Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

br: security update br image:1.18.1-alpine to 1.18.9-alpine (#40863) #41390

Merged
merged 2 commits into from
Mar 30, 2023
Merged

br: security update br image:1.18.1-alpine to 1.18.9-alpine (#40863) #41390

merged 2 commits into from
Mar 30, 2023

Conversation

ti-chi-bot
Copy link
Member

This is an automated cherry-pick of #40863

What problem does this PR solve?

Issue Number: ref #39052

Problem Summary:

There are serveral critical vulnerabilities detected in this repository, which located in br/docker/Dockerfile. Now we recommand upgrading the base image of this dockerfile to avoid vulnerabilities.

What is changed and how it works?

Changed the base image of br:

  • br/docker/Dockerfile
  • We recommend upgrading to golang:1.18.9-alpine, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No code

Side effects

  • Performance regression: Consumes more CPU
  • Performance regression: Consumes more Memory
  • Breaking backward compatibility

Documentation

  • Affects user behaviors
  • Contains syntax changes
  • Contains variable changes
  • Contains experimental features
  • Changes MySQL compatibility

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

Just upgrade the base image of BR tool, to fix known vulnerabilities. 
If possible, you can upgrade the base image under the br directory of all branches to this version.

/cc @xhebox ,PTAL

@xiabee @ti-chi-bot
This is an automated cherry-pick of pingcap#40863
7b33b18 
Signed-off-by: ti-chi-bot <ti-community-prow-bot@tidb.io>
@ti-chi-bot
Copy link
Member Author

ti-chi-bot commented Feb 14, 2023
edited
Loading

[REVIEW NOTIFICATION]

This pull request has been approved by:

  • 3pointer
  • BornChanger

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@ti-chi-bot ti-chi-bot mentioned this pull request Feb 14, 2023
Merged
12 tasks
@ti-chi-bot ti-chi-bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. do-not-merge/cherry-pick-not-approved size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. type/cherry-pick-for-release-6.1 This PR is cherry-picked to release-6.1 from a source PR. labels Feb 14, 2023
@xiabee
Copy link
Member

xiabee commented Feb 15, 2023

/cc @xhebox
/assign @3pointer
PTAL

@VelocityLight VelocityLight added cherry-pick-approved Cherry pick PR approved by release team. and removed do-not-merge/cherry-pick-not-approved labels Feb 28, 2023
@ti-chi-bot ti-chi-bot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Mar 30, 2023
@ti-chi-bot ti-chi-bot added the status/LGT1 Indicates that a PR has LGTM 1. label Mar 30, 2023
@3pointer
Copy link
Contributor

/retest

@ti-chi-bot ti-chi-bot added status/LGT2 Indicates that a PR has LGTM 2. and removed status/LGT1 Indicates that a PR has LGTM 1. labels Mar 30, 2023
@3pointer
Copy link
Contributor

/merge

@ti-chi-bot
Copy link
Member Author

This pull request has been accepted and is ready to merge.

Commit hash: 87caa31

@ti-chi-bot ti-chi-bot added the status/can-merge Indicates a PR has been approved by a committer. label Mar 30, 2023
@3pointer
Copy link
Contributor

/rebuild

@3pointer
Copy link
Contributor

/test unit-test

@ti-chi-bot ti-chi-bot merged commit a991ae5 into pingcap:release-6.1 Mar 30, 2023
@ti-chi-bot ti-chi-bot removed the cherry-pick-approved Cherry pick PR approved by release team. label Jul 12, 2023
@ti-chi-bot ti-chi-bot added the cherry-pick-approved Cherry pick PR approved by release team. label Jul 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BornChanger BornChanger BornChanger approved these changes

@3pointer 3pointer 3pointer approved these changes

@xhebox xhebox Awaiting requested review from xhebox

Assignees

@3pointer 3pointer

@xiabee xiabee

Labels
cherry-pick-approved Cherry pick PR approved by release team. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. status/can-merge Indicates a PR has been approved by a committer. status/LGT2 Indicates that a PR has LGTM 2. type/cherry-pick-for-release-6.1 This PR is cherry-picked to release-6.1 from a source PR.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ti-chi-bot @xiabee @3pointer @BornChanger @VelocityLight