Skip to content

CVE-2024-24790: bump go to 1.22.5#283

Merged
k8s-ci-robot merged 3 commits intokubernetes-csi:masterfrom
sdx-jkataja:CVE-2024-24790
Aug 14, 2024
Merged

CVE-2024-24790: bump go to 1.22.5#283
k8s-ci-robot merged 3 commits intokubernetes-csi:masterfrom
sdx-jkataja:CVE-2024-24790

Conversation

@sdx-jkataja
Copy link
Contributor

@sdx-jkataja sdx-jkataja commented Jul 22, 2024
edited
Loading

What type of PR is this?

/kind bug

What this PR does / why we need it:
Fixes vulnerability CVE-2024-24790 by updating Go to 1.22.5

Which issue(s) this PR fixes:
Fixes #281

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

Updated go to 1.22.5 to resolve CVE-2024-24790

@k8s-ci-robot k8s-ci-robot added the do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. label Jul 22, 2024
@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Jul 22, 2024
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Jul 22, 2024

Welcome @sdx-jkataja!

It looks like this is your first PR to kubernetes-csi/livenessprobe 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-csi/livenessprobe has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot added the cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. label Jul 22, 2024
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Jul 22, 2024

Hi @sdx-jkataja. Thanks for your PR.

I'm waiting for a kubernetes-csi member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Jul 22, 2024
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jul 25, 2024
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Aug 9, 2024
@sdx-jkataja
Squashed 'release-tools/' changes from adb3af9..988496a
6546dd9 
988496a Merge pull request kubernetes-csi#257 from jakobmoellerdev/csi-prow-sidecar-e2e-path
028f8c6 chore: bump to Go 1.22.5
69bd71e chore: add CSI_PROW_SIDECAR_E2E_PATH
f40f0cc Merge pull request kubernetes-csi#256 from solumath/master
cfa9210 Instruction update
379a1bb Merge pull request kubernetes-csi#255 from humblec/sidecar-md
a5667bb fix typo in sidecar release process
4967685 Merge pull request kubernetes-csi#254 from bells17/add-github-actions
d9bd160 Update skip list in codespell GitHub Action
f5aebfc Add GitHub Actions workflows

git-subtree-dir: release-tools
git-subtree-split: 988496a
@sdx-jkataja
Merge commit '6546dd9182dfbf949385396d002dbfb93d9b3584' into CVE-2024…
bfac0ad 
…-24790
@sdx-jkataja
bump go 1.22.5 fixes CVE-2024-24790
18c371d
@jsafrane
Copy link
Contributor

jsafrane commented Aug 14, 2024

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Aug 14, 2024
@jsafrane
Copy link
Contributor

jsafrane commented Aug 14, 2024

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 14, 2024
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Aug 14, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jsafrane, sdx-jkataja

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 14, 2024
@k8s-ci-robot k8s-ci-robot merged commit 3562106 into kubernetes-csi:master Aug 14, 2024
@sdx-jkataja sdx-jkataja mentioned this pull request Aug 22, 2024
Closed
@rhrmo rhrmo mentioned this pull request Oct 2, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mauriciopoppe mauriciopoppe Awaiting requested review from mauriciopoppe

@xing-yang xing-yang Awaiting requested review from xing-yang

Assignees

@jsafrane jsafrane

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Need a fix for CVE-2024-24790

3 participants

@sdx-jkataja @k8s-ci-robot @jsafrane