Sync release/1.4.x and release/1.4.0 for 1.4.0 GA release#3694
Merged
zalimeni merged 10 commits intorelease/1.4.0from Feb 28, 2024
Merged
Sync release/1.4.x and release/1.4.0 for 1.4.0 GA release#3694zalimeni merged 10 commits intorelease/1.4.0from
release/1.4.x and release/1.4.0 for 1.4.0 GA release#3694zalimeni merged 10 commits intorelease/1.4.0from
Conversation
…other dependencies into release/1.4.x (#3641) * security: upgrade helm/v3 to 3.11.3 Addresses multiple CVEs: - CVE-2023-25165 - CVE-2022-23524 - CVE-2022-23526 - CVE-2022-23525 * chore: upgrade k8s dependencies to match controller-runtime * security: upgrade containerd to latest Addresses GHSA-7ww5-4wqc-m92c (GO-2023-2412) * security: upgrade docker/docker to latest Addresses GHSA-jq35-85cj-fj4p * security: upgrade docker/distribution to latest Addresses CVE-2023-2253 * security: upgrade filepath-securejoin to latest patch Addresses GHSA-6xv5-86q9-7xr8 (GO-2023-2048) * chore: upgrade oras-go to fix docker incompatibility * Add changelog --------- Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
…k into release/1.4.x (#3651) * security: re-enable security scan release block This was previously disabled due to an unresolved false-positive CVE. Re-enabling both secrets and OSV + Go Modules scanning, which per our current scan results should not be a blocker to future releases. Also add security scans on PR and merge to protected branches to allow proactive triage going forward. See hashicorp/consul#19978 for similar change in that repo, adapted here. * security: add scan triage for CVE-2024-25620 (helm/v3) Triage this scan result as `consul-k8s` should not be directly impacted and it is medium severity. Follow-up ticket filed for remediation. Also improve formatting of scan config since this change will be backported. --------- Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
backport of commit cf8dcbe Co-authored-by: David Yu <dyu@hashicorp.com>
zalimeni
added
pr/no-changelog
david-yu
approved these changes
Feb 28, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes proposed in this PR
Pick up recent changes targeted for this release in one go by merging the
.xbranch directly into the.0release branch, rather than opening multiple backport PRs. See individual commits for 1.4.x backport PR links.How I've tested this PR
How I expect reviewers to test this PR
👀
The source branch for this PR is identical to
release/1.4.x. Created separate branch to ensure branch deletion rules don't kick in after merge.Checklist