Skip to content

Backport of [NET-8946 NET-8947 NET-8948] security: bump go, x/net and envoy versions into release/1.3.x#3902

Merged
zalimeni merged 1 commit intorelease/1.3.xfrom
backport/security/net-8946-8947-8948/loudly-cuddly-magpie
Apr 16, 2024
Merged

Backport of [NET-8946 NET-8947 NET-8948] security: bump go, x/net and envoy versions into release/1.3.x#3902
zalimeni merged 1 commit intorelease/1.3.xfrom
backport/security/net-8946-8947-8948/loudly-cuddly-magpie

Conversation

@hc-github-team-consul-core
Copy link
Collaborator

@hc-github-team-consul-core hc-github-team-consul-core commented Apr 11, 2024

Backport

This PR is auto-generated from #3893 to be assessed for backporting due to the inclusion of the label backport/1.3.x.

🚨

Warning automatic cherry-pick of commits failed. If the first commit failed,
you will see a blank no-op commit below. If at least one commit succeeded, you
will see the cherry-picked commits up to, not including, the commit where
the merge conflict occurred.

The person who merged in the original PR is:
@zalimeni
This person should manually cherry-pick the original PR into a new backport PR,
and close this one when the manual backport PR is merged in.

merge conflict error: POST https://api.github.com/repos/hashicorp/consul-k8s/merges: 409 Merge conflict []

The below text is copied from the body of the original PR.

Description

Upgrade to use Go 1.21.9. This resolves CVEs
CVE-2023-45288 (http2).

Upgrade to support Envoy 1.28.2. This resolves CVEs
CVE-2024-27919 (http2).

Upgrade to use golang.org/x/net v0.24.0. This resolves CVEs
CVE-2023-45288 (x/net).

Checklist

Overview of commits

@hashicorp-cla-app
Copy link

hashicorp-cla-app bot commented Apr 11, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

@dduzgun-security dduzgun-security marked this pull request as ready for review April 12, 2024 13:49
@zalimeni zalimeni enabled auto-merge (squash) April 16, 2024 20:30
@zalimeni zalimeni force-pushed the backport/security/net-8946-8947-8948/loudly-cuddly-magpie branch from b95e68c to e04e217 Compare April 16, 2024 20:31
@zalimeni zalimeni disabled auto-merge April 16, 2024 20:32
@zalimeni zalimeni enabled auto-merge (squash) April 16, 2024 20:32
@zalimeni zalimeni merged commit cf76890 into release/1.3.x Apr 16, 2024
@zalimeni zalimeni deleted the backport/security/net-8946-8947-8948/loudly-cuddly-magpie branch April 16, 2024 20:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dduzgun-security dduzgun-security Awaiting requested review from dduzgun-security

1 more reviewer

@zalimeni zalimeni zalimeni approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@zalimeni zalimeni

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hc-github-team-consul-core @zalimeni @dduzgun-security