Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update grpc to fix CVEs #1434

Merged
merged 2 commits into from
Nov 7, 2023
Merged

Update grpc to fix CVEs #1434

merged 2 commits into from
Nov 7, 2023

Conversation

dfarrell07
Copy link
Member

Update generated by go get -u google.golang.org/grpc/go mod tidy.

Fixes GHSA-m425-mq94-257g and GHSA-qppj-fm5r-hxr3.

@dfarrell07 dfarrell07 self-assigned this Nov 7, 2023
@submariner-bot
Copy link
Contributor

🤖 Created branch: z_pr1434/dfarrell07/grpc_cve16
🚀 Full E2E won't run until the "ready-to-test" label is applied. I will add it automatically once the PR has 2 approvals, or you can add it manually.

@dfarrell07 dfarrell07 mentioned this pull request Nov 7, 2023
Closed
@dfarrell07
Copy link
Member Author

go mod tidy undoes the update...

@dfarrell07
Copy link
Member Author

Oh it's in the coredns submodule, that must be why. Trying again.

@dfarrell07
Update grpc to fix CVEs
0e1502f 
Update generated by `go get -u google.golang.org/grpc`/`go mod tidy`.

Fixes GHSA-m425-mq94-257g and GHSA-qppj-fm5r-hxr3.

Signed-off-by: Daniel Farrell <[email protected]>
@tpantelis tpantelis added the ready-to-test When a PR is ready for full E2E testing label Nov 7, 2023
@dfarrell07
Copy link
Member Author

E2E (operator, globalnet, 1.25) failed, re-running.

@dfarrell07
Copy link
Member Author

E2E (operator, globalnet, 1.25) failed, re-running.

E2E (operator, globalnet, 1.25) failed again.

@tpantelis
Copy link
Contributor

E2E (operator, globalnet, 1.25) failed again.

It panics due to the shipyard issue. Need to bump shipyard version as well.

@dfarrell07
Copy link
Member Author

E2E (operator, globalnet, 1.25) failed, re-running.

E2E (operator, globalnet, 1.25) failed again.

It looks like it was failing yesterday too and we merged over it. #1433

@dfarrell07
Update Shipyard to fix Globalnet CI
303f20b 
Update geneated by

```
go get -u github.com/submariner-io/[email protected]
go mod tidy
```

Signed-off-by: Daniel Farrell <[email protected]>
@dfarrell07
Copy link
Member Author

E2E (operator, globalnet, 1.25) failed again.

It panics due to the shipyard issue. Need to bump shipyard version as well.

Added a Shipyard bump commit 🤞

@dfarrell07 dfarrell07 enabled auto-merge (rebase) November 7, 2023 16:54
@dfarrell07 dfarrell07 merged commit e85fd88 into submariner-io:release-0.16 Nov 7, 2023
24 checks passed
@submariner-bot
Copy link
Contributor

🤖 Closed branches: [z_pr1434/dfarrell07/grpc_cve16]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tpantelis tpantelis tpantelis approved these changes

@aswinsuryan aswinsuryan aswinsuryan approved these changes

@Oats87 Oats87 Awaiting requested review from Oats87 Oats87 is a code owner

@skitt skitt Awaiting requested review from skitt skitt is a code owner

@sridhargaddam sridhargaddam Awaiting requested review from sridhargaddam sridhargaddam is a code owner

@vthapar vthapar Awaiting requested review from vthapar vthapar is a code owner

Assignees

@dfarrell07 dfarrell07

Labels
ready-to-test When a PR is ready for full E2E testing security
Projects
No open projects
Submariner 0.17
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dfarrell07 @submariner-bot @tpantelis @aswinsuryan