Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[sync] Update golang.org/x/net to v0.33.0 (#1463) #1471

Merged
merged 1 commit into from
Jan 2, 2025
Merged

[sync] Update golang.org/x/net to v0.33.0 (#1463) #1471

merged 1 commit into from
Jan 2, 2025

Conversation

zdtsw
Copy link
Member

@zdtsw zdtsw commented Jan 2, 2025

This change is to update to a version that isn't flagged as affected by CVE-2024-45338.

While we know that this operator doesn't call the vulnerable code paths (hooray for govulncheck), some scanning tools are not yet smart enough to be able to discern that. So it's preferable just to update.

Go advisory: https://pkg.go.dev/vuln/GO-2024-3333

(cherry picked from commit b36c13a)

Description

How Has This Been Tested?

Screenshot or short clip

Merge criteria

  • You have read the contributors guide.
  • Commit messages are meaningful - have a clear and concise summary and detailed explanation of what was changed and why.
  • Pull Request contains a description of the solution, a link to the JIRA issue, and to any dependent or related Pull Request.
  • Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
  • The developer has manually tested the changes and verified that the changes work

@grdryn @zdtsw
Update golang.org/x/net to v0.33.0 (opendatahub-io#1463)
9053596 
This change is to update to a version that isn't flagged as affected
by CVE-2024-45338.

While we know that this operator doesn't call the vulnerable code
paths (hooray for `govulncheck`), some scanning tools are not yet
smart enough to be able to discern that. So it's preferable just to
update.

Go advisory: https://pkg.go.dev/vuln/GO-2024-3333

(cherry picked from commit b36c13a)
@zdtsw zdtsw requested a review from grdryn January 2, 2025 11:48
@openshift-ci openshift-ci bot requested review from ugiordan and ykaliuta January 2, 2025 11:49
@zdtsw zdtsw added the rhoai label Jan 2, 2025
grdryn
grdryn approved these changes Jan 2, 2025
View reviewed changes
Copy link
Member

@grdryn grdryn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Jan 2, 2025
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jan 2, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: grdryn

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved label Jan 2, 2025
@codecov Codecov
Copy link

codecov bot commented Jan 2, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

Please upload report for BASE (rhoai@18aec6b). Learn more about missing BASE report.

Additional details and impacted files 
@@           Coverage Diff            @@
##             rhoai    #1471   +/-   ##
========================================
  Coverage         ?   18.87%           
========================================
  Files            ?       30           
  Lines            ?     3338           
  Branches         ?        0           
========================================
  Hits             ?      630           
  Misses           ?     2639           
  Partials         ?       69

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@zdtsw zdtsw enabled auto-merge (squash) January 2, 2025 13:33
@zdtsw zdtsw merged commit 855a8b4 into opendatahub-io:rhoai Jan 2, 2025
8 of 10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grdryn grdryn grdryn approved these changes

@ugiordan ugiordan Awaiting requested review from ugiordan

@ykaliuta ykaliuta Awaiting requested review from ykaliuta

Assignees

@grdryn grdryn

Labels
approved lgtm rhoai
Projects
ODH Platform Planning
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zdtsw @grdryn