Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Various updates to fix CVEs #2881

Merged
merged 3 commits into from
Nov 7, 2023
Merged

Various updates to fix CVEs #2881

merged 3 commits into from
Nov 7, 2023

Conversation

dfarrell07
Copy link
Member

See commit messages for details.

@dfarrell07
Update docker to fix GHSA-jq35-85cj-fj4p CVE
61d67ed 
Update generated by `go get -u github.com/docker/docker`/`go mod tidy`.

Flagged by Grype on the release-0.16 branch. Fixed in in 24.0.7.

Signed-off-by: Daniel Farrell <[email protected]>
@dfarrell07
Update grpc to fix GHSA-m425-mq94-257g CVE
f341353 
Update generated by `google.golang.org/grpc`/`go mod tidy`.

Flagged by Grype in grpc 1.55.0. Fixed in 1.56.3.

Signed-off-by: Daniel Farrell <[email protected]>
@dfarrell07
Update otelhttp to fix GHSA-rcjv-mgp8-qvmr CVE
1e9b8aa 
Update generated by

```
go get -u go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
go get -u go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
go mod tidy
```

Flagged by Grype in otelhttp 0.42.0. Fixed in 0.44.0.

Signed-off-by: Daniel Farrell <[email protected]>
@dfarrell07 dfarrell07 self-assigned this Nov 6, 2023
@submariner-bot
Copy link
Contributor

🤖 Created branch: z_pr2881/dfarrell07/http_cve16
🚀 Full E2E won't run until the "ready-to-test" label is applied. I will add it automatically once the PR has 2 approvals, or you can add it manually.

@dfarrell07 dfarrell07 mentioned this pull request Nov 7, 2023
Closed
@submariner-bot submariner-bot added the ready-to-test When a PR is ready for full E2E testing label Nov 7, 2023
@tpantelis tpantelis merged commit a9df23b into submariner-io:release-0.16 Nov 7, 2023
47 checks passed
@submariner-bot
Copy link
Contributor

🤖 Closed branches: [z_pr2881/dfarrell07/http_cve16]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tpantelis tpantelis tpantelis approved these changes

@Jaanki Jaanki Jaanki approved these changes

@Oats87 Oats87 Awaiting requested review from Oats87 Oats87 is a code owner

@skitt skitt Awaiting requested review from skitt skitt is a code owner

@sridhargaddam sridhargaddam Awaiting requested review from sridhargaddam sridhargaddam is a code owner

Assignees

@dfarrell07 dfarrell07

Labels
ready-to-test When a PR is ready for full E2E testing security
Projects
No open projects
Submariner 0.17
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dfarrell07 @submariner-bot @Jaanki @tpantelis