Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCPTOOLS-436, OCPTOOLS-357, OCPTOOLS-432: CVE fixes #1818

Merged
merged 3 commits into from
May 8, 2024
Merged

OCPTOOLS-436, OCPTOOLS-357, OCPTOOLS-432: CVE fixes #1818

merged 3 commits into from
May 8, 2024

Conversation

ramessesii2
Copy link
Contributor

Fixes the following CVE(s):

Fixes included in this PR are cherry-picked from #1789 #1797 #1788 to resolve merge conflicts altogether.

@sayan-biswas @ramessesii2
OCPTOOLS-357: Bump github.com/opencontainers/runc from 1.1.10 to 1.1.12
aa956e1 
Fixes the following CVE(s):
* CVE-2024-21626

rh-pre-commit.version: 2.2.0
rh-pre-commit.check-secrets: ENABLED
@sayan-biswas @ramessesii2
OCPTOOLS-320: Bump github.com/containers/podman/v4 from 4.7.1 to 4.9.4
3f5b62a 
Fixes the following CVE(s):
* CVE-2024-24786
* CVE-2024-28180

rh-pre-commit.version: 2.2.0
rh-pre-commit.check-secrets: ENABLED
@sayan-biswas @ramessesii2
OCPTOOLS-280: Bump golang.org/x/crypto from 0.18.0 to 0.22.0
80b0c60 
rh-pre-commit.version: 2.2.0
rh-pre-commit.check-secrets: ENABLED
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label May 8, 2024
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented May 8, 2024
edited by openshift-ci bot
Loading

@ramessesii2: This pull request references OCPTOOLS-280 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target either version "4.13." or "openshift-4.13.", but it targets "4.16" instead.

In response to this:

Fixes the following CVE(s):

Fixes included in this PR are cherry-picked from #1789 #1797 #1788 to resolve merge conflicts altogether.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 8, 2024
@ramessesii2
Copy link
Contributor Author

/assign @sayan-biswas

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented May 8, 2024

@ramessesii2: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/security 80b0c60 link false /test security

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@sayan-biswas
Copy link
Contributor

/lgtm
/label backport-risk-assessed
/label cherry-pick-approved

@openshift-ci openshift-ci bot added backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. lgtm Indicates that a PR is ready to be merged. labels May 8, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented May 8, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ramessesii2, sayan-biswas

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [ramessesii2,sayan-biswas]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot bot merged commit ce2df2d into openshift:release-4.13 May 8, 2024
8 of 9 checks passed
@adambkaplan adambkaplan changed the title [release-4.13] OCPTOOLS-320, OCPTOOLS-357, OCPTOOLS-280: CVE fixes OCPTOOLS-320, OCPTOOLS-357, OCPTOOLS-432: CVE fixes May 14, 2024
@adambkaplan adambkaplan changed the title OCPTOOLS-320, OCPTOOLS-357, OCPTOOLS-432: CVE fixes OCPTOOLS-436, OCPTOOLS-357, OCPTOOLS-432: CVE fixes May 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ayushsatyam146 ayushsatyam146 Awaiting requested review from ayushsatyam146

@divyansh42 divyansh42 Awaiting requested review from divyansh42

Assignees

@sayan-biswas sayan-biswas

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ramessesii2 @openshift-ci-robot @sayan-biswas