Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix http/2 CVE #94

Merged
merged 3 commits into from
Oct 17, 2023
Merged

Fix http/2 CVE #94

merged 3 commits into from
Oct 17, 2023

Conversation

razo7
Copy link
Member

@razo7 razo7 commented Oct 17, 2023

Use golang.org/x/net v0.17.0 and updated k8s.io/apimachinery to fix http/2 CVE

@razo7
Update golang.org/x/net
529e737 
golang.org/x/net v0.17.0 has fixes for http/2 CVE
@razo7
Update k8s.io/[email protected]
d72afd9 
Run 'go get k8s.io/[email protected]' for updating go.mod and fixing http/2 CVE
@razo7
Run make go-verify
e1aa5a5 
Add missing and remove unused modules, make vendored copy of dependencies, and verify dependencies have expected content
@razo7
Copy link
Member Author

razo7 commented Oct 17, 2023

/retest

@razo7
Copy link
Member Author

razo7 commented Oct 17, 2023

/cherry-pick release-0.2

@openshift-cherrypick-robot
Copy link

@razo7: once the present PR merges, I will cherry-pick it on top of release-0.2 in a new PR and assign it to you.

In response to this:

/cherry-pick release-0.2

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@razo7
Copy link
Member Author

razo7 commented Oct 17, 2023

/approve

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 17, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: razo7

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@slintes
Copy link
Member

slintes commented Oct 17, 2023

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Oct 17, 2023
@slintes
Copy link
Member

slintes commented Oct 17, 2023

flaky test

/override ci/prow/4.12-openshift-e2e

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 17, 2023

@slintes: Overrode contexts on behalf of slintes: ci/prow/4.12-openshift-e2e

In response to this:

flaky test

/override ci/prow/4.12-openshift-e2e

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot merged commit 7021a26 into medik8s:main Oct 17, 2023
18 checks passed
@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Oct 17, 2023
Merged
@openshift-cherrypick-robot
Copy link

@razo7: new pull request created: #96

In response to this:

/cherry-pick release-0.2

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@razo7 razo7 deleted the fix-http/2-cve branch January 7, 2024 12:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clobrano clobrano Awaiting requested review from clobrano

@mshitrit mshitrit Awaiting requested review from mshitrit

Assignees

@slintes slintes

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@razo7 @openshift-cherrypick-robot @slintes