Skip to content

cve_scan: Use envoy.dependency.cve_scan#19047

Merged
htuch merged 2 commits intoenvoyproxy:mainfrom
phlax:tooling-upstream-cvescan
Nov 29, 2021
Merged

cve_scan: Use envoy.dependency.cve_scan#19047
htuch merged 2 commits intoenvoyproxy:mainfrom
phlax:tooling-upstream-cvescan

Conversation

@phlax
Copy link
Copy Markdown
Member

@phlax phlax commented Nov 18, 2021

Signed-off-by: Ryan Northey ryan@synca.io

Commit Message:
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional API Considerations:]

@repokitteh-read-only repokitteh-read-only bot added the deps Approval required for changes to Envoy's external dependencies label Nov 18, 2021
@repokitteh-read-only
Copy link
Copy Markdown

repokitteh-read-only bot commented Nov 18, 2021

CC @envoyproxy/dependency-shepherds: Your approval is needed for changes made to (bazel/.*repos.*\.bzl)|(bazel/dependency_imports\.bzl)|(api/bazel/.*\.bzl)|(.*/requirements\.txt)|(.*\.patch).
envoyproxy/dependency-shepherds assignee is @mattklein123

🐱

Caused by: #19047 was opened by phlax.

see: more, trace.

@phlax phlax assigned htuch and unassigned mattklein123 Nov 18, 2021
phlax
phlax commented Nov 18, 2021
View reviewed changes
phlax
phlax commented Nov 18, 2021
View reviewed changes
@phlax phlax changed the title cve_scan: Use envoy.dependency.cve_scan [WIP] cve_scan: Use envoy.dependency.cve_scan Nov 18, 2021
@phlax phlax marked this pull request as draft November 18, 2021 16:17
@phlax phlax force-pushed the tooling-upstream-cvescan branch from 8040fe4 to 708d944 Compare November 18, 2021 16:24
@phlax
Copy link
Copy Markdown
Member Author

phlax commented Nov 18, 2021

demo CI run (with ignored_cves disabled):

https://dev.azure.com/cncf/envoy/_build/results?buildId=94816&view=logs&j=6f2cd4c8-2a7f-58b3-6ca1-df9e9e926610&t=fecae80b-e9b1-5bfa-068e-63d94be322a7&l=1892

@phlax phlax force-pushed the tooling-upstream-cvescan branch 2 times, most recently from fde5a44 to e990506 Compare November 18, 2021 19:09
@phlax
Copy link
Copy Markdown
Member Author

phlax commented Nov 18, 2021
edited
Loading

a successful run (which normally only happens as a cron task) looks like this:

https://dev.azure.com/cncf/envoy/_build/results?buildId=94830&view=logs&j=6f2cd4c8-2a7f-58b3-6ca1-df9e9e926610&t=fecae80b-e9b1-5bfa-068e-63d94be322a7&l=1588

@phlax phlax force-pushed the tooling-upstream-cvescan branch from e990506 to 9013804 Compare November 18, 2021 19:48
@phlax
cve_scan: Use envoy.dependency.cve_scan
0f3a971 
Signed-off-by: Ryan Northey <ryan@synca.io>
@phlax phlax force-pushed the tooling-upstream-cvescan branch from 9013804 to 0f3a971 Compare November 18, 2021 19:50
phlax
phlax commented Nov 18, 2021
View reviewed changes
phlax
phlax commented Nov 18, 2021
View reviewed changes
htuch
htuch reviewed Nov 19, 2021
View reviewed changes
Copy link
Copy Markdown
Member

@htuch htuch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great. Maybe test and verify if removing one of the ignore CVEs causes CI failure.

@htuch
Copy link
Copy Markdown
Member

htuch commented Nov 19, 2021

Oh, you already did! Then happy to stamp once you have this ready fro review.

@phlax
pr-updates
c423d06 
Signed-off-by: Ryan Northey <ryan@synca.io>
@phlax phlax changed the title [WIP] cve_scan: Use envoy.dependency.cve_scan cve_scan: Use envoy.dependency.cve_scan Nov 19, 2021
@phlax phlax marked this pull request as ready for review November 19, 2021 13:36
@phlax
Copy link
Copy Markdown
Member Author

phlax commented Nov 19, 2021

this should be ready for review - there is an unrelated CI fail which is hitting all branches atm 8/

@phlax
Copy link
Copy Markdown
Member Author

phlax commented Nov 20, 2021

/retest

@repokitteh-read-only
Copy link
Copy Markdown

repokitteh-read-only bot commented Nov 20, 2021

Retrying Azure Pipelines:
Retried failed jobs in: envoy-presubmit

🐱

Caused by: a #19047 (comment) was created by @phlax.

see: more, trace.

htuch
htuch approved these changes Nov 29, 2021
View reviewed changes
Copy link
Copy Markdown
Member

@htuch htuch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@repokitteh-read-only repokitteh-read-only bot removed the deps Approval required for changes to Envoy's external dependencies label Nov 29, 2021
@htuch htuch merged commit e3cb8ee into envoyproxy:main Nov 29, 2021
mpuncel added a commit to mpuncel/envoy that referenced this pull request Nov 30, 2021
@mpuncel
Merge branch 'main' into mpuncel/hc-after-sds-init-manager
09ddc81 
* main: (77 commits)
  Fix verify_and_print_latest_release logic (envoyproxy#19111)
  http2: drain only once when reached max_requests_per_connection (envoyproxy#19078)
  Overload: Reset H2 server stream only use codec level reset mechanism (envoyproxy#18895)
  Update QUICHE from c2ddf95dc to 7f2d442e3 (envoyproxy#19095)
  tools: Fix dependency checker release dates bug (envoyproxy#19109)
  cve_scan: Use `envoy.dependency.cve_scan` (envoyproxy#19047)
  tcp: fix overenthusiastic bounds on the new pool (envoyproxy#19036)
  dep: update Proxy-Wasm C++ host (2021-11-18). (envoyproxy#19074)
  build(deps): bump frozendict from 2.0.7 to 2.1.0 in /tools/base (envoyproxy#19080)
  kafka: dependency upgrades (envoyproxy#18995)
  build(deps): bump charset-normalizer in /tools/dependency (envoyproxy#19105)
  build(deps): bump slack-sdk in /.github/actions/pr_notifier (envoyproxy#19093)
  dep: Remove dependency - six (envoyproxy#19085)
  Remove requested_server_name_ field from StreamInfo (envoyproxy#19102)
  broken link path fix for items http_filters/grpc_json_transcoder_filter (envoyproxy#19101)
  quic: turn off GRO (envoyproxy#19088)
  Listener: Add global conn limit opt out. (envoyproxy#18876)
  Specify type for matching Subject Alternative Name. (envoyproxy#18628)
  Fix a broken example in Lua filter docs (envoyproxy#19086)
  Fix a small typo (envoyproxy#19058)
  ...

Signed-off-by: Michael Puncel <mpuncel@squareup.com>
@phlax phlax mentioned this pull request Dec 3, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@htuch htuch htuch approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@htuch htuch

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@phlax @htuch @mattklein123