Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-1.10] bump grpc to v1.56.3 (addressing CVE-2023-44487) #14580

Merged
merged 2 commits into from
Nov 1, 2023
Merged

[release-1.10] bump grpc to v1.56.3 (addressing CVE-2023-44487) #14580

merged 2 commits into from
Nov 1, 2023

Conversation

jsanin-vmw
Copy link

Addressing GHSA-m425-mq94-257g

Proposed Changes

@knative-prow Knative Prow
Copy link

knative-prow bot commented Nov 1, 2023

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@knative-prow knative-prow bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Nov 1, 2023
@knative-prow knative-prow bot requested review from KauzClay and pradnyavmw November 1, 2023 15:19
@jsanin-vmw jsanin-vmw force-pushed the js-upgrade-grpc-v1-56-3-on-kn1-10 branch from b4986b2 to 8ccbf02 Compare November 1, 2023 15:30
@codecov Codecov
Copy link

codecov bot commented Nov 1, 2023
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (101f814) 86.21% compared to head (506dd20) 86.28%.
Report is 1 commits behind head on release-1.10.

Additional details and impacted files 
@@               Coverage Diff                @@
##           release-1.10   #14580      +/-   ##
================================================
+ Coverage         86.21%   86.28%   +0.06%     
================================================
  Files               199      199              
  Lines             14768    14768              
================================================
+ Hits              12732    12742      +10     
+ Misses             1734     1726       -8     
+ Partials            302      300       -2

see 5 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@jsanin-vmw jsanin-vmw changed the title Upgrade grpc v1.56.3 on kn1.10 [release-1.10] bump grpc to v1.56.3 (addressing CVE-2023-44487) Nov 1, 2023
@jsanin-vmw jsanin-vmw marked this pull request as ready for review November 1, 2023 16:16
@knative-prow knative-prow bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 1, 2023
@jsanin-vmw
Copy link
Author

/retest

2 similar comments
@jsanin-vmw
Copy link
Author

/retest

@krsna-m
Copy link
Contributor

krsna-m commented Nov 1, 2023

/retest

@krsna-m
Copy link
Contributor

krsna-m commented Nov 1, 2023

@jsanin-vmw looks like the diff is not happy please see https://github.com/knative/serving/actions/runs/6723177806/job/18272682118?pr=14580. Maybe your editor is adding/removing newlines to the content hack/codegen.sh is producing?

dprotaso
dprotaso reviewed Nov 1, 2023
View reviewed changes
go.mod Show resolved Hide resolved
@jsanin-vmw jsanin-vmw force-pushed the js-upgrade-grpc-v1-56-3-on-kn1-10 branch from 592a952 to 506dd20 Compare November 1, 2023 19:02
@jsanin-vmw
Copy link
Author

@kvmware just pushed a missing file under third-party that was created after running codegen

@dprotaso
Copy link
Member

dprotaso commented Nov 1, 2023

/lgtm
/approve

@knative-prow knative-prow bot added the lgtm Indicates that a PR is ready to be merged. label Nov 1, 2023
@knative-prow Knative Prow
Copy link

knative-prow bot commented Nov 1, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dprotaso, jsanin-vmw

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@knative-prow knative-prow bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 1, 2023
@knative-prow knative-prow bot merged commit 60ee8de into knative:release-1.10 Nov 1, 2023
54 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@krsna-m krsna-m krsna-m left review comments

@dprotaso dprotaso dprotaso left review comments

@KauzClay KauzClay Awaiting requested review from KauzClay

@pradnyavmw pradnyavmw Awaiting requested review from pradnyavmw

Assignees

@dprotaso dprotaso

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/networking lgtm Indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jsanin-vmw @krsna-m @dprotaso