Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update golang.org/x/text to v0.3.3 #3458

Merged
merged 1 commit into from
Jul 22, 2020
Merged

Update golang.org/x/text to v0.3.3 #3458

merged 1 commit into from
Jul 22, 2020

Conversation

jmrodri
Copy link
Member

@jmrodri jmrodri commented Jul 18, 2020

Description of the change:
Pull in CVE-2020-14040 fixed by golang.org/x/text v0.3.3.

Motivation for the change:

Checklist

If the pull request includes user-facing changes, extra documentation is required:

@joelanford joelanford mentioned this pull request Jul 18, 2020
Closed
92 tasks
camilamacedo86
camilamacedo86 approved these changes Jul 18, 2020
View reviewed changes
Copy link
Contributor

@camilamacedo86 camilamacedo86 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catcher 👍

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Jul 18, 2020
@camilamacedo86 camilamacedo86 removed the lgtm Indicates that a PR is ready to be merged. label Jul 18, 2020
camilamacedo86
camilamacedo86 suggested changes Jul 18, 2020
View reviewed changes
Copy link
Contributor

@camilamacedo86 camilamacedo86 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cather 👍 . we need here to use the replace because it is added indirectly by others deps that we cannot upgrade now just to solve the CEV. (go mod graph | grep golang.org/x/text)

camilamacedo86
camilamacedo86 reviewed Jul 18, 2020
View reviewed changes
go.mod Outdated
@@ -54,5 +54,6 @@ require (
replace (
github.com/Azure/go-autorest => github.com/Azure/go-autorest v13.3.2+incompatible // Required by OLM
github.com/mattn/go-sqlite3 => github.com/mattn/go-sqlite3 v1.10.0
golang.org/x/text => golang.org/x/text v0.3.3
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
golang.org/x/text => golang.org/x/text v0.3.3
golang.org/x/text => golang.org/x/text v0.3.3 // Required to fix CVE-2020-14040

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a nit ^ for we know why we are adding it.

camilamacedo86
camilamacedo86 suggested changes Jul 18, 2020
View reviewed changes
Copy link
Contributor

@camilamacedo86 camilamacedo86 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

.

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Jul 18, 2020
camilamacedo86
camilamacedo86 approved these changes Jul 18, 2020
View reviewed changes
Copy link
Contributor

@camilamacedo86 camilamacedo86 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

However, it just solves the CEV in the SDK project and not for the project which is built with, So, if the same needs be done for the end-user projects that we need update the go.mod that is generated by the tool.

@camilamacedo86 camilamacedo86 mentioned this pull request Jul 18, 2020
Merged
2 tasks
@openshift-ci-robot
Copy link

New changes are detected. LGTM label has been removed.

@openshift-ci-robot openshift-ci-robot removed the lgtm Indicates that a PR is ready to be merged. label Jul 21, 2020
estroz
estroz approved these changes Jul 21, 2020
View reviewed changes
Copy link
Member

@estroz estroz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@jmrodri jmrodri merged commit 0d4ba1b into operator-framework:master Jul 22, 2020
@jmrodri jmrodri deleted the update-golang-text branch August 17, 2020 15:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@estroz estroz estroz approved these changes

@camilamacedo86 camilamacedo86 camilamacedo86 approved these changes

@hasbro17 hasbro17 Awaiting requested review from hasbro17

@varshaprasad96 varshaprasad96 Awaiting requested review from varshaprasad96

Assignees

@camilamacedo86 camilamacedo86

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jmrodri @openshift-ci-robot @camilamacedo86 @estroz