Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade tough-cookie and semver #135

Merged
merged 2 commits into from
Jul 11, 2023
Merged

Upgrade tough-cookie and semver #135

merged 2 commits into from
Jul 11, 2023

Conversation

rupal-bq
Copy link
Contributor

@rupal-bq rupal-bq commented Jul 11, 2023
edited
Loading

Description

Issues Resolved

CVE-2023-26136
CVE-2022-25883

Check List

  • New functionality includes testing.
    • All tests pass, including unit test, integration test and doctest
  • New functionality has been documented.
    • New functionality has javadoc added
    • New functionality has user manual doc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@rupal-bq rupal-bq self-assigned this Jul 11, 2023
@rupal-bq rupal-bq added backport 2.x backport 2.9 dependencies Pull requests that update a dependency file labels Jul 11, 2023
@rupal-bq rupal-bq changed the title Upgrade tough-cookie to fix CVE-2023-26136 Upgrade tough-cookie and semver Jul 11, 2023
@rupal-bq rupal-bq merged commit 9d17a87 into opensearch-project:main Jul 11, 2023
opensearch-trigger-bot bot pushed a commit that referenced this pull request Jul 11, 2023
@rupal-bq @github-actions
Upgrade tough-cookie and semver (#135)
18319ae 
* Upgrade tough-cookie to fix CVE-2023-26136

Signed-off-by: Rupal Mahajan <[email protected]>

* Add semver resolution to patch CVE-2022-25883

Signed-off-by: Rupal Mahajan <[email protected]>

---------

Signed-off-by: Rupal Mahajan <[email protected]>
(cherry picked from commit 9d17a87)
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Jul 11, 2023
Merged
opensearch-trigger-bot bot pushed a commit that referenced this pull request Jul 11, 2023
@rupal-bq @github-actions
Upgrade tough-cookie and semver (#135)
69ee2a9 
* Upgrade tough-cookie to fix CVE-2023-26136

Signed-off-by: Rupal Mahajan <[email protected]>

* Add semver resolution to patch CVE-2022-25883

Signed-off-by: Rupal Mahajan <[email protected]>

---------

Signed-off-by: Rupal Mahajan <[email protected]>
(cherry picked from commit 9d17a87)
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Jul 11, 2023
Merged
rupal-bq added a commit that referenced this pull request Jul 11, 2023
@opensearch-trigger-bot @rupal-bq
Upgrade tough-cookie and semver (#135) (#137)
655c41c 
* Upgrade tough-cookie to fix CVE-2023-26136

Signed-off-by: Rupal Mahajan <[email protected]>

* Add semver resolution to patch CVE-2022-25883

Signed-off-by: Rupal Mahajan <[email protected]>

---------

Signed-off-by: Rupal Mahajan <[email protected]>
(cherry picked from commit 9d17a87)

Co-authored-by: Rupal Mahajan <[email protected]>
rupal-bq added a commit that referenced this pull request Jul 11, 2023
@opensearch-trigger-bot @rupal-bq
Upgrade tough-cookie and semver (#135) (#136)
e4a5d20 
* Upgrade tough-cookie to fix CVE-2023-26136

Signed-off-by: Rupal Mahajan <[email protected]>

* Add semver resolution to patch CVE-2022-25883

Signed-off-by: Rupal Mahajan <[email protected]>

---------

Signed-off-by: Rupal Mahajan <[email protected]>
(cherry picked from commit 9d17a87)

Co-authored-by: Rupal Mahajan <[email protected]>
@opensearch-trigger-bot
Copy link
Contributor

The backport to 1.3 failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-1.3 1.3
# Navigate to the new working tree
cd .worktrees/backport-1.3
# Create a new branch
git switch --create backport/backport-135-to-1.3
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 9d17a87630e504b9d5758136fa39293637ae86f1
# Push it to GitHub
git push --set-upstream origin backport/backport-135-to-1.3
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-1.3

Then, create a pull request where the base branch is 1.3 and the compare/head branch is backport/backport-135-to-1.3.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@YANG-DB YANG-DB YANG-DB approved these changes

@derek-ho derek-ho derek-ho approved these changes

@anirudha anirudha anirudha approved these changes

@pjfitzgibbons pjfitzgibbons Awaiting requested review from pjfitzgibbons

@ps48 ps48 Awaiting requested review from ps48 ps48 is a code owner

@kavithacm kavithacm Awaiting requested review from kavithacm kavithacm is a code owner

@joshuali925 joshuali925 Awaiting requested review from joshuali925 joshuali925 is a code owner

@dai-chen dai-chen Awaiting requested review from dai-chen dai-chen is a code owner

@mengweieric mengweieric Awaiting requested review from mengweieric mengweieric is a code owner

@vmmusings vmmusings Awaiting requested review from vmmusings

@Swiddis Swiddis Awaiting requested review from Swiddis Swiddis is a code owner

@penghuo penghuo Awaiting requested review from penghuo penghuo is a code owner

@seankao-az seankao-az Awaiting requested review from seankao-az seankao-az is a code owner

Assignees

@rupal-bq rupal-bq

Labels
backport 1.3 backport 2.x backport 2.9 dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@rupal-bq @anirudha @derek-ho @YANG-DB @kavithacm