Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update support-bundle to v0.0.47 (backport #9899) #9901

Merged
merged 1 commit into from
Dec 4, 2024
Merged

chore: update support-bundle to v0.0.47 (backport #9899) #9901

merged 1 commit into from
Dec 4, 2024

Conversation

mergify[bot]
Copy link

@mergify mergify bot commented Dec 4, 2024

Which issue(s) this PR fixes:

Issue #9895

What this PR does / why we need it:

Resolves CVE issues.

After

longhornio/support-bundle-kit:v0.0.47 (suse linux enterprise server 15.6)
=========================================================================
Total: 0 (HIGH: 0, CRITICAL: 0)

Before

longhornio/support-bundle-kit:v0.0.45 (suse linux enterprise server 15.6)
=========================================================================
Total: 0 (HIGH: 0, CRITICAL: 0)


usr/bin/yq (gobinary)
=====================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-34156 │ HIGH     │ fixed  │ v1.22.5           │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │
│         │                │          │        │                   │                │ which contains deeply nested structures...                │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

Special notes for your reviewer:

None

Additional documentation or context

None

This is an automatic backport of pull request #9899 done by Mergify.

@mergify Mergify
Copy link
Author

mergify bot commented Dec 4, 2024

Cherry-pick of 6cc47ec has failed:

On branch mergify/bp/v1.6.x/pr-9899
Your branch is up to date with 'origin/v1.6.x'.

You are currently cherry-picking commit 6cc47ec.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   chart/README.md
	modified:   chart/questions.yaml
	modified:   chart/values.yaml
	modified:   deploy/longhorn.yaml

Unmerged paths:
  (use "git add/rm <file>..." as appropriate to mark resolution)
	both modified:   deploy/longhorn-images.txt
	deleted by us:   deploy/longhorn-okd.yaml

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

@mergify mergify bot requested a review from a team as a code owner December 4, 2024 06:19
@mergify mergify bot added the conflicts label Dec 4, 2024
@mergify mergify bot mentioned this pull request Dec 4, 2024
Merged
@c3y1huang
Copy link
Contributor

ref #9898

@c3y1huang
chore: update support-bundle to v0.0.47
e2d1b08 
longhorn/longhorn-9895

Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com>
(cherry picked from commit 6cc47ec)
@c3y1huang c3y1huang force-pushed the mergify/bp/v1.6.x/pr-9899 branch from 26c7f05 to e2d1b08 Compare December 4, 2024 06:23
@c3y1huang c3y1huang self-assigned this Dec 4, 2024
@c3y1huang c3y1huang mentioned this pull request Dec 4, 2024
Closed
2 tasks
@c3y1huang c3y1huang requested a review from derekbit December 4, 2024 06:30
@derekbit derekbit merged commit 023aa34 into v1.6.x Dec 4, 2024
4 checks passed
@derekbit derekbit deleted the mergify/bp/v1.6.x/pr-9899 branch December 4, 2024 06:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@derekbit derekbit derekbit approved these changes

Assignees

@c3y1huang c3y1huang

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@c3y1huang @derekbit