build(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 in /tests/integration #4222
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.2.3 to 0.2.4. - [Release notes](https://github.com/cyphar/filepath-securejoin/releases) - [Commits](cyphar/filepath-securejoin@v0.2.3...v0.2.4) --- updated-dependencies: - dependency-name: github.com/cyphar/filepath-securejoin dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/go_modules/tests/integration/github.com/cyphar/filepath-securejoin-0.2.4
branch
from
fb8b6ed to
ab18cfe
Compare
stefanprodan
approved these changes
Sep 8, 2023
makkes
deleted the
dependabot/go_modules/tests/integration/github.com/cyphar/filepath-securejoin-0.2.4
branch
|
Backport failed for Please cherry-pick the changes locally. git fetch origin release/v2.1.x
git worktree add -d .worktree/backport-4222-to-release/v2.1.x origin/release/v2.1.x
cd .worktree/backport-4222-to-release/v2.1.x
git checkout -b backport-4222-to-release/v2.1.x
ancref=$(git merge-base 037562bf7be0e844001605c13da8ce2231fcd254 ab18cfe1a2ab078421fbdf5fdf652b801d22be41)
git cherry-pick -x $ancref..ab18cfe1a2ab078421fbdf5fdf652b801d22be41 |
1 similar comment
|
Backport failed for Please cherry-pick the changes locally. git fetch origin release/v2.1.x
git worktree add -d .worktree/backport-4222-to-release/v2.1.x origin/release/v2.1.x
cd .worktree/backport-4222-to-release/v2.1.x
git checkout -b backport-4222-to-release/v2.1.x
ancref=$(git merge-base 037562bf7be0e844001605c13da8ce2231fcd254 ab18cfe1a2ab078421fbdf5fdf652b801d22be41)
git cherry-pick -x $ancref..ab18cfe1a2ab078421fbdf5fdf652b801d22be41 |
|
@stefanprodan do we want to backport this one to 2.0.x as well as it's a security fix? |
|
Yes we should, since this CVE affects the CLI which runs on Windows unlike the controllers. |
|
Backport failed for Please cherry-pick the changes locally. git fetch origin release/v2.0.x
git worktree add -d .worktree/backport-4222-to-release/v2.0.x origin/release/v2.0.x
cd .worktree/backport-4222-to-release/v2.0.x
git checkout -b backport-4222-to-release/v2.0.x
ancref=$(git merge-base 037562bf7be0e844001605c13da8ce2231fcd254 ab18cfe1a2ab078421fbdf5fdf652b801d22be41)
git cherry-pick -x $ancref..ab18cfe1a2ab078421fbdf5fdf652b801d22be41 |
|
I'll take a look why the backport to 2.1.x fails. |
|
Backport failed for Please cherry-pick the changes locally. git fetch origin release/v2.1.x
git worktree add -d .worktree/backport-4222-to-release/v2.1.x origin/release/v2.1.x
cd .worktree/backport-4222-to-release/v2.1.x
git checkout -b backport-4222-to-release/v2.1.x
ancref=$(git merge-base 037562bf7be0e844001605c13da8ce2231fcd254 ab18cfe1a2ab078421fbdf5fdf652b801d22be41)
git cherry-pick -x $ancref..ab18cfe1a2ab078421fbdf5fdf652b801d22be41 |
|
No need to backport because tests/integration was only added recently and isn't in 2.1 or 2.0. 🎉 |
makkes
removed
backport:release/v2.0.x
nrdufour
added a commit
to nrdufour/home-ops
that referenced
this pull request
Oct 3, 2023
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [fluxcd/flux2](https://github.com/fluxcd/flux2) | Kustomization | patch | `v2.1.0` -> `v2.1.1` | --- ### Release Notes <details> <summary>fluxcd/flux2 (fluxcd/flux2)</summary> ### [`v2.1.1`](https://github.com/fluxcd/flux2/releases/tag/v2.1.1) [Compare Source](fluxcd/flux2@v2.1.0...v2.1.1) #### Highlights Flux `v2.1.1` is a patch release which comes with various fixes. Users are encouraged to upgrade for the best experience. ##### Fixes - Use auto lookup strategy for Buckets to widen support for S3-compatible object storage services (`source-controller`). - Fix Secret type check for HelmRepositories TLS certs referred in `.spec.secretRef` (`source-controller`). - Fix the branch name reporting when the push branch is the same as the checkout branch (`image-automation-controller`). - Restore Helm logs inclusion in failure events (`helm-controller`). - Fix the impersonation of the default service account when diffing HelmReleases (`helm-controller`). - Check source for `nil` artifact before loading Helm charts (`helm-controller`). - Update the description of Kubernetes specific flag to distinguish them from Flux bootstrap flags (`flux` CLI). #### Components changelog - source-controller [v1.1.1](https://github.com/fluxcd/source-controller/blob/v1.1.1/CHANGELOG.md) - helm-controller [v0.36.1](https://github.com/fluxcd/helm-controller/blob/v0.36.1/CHANGELOG.md) - image-automation-controller [v0.36.1](https://github.com/fluxcd/image-automation-controller/blob/v0.36.1/CHANGELOG.md) #### CLI Changelog - PR [#​4255](fluxcd/flux2#4255) - [@​hiddeco](https://github.com/hiddeco) - tests/azure: update controller dependencies - PR [#​4251](fluxcd/flux2#4251) - [@​fluxcdbot](https://github.com/fluxcdbot) - Update toolkit components - PR [#​4246](fluxcd/flux2#4246) - [@​dependabot](https://github.com/dependabot)\[bot] - build(deps): bump the ci group with 4 updates - PR [#​4238](fluxcd/flux2#4238) - [@​makkes](https://github.com/makkes) - Upgrade github.com/fluxcd/pkg/{git,git/gogit} - PR [#​4233](fluxcd/flux2#4233) - [@​sonbui00](https://github.com/sonbui00) - chore: remove support armv6h for aur package - PR [#​4228](fluxcd/flux2#4228) - [@​sonbui00](https://github.com/sonbui00) - Improve AUR package templates - PR [#​4227](fluxcd/flux2#4227) - [@​dependabot](https://github.com/dependabot)\[bot] - build(deps): bump the ci group with 3 updates - PR [#​4226](fluxcd/flux2#4226) - [@​somtochiama](https://github.com/somtochiama) - Update description of kubeconfig specific flag - PR [#​4222](fluxcd/flux2#4222) - [@​dependabot](https://github.com/dependabot)\[bot] - build(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 in /tests/integration - PR [#​4221](fluxcd/flux2#4221) - [@​dependabot](https://github.com/dependabot)\[bot] - build(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 in /tests/azure - PR [#​4215](fluxcd/flux2#4215) - [@​dependabot](https://github.com/dependabot)\[bot] - build(deps): bump the ci group with 4 updates - PR [#​4213](fluxcd/flux2#4213) - [@​dependabot](https://github.com/dependabot)\[bot] - build(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible in /tests/integration - PR [#​4212](fluxcd/flux2#4212) - [@​dependabot](https://github.com/dependabot)\[bot] - build(deps): bump github.com/docker/docker from 23.0.1+incompatible to 23.0.3+incompatible in /tests/integration - PR [#​4198](fluxcd/flux2#4198) - [@​makkes](https://github.com/makkes) - Add 2.1.x backport label - PR [#​4197](fluxcd/flux2#4197) - [@​stefanprodan](https://github.com/stefanprodan) - Fix links to fluxcd.io - PR [#​4195](fluxcd/flux2#4195) - [@​dependabot](https://github.com/dependabot)\[bot] - build(deps): bump the ci group with 2 updates </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi45Ni4wIiwidXBkYXRlZEluVmVyIjoiMzYuOTYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Reviewed-on: https://git.home/nrdufour/home-ops/pulls/94 Co-authored-by: Renovate <renovate@ptinem.io> Co-committed-by: Renovate <renovate@ptinem.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4.
Release notes
Sourced from github.com/cyphar/filepath-securejoin's releases.
Commits
2710d06VERSION: release v0.2.46894341merge #9 into mainc121231Fix support for Windows05b6423ci: switch to GHA64536a8VERSION: back to developmentDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.