-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BUG 2312515: CVE-2024-6104 cephcsi-container: go-retryablehttp: url might write sensitive information to log file #381
base: release-4.12
Are you sure you want to change the base?
Conversation
@iPraveenParihar: This pull request references Bugzilla bug 2312515, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Bumps [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) from 0.7.1 to 0.7.7. - [Changelog](https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md) - [Commits](hashicorp/go-retryablehttp@v0.7.1...v0.7.7) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-retryablehttp dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit 2131a84)
b235408
to
d340889
Compare
/hold Before fixing 4.12, make sure all newer versions have the fixes too already. We have templates for backport PRs, see the redhat/README.md. |
@nixpanic, backport PRs were already created & merged to newer versions (4.17 to 4.13). |
Thanks, in the future, use the backport tempate for the PR, so that it is clear the whole process is followed. /unhold |
I have cherry-picked around 6 commits related to lint failures. And not sure still how many needed to make lint CI green ✅. WDYT? |
In most of the cases we will try to fix it but not like we pick more commits and it's not getting fixed like this, we can make an exception for pretty older releases and do what is only required and get it merged. |
b7f1f21
to
d796f8a
Compare
Creating the test container-image seems to be problematic. Can you check if a fix for that can be backported as well? I can be as part of this PR, so that CI jobs provide some confidence of the build. |
@iPraveenParihar , you probably need ceph#3540 to get the CI to pass |
GitHub Workflows fail installing Helm if the `openssl` package is not available. Fedora 36 installs `openssl` by default, Fedora 37 does not. Signed-off-by: Niels de Vos <ndevos@redhat.com> (cherry picked from commit 774beef)
Since CentOS Stream 8 is EOL, this commit updates the config to use vault.centos.org for CentOS Stream 8. This should be removed once the base image (ceph) is updated to a version with a newer CentOS. Signed-off-by: Praveen M <m.praveen@ibm.com> (cherry picked from commit 5809628)
Thanks! CI jobs that are really required pass now. /approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: iPraveenParihar, nixpanic The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
@openshift-bot: This pull request references Bugzilla bug 2312515, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
@openshift-bot: This pull request references Bugzilla bug 2312515, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
@openshift-bot: This pull request references Bugzilla bug 2312515, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
@openshift-bot: This pull request references Bugzilla bug 2312515, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
@openshift-bot: This pull request references Bugzilla bug 2312515, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
@openshift-bot: This pull request references Bugzilla bug 2312515, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
@openshift-bot: This pull request references Bugzilla bug 2312515, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
@openshift-bot: This pull request references Bugzilla bug 2312515, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
@openshift-bot: This pull request references Bugzilla bug 2312515, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
@openshift-bot: This pull request references Bugzilla bug 2312515, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
9 similar comments
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
Bumps github.com/hashicorp/go-retryablehttp from 0.7.1 to 0.7.7.
updated-dependencies:
Signed-off-by: dependabot[bot] support@github.com
(cherry picked from commit 2131a84)
Describe what this PR does
Provide some context for the reviewer
Is there anything that requires special attention
Do you have any questions?
Is the change backward compatible?
Are there concerns around backward compatibility?
Provide any external context for the change, if any.
For example:
Related issues
Mention any github issues relevant to this PR. Adding below line
will help to auto close the issue once the PR is merged.
Fixes: #issue_number
Future concerns
List items that are not part of the PR and do not impact it's
functionality, but are work items that can be taken up subsequently.
Checklist:
guidelines in the developer
guide.
Request
notes
updated with breaking and/or notable changes for the next major release.
Show available bot commands
These commands are normally not required, but in case of issues, leave any of
the following bot commands in an otherwise empty comment in this PR:
/retest ci/centos/<job-name>
: retest the<job-name>
after unrelatedfailure (please report the failure too!)