-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(deps): bumped dependencies versions to resolve CVEs #13789
Conversation
8794e47
to
ee221a4
Compare
…/azidentity versions to resolve CVE-2023-42364, CVE-2023-42363, CVE-2023-45288, CVE-2024-35255, CVE-2023-42366, CVE-2023-42365, CVE-2024-24790, CVE-2024-24789. Signed-off-by: Vladyslav Diachenko <vlad.diachenko@grafana.com>
ee221a4
to
eb02637
Compare
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new branch
git switch --create backport-13789-to-release-2.9.x origin/release-2.9.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x 34206cd2d6290566034710ae6c2d08af8804bc91 When the conflicts are resolved, stage and commit the changes:
If you have the GitHub CLI installed: # Push the branch to GitHub:
git push --set-upstream origin backport-13789-to-release-2.9.x
# Create the PR body template
PR_BODY=$(gh pr view 13789 --json body --template 'Backport 34206cd2d6290566034710ae6c2d08af8804bc91 from #13789{{ "\n\n---\n\n" }}{{ index . "body" }}')
# Create the PR on GitHub
echo "${PR_BODY}" | gh pr create --title 'chore: [release-2.9.x] fix(deps): bumped dependencies versions to resolve CVEs' --body-file - --label 'size/L' --label 'sig/operator' --label 'area/helm' --label 'product-approved' --label 'backport' --base release-2.9.x --milestone release-2.9.x --web Or, if you don't have the GitHub CLI installed (we recommend you install it!): # Push the branch to GitHub:
git push --set-upstream origin backport-13789-to-release-2.9.x
# Create a pull request where the `base` branch is `release-2.9.x` and the `compare`/`head` branch is `backport-13789-to-release-2.9.x`.
# Remove the local backport branch
git switch main
git branch -D backport-13789-to-release-2.9.x |
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new branch
git switch --create backport-13789-to-release-3.0.x origin/release-3.0.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x 34206cd2d6290566034710ae6c2d08af8804bc91 When the conflicts are resolved, stage and commit the changes:
If you have the GitHub CLI installed: # Push the branch to GitHub:
git push --set-upstream origin backport-13789-to-release-3.0.x
# Create the PR body template
PR_BODY=$(gh pr view 13789 --json body --template 'Backport 34206cd2d6290566034710ae6c2d08af8804bc91 from #13789{{ "\n\n---\n\n" }}{{ index . "body" }}')
# Create the PR on GitHub
echo "${PR_BODY}" | gh pr create --title 'chore: [release-3.0.x] fix(deps): bumped dependencies versions to resolve CVEs' --body-file - --label 'size/L' --label 'sig/operator' --label 'area/helm' --label 'product-approved' --label 'backport' --base release-3.0.x --milestone release-3.0.x --web Or, if you don't have the GitHub CLI installed (we recommend you install it!): # Push the branch to GitHub:
git push --set-upstream origin backport-13789-to-release-3.0.x
# Create a pull request where the `base` branch is `release-3.0.x` and the `compare`/`head` branch is `backport-13789-to-release-3.0.x`.
# Remove the local backport branch
git switch main
git branch -D backport-13789-to-release-3.0.x |
What this PR does / why we need it:
upgraded loki-build-image, alpine and azure-sdk-for-go/sdk/azidentity versions to resolve CVE-2023-42364, CVE-2023-42363, CVE-2023-45288, CVE-2024-35255, CVE-2023-42366, CVE-2023-42365, CVE-2024-24790, CVE-2024-24789.
Special notes for your reviewer:
Checklist
CONTRIBUTING.md
guide (required)feat
PRs are unlikely to be accepted unless a case can be made for the feature actually being a bug fix to existing behavior.docs/sources/setup/upgrade/_index.md
production/helm/loki/Chart.yaml
and updateproduction/helm/loki/CHANGELOG.md
andproduction/helm/loki/README.md
. Example PRdeprecated-config.yaml
anddeleted-config.yaml
files respectively in thetools/deprecated-config-checker
directory. Example PR