Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NETOBSERV-1308: fix minor vulnerabilities with location db #576

Merged
merged 1 commit into from
Jan 30, 2024
Merged

NETOBSERV-1308: fix minor vulnerabilities with location db #576

merged 1 commit into from
Jan 30, 2024

Conversation

jotak
Copy link
Member

@jotak jotak commented Jan 25, 2024

  • Do not use Insecure TLS
  • Add client timeout
  • Unexport a few variables

Description

Dependencies

n/a

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

  • Will this change affect NetObserv / Network Observability operator? If not, you can ignore the rest of this checklist.
  • Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
  • Does this PR require product documentation?
    • If so, make sure the JIRA epic is labelled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
  • Does this PR require a product release notes entry?
    • If so, fill in "Release Note Text" in the JIRA.
  • Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
    • If so, make sure it is described in the JIRA ticket.
  • QE requirements (check 1 from the list):
    • Standard QE validation, with pre-merge tests unless stated otherwise.
    • Regression tests only (e.g. refactoring with no user-facing change).
    • No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

@jotak
NETOBSERV-1308: fix minor vulnerabilities with location db
83da808 
- Do not use Insecure TLS
- Add client timeout
- Unexport a few variables
@openshift-ci-robot
Copy link
Collaborator

openshift-ci-robot commented Jan 25, 2024
edited by openshift-ci bot

@jotak: This pull request references NETOBSERV-1308 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.16.0" version, but no target version was set.

In response to this:

  • Do not use Insecure TLS
  • Add client timeout
  • Unexport a few variables

Description

Dependencies

n/a

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

  • Will this change affect NetObserv / Network Observability operator? If not, you can ignore the rest of this checklist.
  • Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
  • Does this PR require product documentation?
  • If so, make sure the JIRA epic is labelled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
  • Does this PR require a product release notes entry?
  • If so, fill in "Release Note Text" in the JIRA.
  • Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
  • If so, make sure it is described in the JIRA ticket.
  • QE requirements (check 1 from the list):
  • Standard QE validation, with pre-merge tests unless stated otherwise.
  • Regression tests only (e.g. refactoring with no user-facing change).
  • No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jan 25, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from jotak. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@codecov Codecov
Copy link

codecov bot commented Jan 25, 2024
edited

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (40b6948) 65.80% compared to head (83da808) 65.75%.
Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #576      +/-   ##
==========================================
- Coverage   65.80%   65.75%   -0.05%     
==========================================
  Files         102      102              
  Lines        7445     7444       -1     
==========================================
- Hits         4899     4895       -4     
- Misses       2256     2258       +2     
- Partials      290      291       +1
Flag Coverage Δ
unittests 65.75% <100.00%> (-0.05%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@openshift-ci openshift-ci bot added the lgtm label Jan 26, 2024
@jotak
Copy link
Member Author

jotak commented Jan 29, 2024

/approve

@jotak jotak merged commit 9495480 into netobserv:main Jan 30, 2024
6 of 7 checks passed
@jotak jotak deleted the location-vuln branch February 8, 2024 09:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@OlivierCazade OlivierCazade OlivierCazade approved these changes

@KalmanMeth KalmanMeth Awaiting requested review from KalmanMeth

Assignees

@OlivierCazade OlivierCazade

Labels
jira/valid-reference lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jotak @openshift-ci-robot @OlivierCazade