Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

*: upgrade golang-jwt/jwt to fix secruity alerms #57136

Merged
merged 1 commit into from
Nov 5, 2024
Merged

*: upgrade golang-jwt/jwt to fix secruity alerms #57136

merged 1 commit into from
Nov 5, 2024

Conversation

hawkingrei
Copy link
Member

@hawkingrei hawkingrei commented Nov 5, 2024
edited
Loading

What problem does this PR solve?

Issue Number: close #57135

Problem Summary:

What changed and how does it work?

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No need to test
    • I checked and no code files have been changed.

Side effects

  • Performance regression: Consumes more CPU
  • Performance regression: Consumes more Memory
  • Breaking backward compatibility

Documentation

  • Affects user behaviors
  • Contains syntax changes
  • Contains variable changes
  • Contains experimental features
  • Changes MySQL compatibility

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

None

@ti-chi-bot ti-chi-bot bot added do-not-merge/needs-tests-checked release-note-none Denotes a PR that doesn't merit a release note. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed do-not-merge/needs-tests-checked labels Nov 5, 2024
@ti-chi-bot ti-chi-bot bot added approved needs-1-more-lgtm Indicates a PR needs 1 more LGTM. labels Nov 5, 2024
@hawkingrei
Copy link
Member Author

/retest

@codecov Codecov
Copy link

codecov bot commented Nov 5, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 56.3199%. Comparing base (f238540) to head (4127698).
Report is 3 commits behind head on master.

Additional details and impacted files 
@@                Coverage Diff                @@
##             master     #57136         +/-   ##
=================================================
- Coverage   73.0281%   56.3199%   -16.7083%     
=================================================
  Files          1657       1783        +126     
  Lines        457551     636489     +178938     
=================================================
+ Hits         334141     358470      +24329     
- Misses       102865     253792     +150927     
- Partials      20545      24227       +3682
Flag Coverage Δ
integration 37.1665% <ø> (?)
unit 72.3692% <ø> (+0.0692%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
dumpling 52.9478% <ø> (ø)
parser ∅ <ø> (∅)
br 52.3275% <ø> (+6.6084%) ⬆️

@ti-chi-bot ti-chi-bot
Copy link

ti-chi-bot bot commented Nov 5, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: lance6716, xhebox

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ti-chi-bot ti-chi-bot bot added lgtm and removed needs-1-more-lgtm Indicates a PR needs 1 more LGTM. labels Nov 5, 2024
@ti-chi-bot ti-chi-bot
Copy link

ti-chi-bot bot commented Nov 5, 2024

[LGTM Timeline notifier]

Timeline:

  • 2024-11-05 09:51:44.268477271 +0000 UTC m=+948217.107632810: ☑️ agreed by lance6716.
  • 2024-11-05 11:17:25.472324588 +0000 UTC m=+953358.311480133: ☑️ agreed by xhebox.

@hawkingrei
Copy link
Member Author

/retest

@ti-chi-bot ti-chi-bot bot merged commit b0ba097 into pingcap:master Nov 5, 2024
23 checks passed
@hawkingrei
Copy link
Member Author

/cherrypick release-8.5
/cherrypick release-8.1
/cherrypick release-7.5
/cherrypick release-7.1

ti-chi-bot pushed a commit to ti-chi-bot/tidb that referenced this pull request Nov 6, 2024
@hawkingrei @ti-chi-bot
This is an automated cherry-pick of pingcap#57136
93622d8 
Signed-off-by: ti-chi-bot <[email protected]>
@ti-chi-bot
Copy link
Member

@hawkingrei: new pull request created to branch release-7.1: #57180.

In response to this:

/cherrypick release-8.5
/cherrypick release-8.1
/cherrypick release-7.5
/cherrypick release-7.1

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

@ti-chi-bot ti-chi-bot mentioned this pull request Nov 6, 2024
Closed
13 tasks
ti-chi-bot pushed a commit to ti-chi-bot/tidb that referenced this pull request Nov 6, 2024
@hawkingrei @ti-chi-bot
This is an automated cherry-pick of pingcap#57136
6554d49 
Signed-off-by: ti-chi-bot <[email protected]>
@ti-chi-bot
Copy link
Member

@hawkingrei: new pull request created to branch release-7.5: #57181.

In response to this:

/cherrypick release-8.5
/cherrypick release-8.1
/cherrypick release-7.5
/cherrypick release-7.1

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

@ti-chi-bot ti-chi-bot mentioned this pull request Nov 6, 2024
Open
13 tasks
@ti-chi-bot
Copy link
Member

@hawkingrei: new pull request created to branch release-8.1: #57182.

In response to this:

/cherrypick release-8.5
/cherrypick release-8.1
/cherrypick release-7.5
/cherrypick release-7.1

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

ti-chi-bot pushed a commit to ti-chi-bot/tidb that referenced this pull request Nov 6, 2024
@hawkingrei @ti-chi-bot
This is an automated cherry-pick of pingcap#57136
f7e083e 
Signed-off-by: ti-chi-bot <[email protected]>
@ti-chi-bot ti-chi-bot mentioned this pull request Nov 6, 2024
Open
13 tasks
@ti-chi-bot
Copy link
Member

@hawkingrei: new pull request created to branch release-8.5: #57183.

In response to this:

/cherrypick release-8.5
/cherrypick release-8.1
/cherrypick release-7.5
/cherrypick release-7.1

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

@ti-chi-bot ti-chi-bot mentioned this pull request Nov 6, 2024
Merged
13 tasks
ti-chi-bot bot pushed a commit that referenced this pull request Nov 7, 2024
@ti-chi-bot
*: upgrade golang-jwt/jwt to fix secruity alerms (#57136) (#57183)
803b0ff 
close #57135
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xhebox xhebox xhebox approved these changes

@lance6716 lance6716 lance6716 approved these changes

@Defined2014 Defined2014 Awaiting requested review from Defined2014

Assignees
No one assigned
Labels
approved lgtm release-note-none Denotes a PR that doesn't merit a release note. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations
4 participants
@hawkingrei @ti-chi-bot @lance6716 @xhebox