Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-1.3] 🌱 Bump google.golang.org/grpc to v1.55.0 #8971

Merged
merged 1 commit into from
Jul 6, 2023
Merged

[release-1.3] 🌱 Bump google.golang.org/grpc to v1.55.0 #8971

merged 1 commit into from
Jul 6, 2023

Conversation

sbueringer
Copy link
Member

@sbueringer sbueringer commented Jul 6, 2023
edited

Signed-off-by: Stefan Büringer buringerst@vmware.com

What this PR does / why we need it:

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):

Fixes CVE GHSA-cfgp-2977-2fmm

┌────────────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐
│        Library         │ Vulnerability  │ Severity │ Installed Version │ Fixed Version │                   Title                    │
├────────────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤
│ google.golang.org/grpc │ CVE-2023-32731 │ HIGH     │ v1.52.0           │ 1.53.0        │ sensitive information disclosure           │
│                        │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-32731 │
└────────────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘

@sbueringer
Bump google.golang.org/grpc to v1.55.0
8846148 
Signed-off-by: Stefan Büringer buringerst@vmware.com
@k8s-ci-robot k8s-ci-robot added this to the v1.3 milestone Jul 6, 2023
@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jul 6, 2023
@k8s-ci-robot k8s-ci-robot added the size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. label Jul 6, 2023
killianmuldoon
killianmuldoon reviewed Jul 6, 2023
View reviewed changes
Copy link
Contributor

@killianmuldoon killianmuldoon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 6, 2023
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 81871fa134530ae8154f52d673b862823eecc14d

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: killianmuldoon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 6, 2023
@k8s-ci-robot k8s-ci-robot merged commit eb32978 into kubernetes-sigs:release-1.3 Jul 6, 2023
15 checks passed
@killianmuldoon
Copy link
Contributor

/area dependency

@k8s-ci-robot k8s-ci-robot added the area/dependency Issues or PRs related to dependency changes label Jul 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@killianmuldoon killianmuldoon killianmuldoon left review comments

@chrischdi chrischdi Awaiting requested review from chrischdi

@enxebre enxebre Awaiting requested review from enxebre

Assignees

@killianmuldoon killianmuldoon

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/dependency Issues or PRs related to dependency changes cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Milestone
v1.3
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@sbueringer @k8s-ci-robot @killianmuldoon