Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): security update #12250

Merged
merged 1 commit into from
Dec 12, 2024
Merged

chore(deps): security update #12250

merged 1 commit into from
Dec 12, 2024

Conversation

kumahq[bot]
Copy link
Contributor

@kumahq kumahq bot commented Dec 12, 2024

Scan output:

Before update:

OSV URL CVSS ECOSYSTEM PACKAGE VERSION SOURCE
Uncalled vulnerabilities
------------------------------------- ------ ----------- --------------------- --------- --------
https://osv.dev/GO-2024-3321 Go golang.org/x/crypto 0.30.0 go.mod
https://osv.dev/GHSA-v778-237x-gjrc

After update:

If a package is showing up in the scan but the script is not trying to update it then it might be because there is no fixed version yet.

@kumahq
chore(deps): security update
353442e 
Signed-off-by: kumahq[bot] <110050114+kumahq[bot]@users.noreply.github.com>
@kumahq kumahq bot added dependencies Pull requests that update a dependency file master labels Dec 12, 2024
@kumahq kumahq bot requested a review from a team as a code owner December 12, 2024 03:42
@kumahq kumahq bot requested review from bartsmykla and Icarus9913 and removed request for a team December 12, 2024 03:42
@github-actions GitHub Actions
Copy link
Contributor

Reviewer Checklist

🔍 Each of these sections need to be checked by the reviewer of the PR 🔍:
If something doesn't apply please check the box and add a justification if the reason is non obvious.

  • Is the PR title satisfactory? Is this part of a larger feature and should be grouped using > Changelog?
  • PR description is clear and complete. It Links to relevant issue as well as docs and UI issues
  • This will not break child repos: it doesn't hardcode values (.e.g "kumahq" as an image registry)
  • IPv6 is taken into account (.e.g: no string concatenation of host port)
  • Tests (Unit test, E2E tests, manual test on universal and k8s)
    • Don't forget ci/ labels to run additional/fewer tests
  • Does this contain a change that needs to be notified to users? In this case, UPGRADE.md should be updated.
  • Does it need to be backported according to the backporting policy? (this GH action will add "backport" label based on these file globs, if you want to prevent it from adding the "backport" label use no-backport-autolabel label)

@bartsmykla bartsmykla enabled auto-merge (squash) December 12, 2024 06:09
@bartsmykla bartsmykla merged commit 9619470 into master Dec 12, 2024
17 checks passed
@bartsmykla bartsmykla deleted the chore/security-updates-master branch December 12, 2024 06:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bartsmykla bartsmykla bartsmykla approved these changes

@Icarus9913 Icarus9913 Awaiting requested review from Icarus9913 Icarus9913 is a code owner automatically assigned from kumahq/kuma-maintainers

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file master
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@bartsmykla