Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update gRPC dependency to fix CVE-2023-32731 vulnerability #194

Closed
wants to merge 1 commit into from
Closed

Update gRPC dependency to fix CVE-2023-32731 vulnerability #194

wants to merge 1 commit into from

Conversation

michael-valdron
Copy link
Member

What does this PR do?:

Summarize the changes. Are any stacks or samples added or updated?

Fixes the high risk vulnerability CVE-2023-32731 by updating the google.golang.org/grpc under validate devfile schemas test suite.

Which issue(s) this PR fixes:

Link to github issue(s)

part of devfile/api#1180

PR acceptance criteria:

  • Contributing guide
    Have you read the devfile registry contributing guide and followed its instructions?
  • Test automation
    Does this repository's tests pass with your changes?
  • Documentation
    Does any documentation need to be updated with your changes?
  • Check Tools Provider
    Have you tested the changes with existing tools, i.e. Odo, Che, Console? (See devfile registry contributing guide on how to test changes)

How to test changes / Special notes to the reviewer:

@michael-valdron
update google.golang.org/grpc dependency to fix vulnerability for val…
f78fb7b 
…idate devfile schemas test suite

Signed-off-by: Michael Valdron <[email protected]>
@openshift-ci openshift-ci bot requested a review from thepetk July 19, 2023 20:52
@openshift-ci
Copy link

openshift-ci bot commented Jul 19, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: michael-valdron

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@michael-valdron michael-valdron mentioned this pull request Jul 19, 2023
Closed
4 tasks
@michael-valdron
Copy link
Member Author

/hold

devfile/registry-operator#44 (comment)

@michael-valdron
Copy link
Member Author

/unhold

@michael-valdron michael-valdron marked this pull request as draft July 26, 2023 16:30
@michael-valdron
Copy link
Member Author

These changes are no longer needed.

@michael-valdron michael-valdron added the wontfix This will not be worked on label Sep 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@johnmcollier johnmcollier Awaiting requested review from johnmcollier

@maysunfaisal maysunfaisal Awaiting requested review from maysunfaisal

@mike-hoang mike-hoang Awaiting requested review from mike-hoang

@thepetk thepetk Awaiting requested review from thepetk

Assignees
No one assigned
Labels
approved do-not-merge/work-in-progress wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@michael-valdron