apoorvajagtap

@avinal avinal Awaiting requested review from avinal

Assignees

@ramessesii2 ramessesii2

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. docs-approved Signifies that Docs has signed off on this PR jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. px-approved Signifies that Product Support has signed off on this PR qe-approved Signifies that QE has signed off on this PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@sayan-biswas @openshift-ci-robot @ramessesii2 @avinal