Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of [NET-8174] security: add scan triage for CVE-2024-25620 (helm/v3) into release/1.3.x #3660

Closed
wants to merge 1 commit into from
Closed

Backport of [NET-8174] security: add scan triage for CVE-2024-25620 (helm/v3) into release/1.3.x #3660

wants to merge 1 commit into from

Conversation

hc-github-team-consul-core
Copy link

Backport

This PR is auto-generated from #3657 to be assessed for backporting due to the inclusion of the label backport/1.3.x.

🚨

Warning automatic cherry-pick of commits failed. If the first commit failed,
you will see a blank no-op commit below. If at least one commit succeeded, you
will see the cherry-picked commits up to, not including, the commit where
the merge conflict occurred.

The person who merged in the original PR is:
@zalimeni
This person should manually cherry-pick the original PR into a new backport PR,
and close this one when the manual backport PR is merged in.

merge conflict error: POST https://api.github.com/repos/hashicorp/consul-k8s/merges: 409 Merge conflict []

The below text is copied from the body of the original PR.

Triage this scan result as consul-k8s should not be directly impacted and it is medium severity. Follow-up ticket filed for remediation.

Changes proposed in this PR

  • Triage CVE-2024-25620 security scan result
  • Improve formatting of scan config since this change will be backported.

How I've tested this PR

Local scan has no further Go Modules OSV results when applied. Same with repository scan in CI (see checks below).

How I expect reviewers to test this PR

👀

Checklist

Overview of commits

@hc-github-team-consul-core hc-github-team-consul-core force-pushed the backport/zalimeni/net-8174-triage-helm-CVE-2024-25620/severely-concise-cow branch from b5c3706 to 13f0291 Compare February 20, 2024 18:38
@hashicorp-cla
Copy link

CLA assistant check

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

temp seems not to be a GitHub user.
You need a GitHub account to be able to sign the CLA. If you already have a GitHub account, please add the email address used for this commit to your account.

Have you signed the CLA already but the status is still pending? Recheck it.

@zalimeni
Copy link
Member

Closing in favor of combined change + fix backport in #3650

@zalimeni zalimeni closed this Feb 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zalimeni zalimeni Awaiting requested review from zalimeni

Assignees

@zalimeni zalimeni

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hc-github-team-consul-core @hashicorp-cla @zalimeni