Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: port CVE fixes #8743

Closed
wants to merge 1 commit into from
Closed

fix: port CVE fixes #8743

wants to merge 1 commit into from

Conversation

skrdgraph
Copy link
Contributor

Problem

need cve fixes on top of 21.03-slash

Solution

port fixes from main

@CLAassistant
Copy link

CLAassistant commented Mar 9, 2023
edited
Loading

CLA assistant check
All committers have signed the CLA.

@dgraph-bot dgraph-bot added area/bulk-loader Issues related to bulk loading. area/core internal mechanisms area/documentation Documentation related issues. area/enterprise Related to proprietary features area/enterprise/acl Related to Access Control Lists area/enterprise/backup Related to binary backups area/graphql Issues related to GraphQL support on Dgraph. area/integrations Related to integrations with other projects. area/live-loader Issues related to live loading. area/schema Issues related to the schema language and capabilities. area/testing Testing related issues go Pull requests that update Go code labels Mar 9, 2023
@skrdgraph skrdgraph changed the base branch from main to release/v21.03-slash March 9, 2023 19:10
@skrdgraph skrdgraph marked this pull request as ready for review March 9, 2023 19:12
sanjayk-github-dev
sanjayk-github-dev reviewed Mar 9, 2023
View reviewed changes
Copy link
Contributor

@sanjayk-github-dev sanjayk-github-dev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the large diff in go.sum expected?

@skrdgraph
Copy link
Contributor Author

#8743 (review)

go.sum is autogenerated

@joshua-goldstein joshua-goldstein mentioned this pull request Mar 17, 2023
Merged
@skrdgraph
Copy link
Contributor Author

Closing this in favor of #8760

@skrdgraph skrdgraph closed this Mar 17, 2023
@skrdgraph skrdgraph deleted the skrdgraph/port_cve_fixes branch March 17, 2023 08:02
skrdgraph added a commit that referenced this pull request Mar 17, 2023
@joshua-goldstein @skrdgraph
fix(cve): resolve cve's in slash (#8760)
4a03c14 
Similar to #8743 but two
changes.
- github.com/dgraph-io/graphql-transport-ws did not have any CVE's, see
#8624:
- Bumping google.golang.org/[email protected] to v1.52.0 caused issues, but
this was not a CVE fix. See
#8655

We now have parity with main branch (i.e. equal number and same CVE's on
main and slash).

---------

Co-authored-by: skrdgraph <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sanjayk-github-dev sanjayk-github-dev sanjayk-github-dev left review comments

@akon-dey akon-dey Awaiting requested review from akon-dey

@darkn3rd darkn3rd Awaiting requested review from darkn3rd

@meghalims meghalims Awaiting requested review from meghalims meghalims is a code owner

@matthewmcneely matthewmcneely Awaiting requested review from matthewmcneely matthewmcneely is a code owner

@billprovince billprovince Awaiting requested review from billprovince

@joshua-goldstein joshua-goldstein Awaiting requested review from joshua-goldstein

Assignees
No one assigned
Labels
area/bulk-loader Issues related to bulk loading. area/core internal mechanisms area/documentation Documentation related issues. area/enterprise/acl Related to Access Control Lists area/enterprise/backup Related to binary backups area/enterprise Related to proprietary features area/graphql Issues related to GraphQL support on Dgraph. area/integrations Related to integrations with other projects. area/live-loader Issues related to live loading. area/schema Issues related to the schema language and capabilities. area/testing Testing related issues go Pull requests that update Go code
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@skrdgraph @CLAassistant @sanjayk-github-dev @dgraph-bot