Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[3.4] Security: address HIGH Vulnerabilities #15019

Merged
merged 5 commits into from
Dec 19, 2022
Merged

[3.4] Security: address HIGH Vulnerabilities #15019

merged 5 commits into from
Dec 19, 2022

Conversation

ahrtr
Copy link
Member

@ahrtr ahrtr commented Dec 19, 2022

Please read https://github.com/etcd-io/etcd/blob/main/CONTRIBUTING.md#contribution-flow.

Bumped a dependency in each commit.

Address the following HIGH Vulnerabilities,
Screen Shot 2022-12-19 at 16 38 22

cc @ptabor @serathius @spzala

@ahrtr ahrtr added area/security priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. labels Dec 19, 2022
@ahrtr ahrtr marked this pull request as draft December 19, 2022 08:53
ptabor
ptabor suggested changes Dec 19, 2022
View reviewed changes
Copy link
Contributor

@ptabor ptabor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems we have precedense for bumping go witing 3.4 lifecycle: 1abf085#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6

so I think it's OK.

As usuall: please add a CHANGELOG entry.

@ahrtr
bump go version to 1.17.3
5413ce4 
Signed-off-by: Benjamin Wang <[email protected]>
@ahrtr ahrtr marked this pull request as ready for review December 19, 2022 10:42
@ahrtr
Copy link
Member Author

ahrtr commented Dec 19, 2022

Please also ignore the Release workflow failure, it should can be resolved after merging this PR. (Note: the PR #14860 isn't backported)

@ahrtr
Copy link
Member Author

ahrtr commented Dec 19, 2022

changelog: #15020

@ahrtr ahrtr merged commit 8119eb3 into etcd-io:release-3.4 Dec 19, 2022
@ahrtr ahrtr mentioned this pull request Dec 19, 2022
Closed
@serathius serathius mentioned this pull request Jan 18, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ptabor ptabor ptabor approved these changes

Assignees
No one assigned
Labels
area/security priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ahrtr @ptabor