Skip to content

CVE-2024-24786: bump google.golang.org/protobuf to v1.33.0#249

Merged
k8s-ci-robot merged 1 commit intokubernetes-csi:masterfrom
dobsonj:CVE-2024-24786-origin-master
Mar 14, 2024
Merged

CVE-2024-24786: bump google.golang.org/protobuf to v1.33.0#249
k8s-ci-robot merged 1 commit intokubernetes-csi:masterfrom
dobsonj:CVE-2024-24786-origin-master

Conversation

@dobsonj
Copy link
Member

@dobsonj dobsonj commented Mar 12, 2024
edited
Loading

What this PR does / why we need it:

Bump google.golang.org/protobuf@v1.33.0 and github.com/golang/protobuf@v1.5.4 to address CVE-2024-24786.

https://pkg.go.dev/vuln/GO-2024-2611
GHSA-8r3f-844c-mc37

Which issue(s) this PR fixes:

/kind bug

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

Update google.golang.org/protobuf to v1.33.0 to resolve CVE-2024-24786

dobsonj pushed a commit to dobsonj/livenessprobe that referenced this pull request Mar 12, 2024
@RaunakShah
Squashed 'release-tools/' changes from b54c1ba..dc4d0ae
1fd505f 
dc4d0ae Merge pull request kubernetes-csi#249 from jsafrane/use-go-version
e681b17 Use .go-version to get Kubernetes go version

git-subtree-dir: release-tools
git-subtree-split: dc4d0ae
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Mar 12, 2024

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Mar 12, 2024
@k8s-ci-robot k8s-ci-robot requested review from gnufied and humblec March 12, 2024 18:45
@k8s-ci-robot k8s-ci-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Mar 12, 2024
@dobsonj dobsonj marked this pull request as ready for review March 12, 2024 19:03
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Mar 12, 2024
@k8s-ci-robot k8s-ci-robot requested a review from carlory March 12, 2024 19:03
@jsafrane
Copy link
Contributor

jsafrane commented Mar 14, 2024

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 14, 2024
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Mar 14, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dobsonj, jsafrane

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 14, 2024
@k8s-ci-robot k8s-ci-robot merged commit eb7d0f1 into kubernetes-csi:master Mar 14, 2024
@rhrmo rhrmo mentioned this pull request Oct 2, 2024
Merged
rhrmo pushed a commit to rhrmo/livenessprobe that referenced this pull request Jan 13, 2026
@k8s-ci-robot
Merge pull request kubernetes-csi#249 from jsafrane/use-go-version
dc4d0ae 
Use .go-version to get Kubernetes go version
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gnufied gnufied Awaiting requested review from gnufied

@humblec humblec Awaiting requested review from humblec

@carlory carlory Awaiting requested review from carlory

Assignees

@jsafrane jsafrane

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dobsonj @k8s-ci-robot @jsafrane