Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: bump buildkit version to v0.12.5 #4221

Merged
merged 3 commits into from
Feb 28, 2024
Merged

chore: bump buildkit version to v0.12.5 #4221

merged 3 commits into from
Feb 28, 2024

Conversation

ivanaguilario
Copy link
Contributor

@ivanaguilario ivanaguilario commented Feb 8, 2024
edited by nitrocode
Loading

what

There are 2 CVEs in the current 0.27.1 image. These relate to buildkit and are fixed in buildkit 0.12.5.

CVE-2024-23652
CVE-2024-23653

why

Security vulnerabilities.

tests

Ran atlantis-image workflow to verify image builds correctly.

references

@ivanaguilario ivanaguilario requested review from a team as code owners February 8, 2024 15:50
@ivanaguilario ivanaguilario requested review from jamengual, lukemassa and nitrocode and removed request for a team February 8, 2024 15:50
@ivanaguilario ivanaguilario marked this pull request as draft February 8, 2024 15:51
@chenrui333 chenrui333 mentioned this pull request Feb 8, 2024
Merged
nitrocode
nitrocode previously approved these changes Feb 28, 2024
View reviewed changes
@nitrocode nitrocode marked this pull request as ready for review February 28, 2024 05:58
@github-actions github-actions bot added the build Relating to how we build Atlantis label Feb 28, 2024
@nitrocode nitrocode closed this Feb 28, 2024
@nitrocode nitrocode reopened this Feb 28, 2024
@nitrocode nitrocode enabled auto-merge (squash) February 28, 2024 06:01
@nitrocode nitrocode merged commit e13f752 into runatlantis:main Feb 28, 2024
57 of 58 checks passed
@krzysztof-magosa
Copy link

Hi. Any idea when new release with above fixes could be rolled out? Thanks.

@GenPage
Copy link
Member

GenPage commented Mar 8, 2024

/cherry-pick release-0.27

@gcp-cherry-pick-bot GCP Cherry-Pick Bot
Copy link

Cherry-pick failed with Merge error e13f7527f264fa8e716aef144497616ae0185d8c into temp-cherry-pick-b858c0-release-0.27

GenPage pushed a commit that referenced this pull request Mar 8, 2024
@ivanaguilario @nitrocode @GenPage
chore: bump buildkit version to v0.12.5 (#4221)
2991920 
* chore: bump buildkit version to v0.12.5

* chore: bumped CONFTEST version to 0.49.1

---------

Co-authored-by: nitrocode <[email protected]>
@BrewTestBot BrewTestBot mentioned this pull request Mar 9, 2024
Merged
@BrewTestBot BrewTestBot mentioned this pull request May 22, 2024
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nitrocode nitrocode nitrocode approved these changes

@jamengual jamengual Awaiting requested review from jamengual jamengual is a code owner automatically assigned from runatlantis/maintainers

@lukemassa lukemassa Awaiting requested review from lukemassa lukemassa is a code owner automatically assigned from runatlantis/core-contributors

Assignees
No one assigned
Labels
build Relating to how we build Atlantis github-actions security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ivanaguilario @krzysztof-magosa @GenPage @nitrocode