Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix NET-704 CVEs (backport to 1.0.x) #2225

Merged
merged 2 commits into from
Jun 1, 2023
Merged

Fix NET-704 CVEs (backport to 1.0.x) #2225

merged 2 commits into from
Jun 1, 2023

Conversation

t-eckert
Copy link
Contributor

@t-eckert t-eckert commented May 31, 2023
edited
Loading

Manual backport of #2196

Changes proposed in this PR:

  • Fixes the CVEs noted in NET-704

How I've tested this PR:

How I expect reviewers to test this PR:

Checklist:

  • Tests added
  • CHANGELOG entry added

    HashiCorp engineers only, community PRs should not add a changelog entry.
    Entries should use present tense (e.g. Add support for...)

@t-eckert t-eckert changed the title Fix NET-704 CVEs (backport) Fix NET-704 CVEs (backport to 1.0.x) May 31, 2023
@t-eckert t-eckert added the pr/no-backport signals that a PR will not contain a backport label label May 31, 2023
@t-eckert t-eckert marked this pull request as ready for review May 31, 2023 18:58
@david-yu
Copy link
Contributor

Thank you, I appreciate you doing this this helps us sustain both 1.0.x and 1.1.x for their lifecycle.

curtbushko
curtbushko approved these changes Jun 1, 2023
View reviewed changes
Copy link
Contributor

@curtbushko curtbushko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for doing these backports!

@t-eckert
Copy link
Contributor Author

t-eckert commented Jun 1, 2023

I think the test failures are just flakiness. It looks like the usual culprits are failing for the usual reasons. I'll run it once more to see if I get lucky on this roll.

How do we feel about merging even if those flakey tests are failing? 👍🏻 or 👎🏻?

@andrewstucki
Copy link
Contributor

Yeah, from the logs, looks like it's all "api unavailable" errors which randomly like to happen when test Consul instances don't come up fast enough in the integration tests. I'd be fine merging still:

    command_test.go:175: 
        	Error Trace:	/home/runner/actions-runner/_work/consul-k8s-workflows/consul-k8s-workflows/control-plane/subcommand/get-consul-client-ca/command_test.go:175
        	            				/home/runner/actions-runner/_work/consul-k8s-workflows/consul-k8s-workflows/control-plane/subcommand/get-consul-client-ca/asm_amd64.s:1594
        	Error:      	Received unexpected error:
        	            	api unavailable
        	Test:       	TestRun_ConsulServerAvailableLater

@t-eckert t-eckert merged commit 5d38e0a into release/1.0.x Jun 1, 2023
@t-eckert t-eckert deleted the fix-cves-in-backport branch June 1, 2023 15:26
@natitomattis natitomattis mentioned this pull request Jun 20, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@curtbushko curtbushko curtbushko approved these changes

@andrewstucki andrewstucki andrewstucki approved these changes

@david-yu david-yu Awaiting requested review from david-yu

Assignees
No one assigned
Labels
pr/no-backport signals that a PR will not contain a backport label
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@t-eckert @david-yu @andrewstucki @curtbushko