chore(deps): bump openresty from 1.21.4.2 to 1.21.4.3 (#11952)

### Summary - bugfix: applied the patch for security advisory to NGINX cores. (CVE-2023-44487). Kong already had the patch, but well, now that it is packaged, we can remove ours, and get to the latest OpenResty KAG-3033 Signed-off-by: Aapo Talvensaari <aapo.talvensaari@gmail.com>
Kong · Nov 8, 2023 · 4b12b23 · 4b12b23 · khcp-gha-bot · Nov 8, 2023
1 parent 444b214
commit 4b12b23
Show file tree

Hide file tree

Showing 5 changed files with 6 additions and 56 deletions.
diff --git a/.requirements b/.requirements
@@ -1,6 +1,6 @@
 KONG_PACKAGE_NAME=kong
 
-OPENRESTY=1.21.4.2
+OPENRESTY=1.21.4.3
 LUAROCKS=3.9.2
 OPENSSL=3.1.4
 PCRE=8.45

diff --git a/build/openresty/patches/nginx-1.21.4_09-http2-rapid-reset-ddos-attack-cve-2023-44487.patch b/build/openresty/patches/nginx-1.21.4_09-http2-rapid-reset-ddos-attack-cve-2023-44487.patch
diff --git a/build/openresty/repositories.bzl b/build/openresty/repositories.bzl
@@ -30,7 +30,7 @@ def openresty_repositories():
         openresty_http_archive_wrapper,
         name = "openresty",
         build_file = "//build/openresty:BUILD.openresty.bazel",
-        sha256 = "5b1eded25c1d4ed76c0336dfae50bd94d187af9c85ead244135dd5ae363b2e2a",
+        sha256 = "33a84c63cfd9e46b0e5c62eb2ddc7b8068bda2e1686314343b89fc3ffd24cdd3",
         strip_prefix = "openresty-" + openresty_version,
         urls = [
             "https://openresty.org/download/openresty-" + openresty_version + ".tar.gz",

diff --git a/changelog/unreleased/kong/bump-openresty-1.21.4.3.yml b/changelog/unreleased/kong/bump-openresty-1.21.4.3.yml
@@ -0,0 +1,3 @@
+message: "Bumped OpenResty from 1.21.4.2 to 1.21.4.3"
+type: dependency
+scope: Core
diff --git a/kong/meta.lua b/kong/meta.lua
@@ -24,6 +24,6 @@ return {
   -- third-party dependencies' required version, as they would be specified
   -- to lua-version's `set()` in the form {from, to}
   _DEPENDENCIES = {
-    nginx = { "1.21.4.2" },
+    nginx = { "1.21.4.3" },
   }
 }