chore(deps): CVE-2024-37890 force ws resolution to 8.17.1 [1.3] #1755
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: RHDH Build (rhdh-bot) <[email protected]>
…rn.lock" This reverts commit dfe9a07.
…-idp#1300) * feat: support catalog entity extra context menu items. This is required to support adding plugins like the `badges` or `playlist` plugins as dynamic plugins. Signed-off-by: David Festal <[email protected]> * fix some Sonar warnings. Signed-off-by: David Festal <[email protected]> --------- Signed-off-by: David Festal <[email protected]> Co-authored-by: David Festal <[email protected]>
…er permissions (janus-idp#1301) * chore: add patches for scaffolder audit logging * chore: update scaffolder backend patch Signed-off-by: Frank Kong <[email protected]> * chore: add scaffolder permission via patch Signed-off-by: Frank Kong <[email protected]> * chore: update patch to depend on the audit-log-node package Signed-off-by: Frank Kong <[email protected]> --------- Signed-off-by: Frank Kong <[email protected]> Co-authored-by: Frank Kong <[email protected]>
This change exposes the dynamic UI configuration to dynamic plugins via the scalprum API holder available with the scalprum React API. This change also moves around some blocks for consistency and improves the typing for the DynamicRootContext objects. Signed-off-by: Stan Lewis <[email protected]> Co-authored-by: Stan Lewis <[email protected]>
…#1303) * feat: add the scaffolder relation processor plugin Signed-off-by: Frank Kong <[email protected]> * chore: update default dynamic plugin config path Signed-off-by: Frank Kong <[email protected]> * chore: update dynamic-plugins-info UI E2E test Signed-off-by: Frank Kong <[email protected]> --------- Signed-off-by: Frank Kong <[email protected]> Co-authored-by: Frank Kong <[email protected]>
* chore(deps): update janus deps Signed-off-by: Paul Schultz <[email protected]> * Update dynamic-plugins/imports/package.json * update deps Signed-off-by: Paul Schultz <[email protected]> * fix test Signed-off-by: Paul Schultz <[email protected]> * update plugins Signed-off-by: Paul Schultz <[email protected]> --------- Signed-off-by: Paul Schultz <[email protected]> Co-authored-by: Nick Boldt <[email protected]>
…anus-idp#1313) * chore(auth): make oidc auth provider resolvers configurable Signed-off-by: Frank Kong <[email protected]> * deps(auth): pin oidc auth provider module version Signed-off-by: Frank Kong <[email protected]> --------- Signed-off-by: Frank Kong <[email protected]> Co-authored-by: Frank Kong <[email protected]>
* RHDH pre-submit and post-submit job for 1.2.x * RHDH pre-submit and post-submit job for 1.2.x * RHDH pre-submit and post-submit job for 1.2.x * RHDH pre-submit and post-submit job for 1.2.x * RHDH pre-submit and post-submit job for 1.2.x * RHDH pre-submit and post-submit job for 1.2.x --------- Co-authored-by: Subhash Khileri <[email protected]>
Co-authored-by: Patrick <[email protected]> Co-authored-by: Nick Boldt <[email protected]>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…us-idp#1329) * chore(auth): add default resolver for OIDC auth provider Signed-off-by: Frank Kong <[email protected]> * docs(auth): update oidc and guest configuration docs Signed-off-by: Frank Kong <[email protected]> --------- Signed-off-by: Frank Kong <[email protected]> Co-authored-by: Frank Kong <[email protected]>
…anus-idp#1324) * chore(metadata): add metadata to wrapped plugins and set as TP or GA based on https://docs.google.com/spreadsheets/d/1dNUAGTeosEzreX9fxFTW1Vq3oGCbHroZ_DFEL8sjfjY/edit#gid=0 (RHIDP-2326, RHIDP-1502) Signed-off-by: Nick Boldt <[email protected]> * switch to RH as author of the wrapped plugins and use RHIDP jira instead of https://github.com/janus-idp/backstage-plugins/issues Signed-off-by: Nick Boldt <[email protected]> --------- Signed-off-by: Nick Boldt <[email protected]>
Signed-off-by: RHDH Build (rhdh-bot) <[email protected]> Co-authored-by: RHDH Build (rhdh-bot) <[email protected]>
…janus-idp#1346) Signed-off-by: Nick Boldt <[email protected]>
….lock (janus-idp#1348) Signed-off-by: Nick Boldt <[email protected]> Co-authored-by: Nick Boldt <[email protected]>
…y to 1.2.x branch of janus-showcase because it is the new scope. (janus-idp#1367) * Pulling in scaffolder-relation-processor plugin from @backstage-community because it is the new scope. * add @backstage-community/plugin-catalog-backend-module-scaffolder-relation-processor to the dependencies section rather than the peerDependencies section for automatic installtion and direct dependency * add @backstage-community/plugin-catalog-backend-module-scaffolder-relation-processor * install dependencies --------- Co-authored-by: Nick Boldt <[email protected]>
Signed-off-by: Frank Kong <[email protected]>
…community to 1.2.x branch of janus-showcase because it is the new scope. (janus-idp#1367)" This reverts commit b3561bf.
