Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump helm from 3.11.3 to 3.14.1 for CVE-2024-25620 #2970

Closed
wants to merge 1 commit into from
Closed

Bump helm from 3.11.3 to 3.14.1 for CVE-2024-25620 #2970

wants to merge 1 commit into from

Conversation

dfarrell07
Copy link
Member

@dfarrell07 dfarrell07 commented Feb 16, 2024
edited
Loading

Update generated by:

go get helm.sh/helm/v3@v3.14.1
go mod tidy
<manually undo go toolchain addition>

Issue identified by a Dependabot alert (#2968) on devel.

@dfarrell07 dfarrell07 self-assigned this Feb 16, 2024
@submariner-bot
Copy link
Contributor

🤖 Created branch: z_pr2970/dfarrell07/CVE-2024-25620_016
🚀 Full E2E won't run until the "ready-to-test" label is applied. I will add it automatically once the PR has 2 approvals, or you can add it manually.

@dfarrell07 dfarrell07 force-pushed the CVE-2024-25620_016 branch 2 times, most recently from e21359e to 0c6eb48 Compare February 16, 2024 04:33
@dfarrell07 dfarrell07 changed the title Bump helm from 3.12.1 to 3.14.1 for CVE-2024-25620 Bump helm from 3.11.3 to 3.14.1 for CVE-2024-25620 Feb 16, 2024
skitt
skitt requested changes Feb 16, 2024
View reviewed changes
Copy link
Member

@skitt skitt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please redo this without -u to reduce the amount of churn. See submariner-io/shipyard#1555 (comment) for details.

@Jaanki Jaanki mentioned this pull request Feb 19, 2024
Closed
6 tasks
@dfarrell07
Bump helm from 3.11.3 to 3.14.1 for CVE-2024-25620
af99b17 
Update generated by:

```
go get helm.sh/helm/v3@v3.14.1
go mod tidy
<manually undo go toolchain addition>
```

Signed-off-by: Daniel Farrell <dfarrell@redhat.com>
@dfarrell07
Copy link
Member Author

Redid without -u, but I don't think that changed anything. Also didn't remove the go update this time, as discussed it seems that's caused by the Helm update.

@dfarrell07
Copy link
Member Author

Could it be a problem to bump the K8s versions in this repo but not other repos on this branch?

@tpantelis
Copy link
Contributor

We decided to ignore the CVE: #2979.

@tpantelis tpantelis closed this Feb 27, 2024
@submariner-bot
Copy link
Contributor

🤖 Closed branches: [z_pr2970/dfarrell07/CVE-2024-25620_016]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aswinsuryan aswinsuryan Awaiting requested review from aswinsuryan aswinsuryan is a code owner

@maayanf24 maayanf24 Awaiting requested review from maayanf24 maayanf24 is a code owner

@Oats87 Oats87 Awaiting requested review from Oats87 Oats87 is a code owner

@sridhargaddam sridhargaddam Awaiting requested review from sridhargaddam sridhargaddam is a code owner

@tpantelis tpantelis Awaiting requested review from tpantelis tpantelis is a code owner

@vthapar vthapar Awaiting requested review from vthapar vthapar is a code owner

@yboaron yboaron Awaiting requested review from yboaron yboaron is a code owner

@skitt skitt Awaiting requested review from skitt skitt is a code owner

Assignees

@dfarrell07 dfarrell07

Labels
security
Projects
No open projects
Submariner 0.18
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dfarrell07 @submariner-bot @tpantelis @skitt