From 4870fad6b0c45ce662b6f6edec6df6fcb47149f1 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts@users.noreply.github.com> Date: Thu, 27 Feb 2025 15:21:36 +0000 Subject: [PATCH 1/2] gitlab-runner-17.8/17.8.3-r3: fix GHSA-c6gw-w398-hv78 --- gitlab-runner-17.8.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gitlab-runner-17.8.yaml b/gitlab-runner-17.8.yaml index 0b6e1e975a2..e50acc41c7c 100644 --- a/gitlab-runner-17.8.yaml +++ b/gitlab-runner-17.8.yaml @@ -14,7 +14,7 @@ package: name: gitlab-runner-17.8 # ---Additional updates required--- Review 'vars' section (above), when reviewing version bumps. version: 17.8.3 - epoch: 3 + epoch: 4 description: GitLab Runner is the open source project that is used to run your CI/CD jobs and send the results back to GitLab copyright: - license: MIT @@ -79,6 +79,7 @@ pipeline: github.com/golang-jwt/jwt/v4@v4.5.1 golang.org/x/crypto@v0.31.0 golang.org/x/net@v0.33.0 + github.com/go-jose/go-jose/v3@v3.0.4 modroot: ./machine - uses: go/build From 5a7867517b156f8c7d875d51ef55d1da2c03a11b Mon Sep 17 00:00:00 2001 From: Hector Fernandez Date: Thu, 27 Feb 2025 19:16:40 +0100 Subject: [PATCH 2/2] add missing gobump step Signed-off-by: Hector Fernandez Signed-off-by: hectorj2f --- gitlab-runner-17.8.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/gitlab-runner-17.8.yaml b/gitlab-runner-17.8.yaml index e50acc41c7c..f100939bdbc 100644 --- a/gitlab-runner-17.8.yaml +++ b/gitlab-runner-17.8.yaml @@ -29,6 +29,11 @@ pipeline: tag: v${{package.version}} expected-commit: 690ce25c4e607e5f993cf439439ad6acc77952ba + - uses: go/bump + with: + deps: |- + github.com/go-jose/go-jose/v3@v3.0.4 + - name: Verify base-images-tag matches the expected upstream value runs: | # Ensure the expected tag used of the base images align with upstream. @@ -79,7 +84,6 @@ pipeline: github.com/golang-jwt/jwt/v4@v4.5.1 golang.org/x/crypto@v0.31.0 golang.org/x/net@v0.33.0 - github.com/go-jose/go-jose/v3@v3.0.4 modroot: ./machine - uses: go/build