Co-authored-by: Zbyněk Drápela <[email protected]>
Co-authored-by: Joseph Kim <[email protected]>
… page (RHIDP-2961) (janus-idp#1423) Signed-off-by: Nick Boldt <[email protected]>
Signed-off-by: Christoph Jerolimov <[email protected]>
Signed-off-by: Yi Cai <[email protected]> Co-authored-by: Yi Cai <[email protected]>
Signed-off-by: Nick Boldt <[email protected]> Co-authored-by: Nick Boldt <[email protected]>
Co-authored-by: Subhash Khileri <[email protected]>
…anus-idp#1487) Signed-off-by: Kim Tsao <[email protected]>
* chore: [1.2.x] fix CVE-2024-39338 Signed-off-by: Kim Tsao <[email protected]> * chore: re-run yarn install, remove name property Signed-off-by: Kim Tsao <[email protected]> --------- Signed-off-by: Kim Tsao <[email protected]>
…-idp#1593) Signed-off-by: Nick Boldt <[email protected]> Co-authored-by: Nick Boldt <[email protected]>
…mestamp` fix (janus-idp#1611) * [e2e] Switch `droute` pod for RP and update (janus-idp#1576) * Try new pod for droute e2e * Get podname * Avoid droute failure marking test run as failed * Update droute to 1.2 * Revert "Avoid droute failure marking test run as failed" This reverts commit b6678e4. * Add TFA auto finalization for droute RP * Fix for prettier * Move `droute_send` to `utils.sh` * Add (Gi|Mi) instead of Gi in regex * cherrypick catalog-timestamp fix * Update e2e-tests/playwright/e2e/plugins/ocm.spec.ts Co-authored-by: Subhash Khileri <[email protected]> * Disable Keycloak temporarily * Skip Quay.io test * Add dependent changes to the test fix * Fix GH tests * Add utils.sh --------- Co-authored-by: Subhash Khileri <[email protected]>
…janus-idp#1693) Signed-off-by: Nick Boldt <[email protected]>
Signed-off-by: Gustavo Lira <[email protected]> Co-authored-by: Gustavo Lira <[email protected]>
* Update KEYCLOAK_BASE_URL secret handling (janus-idp#1731) The KEYCLOAK_BASE_URL is now fetched from a file instead of being hard-coded. This change enhances security by avoiding the storage of sensitive URLs directly in the configuration files. Additionally, the corresponding base64 value in the secrets YAML has been updated to a placeholder. Signed-off-by: Gustavo Lira <[email protected]> * Fix `droute` limiting attachment size (janus-idp#1741) --------- Signed-off-by: Gustavo Lira <[email protected]> Co-authored-by: Gustavo Lira e Silva <[email protected]>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
The image is available at: |
* update ocm-backend * update @janus-idp/cli to 1.10.1
|
|
Looks good - should there be a PR for 1.3 branch too? |
This should have been for |
nickboldt
changed the title
|
hmm... moved target to release-1.3 and created a lot of conflicts. Oops. Might be best to start over with a fresh PR @Fortune-Ndlovu |
|
The image is available at: |
|
Sounds good. Creating fresh PR... |
|
@Fortune-Ndlovu: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
fresh pr: #1762 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
CVE 2024 37890 force ws resolution to 8.17.1 [release-1.3]
Corresponding PR: #1728
Which issue(s) does this PR fix
PR acceptance criteria
Please make sure that the following steps are complete:
How to test changes / Special notes to the reviewer