Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bump alpine and jwt-go #4723

Merged
merged 3 commits into from
May 11, 2021
Merged

bump alpine and jwt-go #4723

merged 3 commits into from
May 11, 2021

Conversation

npolshakova
Copy link
Contributor

Description

jwt-go for CVE-2020-26160 and alpine for CVE-2021-30139

The fix for this cve is on the v4-preview1 release, it looks like there hasn't been much activity and jwt-go isn't maintained actively (see: dgrijalva/jwt-go#426). If we can't expect updates, we might want consider to migrate to a different jwt library (solo-io#4722)

Checklist:

  • I included a concise, user-facing changelog (for details, see https://github.com/solo-io/go-utils/tree/master/changelogutils) which references the issue that is resolved.
  • If I updated APIs (our protos) or helm values, I ran make install-go-tools generated-code to ensure there will be no code diff
  • I followed guidelines laid out in the Gloo Edge contribution guide
  • I opened a draft PR or added the work in progress label if my PR is not ready for review
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works

@github-actions github-actions bot added the keep pr updated signals bulldozer to keep pr up to date with base branch label May 11, 2021
@npolshakova npolshakova marked this pull request as ready for review May 11, 2021 20:38
saiskee
saiskee previously approved these changes May 11, 2021
View reviewed changes
jenshu
jenshu previously approved these changes May 11, 2021
View reviewed changes
@npolshakova npolshakova dismissed stale reviews from jenshu and saiskee via 6c47893 May 11, 2021 20:53
@npolshakova npolshakova requested a review from saiskee May 11, 2021 21:21
@soloio-bulldozer soloio-bulldozer bot merged commit e3240ee into master May 11, 2021
@soloio-bulldozer soloio-bulldozer bot deleted the alpine-bump-3.13.5 branch May 11, 2021 21:52
npolshakova added a commit that referenced this pull request May 12, 2021
@npolshakova
bump alpine and jwt-go (#4723)
6b880af 
* bump alpine and jwt-go
npolshakova added a commit that referenced this pull request May 12, 2021
@npolshakova
bump alpine and jwt-go (#4723)
62e7821 
* bump alpine and jwt-go
This was referenced May 12, 2021
Merged
Merged
soloio-bulldozer bot pushed a commit that referenced this pull request May 12, 2021
@npolshakova
bump alpine and jwt-go (#4723) (#4725)
eecee15 
* bump alpine and jwt-go (#4723)

* bump alpine and jwt-go
* bump docs alpine
* fix changelog
soloio-bulldozer bot pushed a commit that referenced this pull request May 12, 2021
@npolshakova
Bump alpine and jwt-go (#4723) (#4724)
65c1569 
* bump alpine and jwt-go (#4723)

* bump alpine and jwt-go
* fix doc files
npolshakova added a commit that referenced this pull request May 12, 2021
@npolshakova
bump alpine and jwt-go (#4723) (#4725)
230e394 
* bump alpine and jwt-go (#4723)
@npolshakova npolshakova mentioned this pull request May 12, 2021
Merged
soloio-bulldozer bot pushed a commit that referenced this pull request May 13, 2021
@npolshakova
bump alpine and jwt-go (#4732)
4d24845 
* bump alpine and jwt-go (#4723) (#4725)

* bump alpine and jwt-go (#4723)
* update go.sum
* fix changelog
* ingress fix
* fix sds dockerfile
@github-actions github-actions bot mentioned this pull request Nov 14, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@saiskee saiskee saiskee approved these changes

@jenshu jenshu jenshu left review comments

Assignees
No one assigned
Labels
keep pr updated signals bulldozer to keep pr up to date with base branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@npolshakova @saiskee @jenshu