Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

charts,build: Bump Dex image to 2.27.0 #2990

Merged
merged 1 commit into from
Dec 18, 2020
Merged

charts,build: Bump Dex image to 2.27.0 #2990

merged 1 commit into from
Dec 18, 2020

Conversation

TeddyAndrieux
Copy link
Collaborator

Component:

'dex'

Context:

#2985

Summary:

Because of "CVE-2020-15216" we need to use a newer Dex image, note that
at this time no stable repo exists for Dex helm3 chart so we still use
the deprecated chart where we only bump the Dex image version

Fixes: #2985

@TeddyAndrieux TeddyAndrieux requested a review from a team December 18, 2020 09:16
@bert-e
Copy link
Contributor

bert-e commented Dec 18, 2020

Hello teddyandrieux,

My role is to assist you with the merge of this
pull request. Please type @bert-e help to get information
on this process, or consult the user documentation.

Status report is not available.

@bert-e
Copy link
Contributor

bert-e commented Dec 18, 2020

Waiting for approval

The following approvals are needed before I can proceed with the merge:

  • the author

  • one peer

Peer approvals must include at least 1 approval from the following list:

@TeddyAndrieux TeddyAndrieux force-pushed the improvement/bump-dex-image-to-2.27.0 branch from a03e14e to a2f765e Compare December 18, 2020 09:17
NicolasT
NicolasT suggested changes Dec 18, 2020
View reviewed changes
buildchain/buildchain/constants.py Outdated Show resolved Hide resolved
charts/dex.yaml Outdated Show resolved Hide resolved
@bert-e
Copy link
Contributor

bert-e commented Dec 18, 2020

Waiting for approval

The following approvals are needed before I can proceed with the merge:

  • the author

  • one peer

Peer approvals must include at least 1 approval from the following list:

The following reviewers are expecting changes from the author, or must review again:

@TeddyAndrieux TeddyAndrieux force-pushed the improvement/bump-dex-image-to-2.27.0 branch from a2f765e to 75a539d Compare December 18, 2020 11:17
@TeddyAndrieux
charts,build: Bump Dex image to 2.27.0
cbe37cd 
Because of "CVE-2020-15216" we need to use a newer Dex image, note that
at this time no stable repo exists for Dex helm3 chart so we still use
the deprecated chart where we only bump the Dex image version

Fixes: #2985
@TeddyAndrieux TeddyAndrieux force-pushed the improvement/bump-dex-image-to-2.27.0 branch from 75a539d to cbe37cd Compare December 18, 2020 11:23
@bert-e
Copy link
Contributor

bert-e commented Dec 18, 2020

Waiting for approval

The following approvals are needed before I can proceed with the merge:

  • the author

  • one peer

Peer approvals must include at least 1 approval from the following list:

@TeddyAndrieux
Copy link
Collaborator Author

/approve

@bert-e
Copy link
Contributor

bert-e commented Dec 18, 2020

Build failed

The build for commit did not succeed in branch improvement/bump-dex-image-to-2.27.0.

The following options are set: approve

@bert-e
Copy link
Contributor

bert-e commented Dec 18, 2020

In the queue

The changeset has received all authorizations and has been added to the
relevant queue(s). The queue(s) will be merged in the target development
branch(es) as soon as builds have passed.

The changeset will be merged in:

  • ✔️ development/2.7

The following branches will NOT be impacted:

  • development/1.0
  • development/1.1
  • development/1.2
  • development/1.3
  • development/2.0
  • development/2.1
  • development/2.2
  • development/2.3
  • development/2.4
  • development/2.5
  • development/2.6

There is no action required on your side. You will be notified here once
the changeset has been merged. In the unlikely event that the changeset
fails permanently on the queue, a member of the admin team will
contact you to help resolve the matter.

IMPORTANT

Please do not attempt to modify this pull request.

  • Any commit you add on the source branch will trigger a new cycle after the
    current queue is merged.
  • Any commit you add on one of the integration branches will be lost.

If you need this pull request to be removed from the queue, please contact a
member of the admin team now.

The following options are set: approve

@bert-e
Copy link
Contributor

bert-e commented Dec 18, 2020

I have successfully merged the changeset of this pull request
into targetted development branches:

  • ✔️ development/2.7

The following branches have NOT changed:

  • development/1.0
  • development/1.1
  • development/1.2
  • development/1.3
  • development/2.0
  • development/2.1
  • development/2.2
  • development/2.3
  • development/2.4
  • development/2.5
  • development/2.6

Please check the status of the associated issue None.

Goodbye teddyandrieux.

@bert-e bert-e merged commit cbe37cd into development/2.7 Dec 18, 2020
@bert-e bert-e deleted the improvement/bump-dex-image-to-2.27.0 branch December 18, 2020 18:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NicolasT NicolasT NicolasT approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Dex is vulnerable to Signature Validation Bypass (CVE-2020-15216)
3 participants
@TeddyAndrieux @bert-e @NicolasT