Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

operator: Bump deps to address CVE-2023-39325 and CVE-2023-44487 #10874

Merged
merged 3 commits into from
Oct 12, 2023
Merged

operator: Bump deps to address CVE-2023-39325 and CVE-2023-44487 #10874

merged 3 commits into from
Oct 12, 2023

Conversation

periklis
Copy link
Collaborator

@periklis periklis commented Oct 12, 2023
edited
Loading

What this PR does / why we need it:
To address CVE-2023-39325

  • Update golang/x/net from 0.14.0 to 0.17.0

To address CVE-2023-44487

  • Bump golang builders from 1.20.6 to 1.20.10.

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:

Checklist

  • Reviewed the CONTRIBUTING.md guide (required)
  • Documentation added
  • Tests updated
  • CHANGELOG.md updated
    • If the change is worth mentioning in the release notes, add add-to-release-notes label
  • Changes that require user attention or interaction to upgrade are documented in docs/sources/setup/upgrade/_index.md
  • For Helm chart changes bump the Helm chart version in production/helm/loki/Chart.yaml and update production/helm/loki/CHANGELOG.md and production/helm/loki/README.md. Example PR

@periklis periklis self-assigned this Oct 12, 2023
@periklis periklis requested review from xperimental and a team as code owners October 12, 2023 13:51
@periklis periklis force-pushed the operator-cve-2023-39325 branch from 5404675 to c46898e Compare October 12, 2023 13:55
@periklis periklis force-pushed the operator-cve-2023-39325 branch from c46898e to 851afb1 Compare October 12, 2023 17:49
@periklis periklis merged commit 6b16d54 into grafana:main Oct 12, 2023
9 checks passed
xperimental pushed a commit to xperimental/loki that referenced this pull request Oct 13, 2023
@periklis @xperimental
operator: Bump deps to address CVE-2023-39325 and CVE-2023-44487 (gra…
fcc732b 
…fana#10874)
This was referenced Oct 13, 2023
Merged
Merged
Merged
rhnasc pushed a commit to inloco/loki that referenced this pull request Apr 12, 2024
@periklis @rhnasc
operator: Bump deps to address CVE-2023-39325 and CVE-2023-44487 (gra…
9694df9 
…fana#10874)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ashwanthgoli ashwanthgoli ashwanthgoli approved these changes

@xperimental xperimental Awaiting requested review from xperimental xperimental is a code owner

Assignees

@periklis periklis

Labels
sig/operator size/M
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@periklis @ashwanthgoli