Skip to content

[release-1.24] OCPBUGS-20596: build(deps): bump google.golang.org/grpc from 1.43.0 to 1.58.3 #7421

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 20, 2023
Merged

[release-1.24] OCPBUGS-20596: build(deps): bump google.golang.org/grpc from 1.43.0 to 1.58.3 #7421

merged 1 commit into from
Nov 20, 2023

Conversation

kwilczynski
Copy link
Contributor

This is a manual cherry-pick of #7366

/kind dependency-change
/assign kwilczynski

Update the google.golang.org/grpc package from 1.43.0 to 1.58.3 to fix vulnerabilities CVE-2023-39325 and CVE-2023-4448.

@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 22, 2023
@openshift-ci openshift-ci bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/dependency-change Categorizes issue or PR as related to changing dependencies dco-signoff: no Indicates the PR's author has not DCO signed all their commits. labels Oct 22, 2023
@openshift-ci openshift-ci bot requested review from hasan4791 and wgahnagl October 22, 2023 03:15
@kwilczynski kwilczynski changed the base branch from main to release-1.24 October 22, 2023 03:15
@kwilczynski kwilczynski requested a review from runcom as a code owner October 22, 2023 03:15
@kwilczynski kwilczynski changed the title Feature/cherry pick 2a04f729a to release 1.24 [release-1.24] OCPBUGS-20596: build(deps): bump google.golang.org/grpc from 1.43.0 to 1.58.3 Oct 22, 2023
@openshift-ci-robot openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Oct 22, 2023
@openshift-ci-robot
Copy link

@kwilczynski: This pull request references Jira Issue OCPBUGS-20596, which is invalid:

  • expected Jira Issue OCPBUGS-20596 to depend on a bug in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but no dependents were found

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

This is a manual cherry-pick of #7366

/kind dependency-change
/assign kwilczynski

Update the google.golang.org/grpc package from 1.43.0 to 1.58.3 to fix vulnerabilities CVE-2023-39325 and CVE-2023-4448.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@kwilczynski kwilczynski mentioned this pull request Oct 22, 2023
Closed
@kwilczynski
Copy link
Contributor Author

/retest-required

@kwilczynski kwilczynski force-pushed the feature/cherry-pick-2a04f729a-to-release-1.24 branch from 1ba61bf to 8d4f0f6 Compare October 22, 2023 23:15
@openshift-ci openshift-ci bot added dco-signoff: yes Indicates the PR's author has DCO signed all their commits. and removed dco-signoff: no Indicates the PR's author has not DCO signed all their commits. labels Oct 22, 2023
@openshift-merge-robot openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 22, 2023
@codecov
Copy link

codecov bot commented Oct 23, 2023
edited
Loading

Codecov Report

Merging #7421 (74260b4) into release-1.24 (4bfe15a) will decrease coverage by 0.01%.
Report is 4 commits behind head on release-1.24.
The diff coverage is n/a.

Additional details and impacted files 
@@               Coverage Diff                @@
##           release-1.24    #7421      +/-   ##
================================================
- Coverage         42.80%   42.79%   -0.01%     
================================================
  Files               124      124              
  Lines             12786    12786              
================================================
- Hits               5473     5472       -1     
- Misses             6787     6788       +1     
  Partials            526      526

@kwilczynski kwilczynski force-pushed the feature/cherry-pick-2a04f729a-to-release-1.24 branch 8 times, most recently from 1199fb8 to 6fa3fc3 Compare October 23, 2023 07:29
@kwilczynski
Copy link
Contributor Author

/test e2e-agnostic
/test e2e-gcp

@kwilczynski kwilczynski force-pushed the feature/cherry-pick-2a04f729a-to-release-1.24 branch 5 times, most recently from 933d988 to 74260b4 Compare November 14, 2023 06:11
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Nov 14, 2023

@kwilczynski: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/periodics-images 1ba61bf link true /test periodics-images
ci/prow/e2e-gcp-ovn 1ba61bf link true /test e2e-gcp-ovn
ci/prow/ci-e2e-evented-pleg 1ba61bf link true /test ci-e2e-evented-pleg
ci/prow/ci-e2e 1ba61bf link true /test ci-e2e
ci/prow/ci-cgroupv2-e2e 1ba61bf link true /test ci-cgroupv2-e2e
ci/prow/ci-cgroupv2-e2e-features 1ba61bf link true /test ci-cgroupv2-e2e-features
ci/prow/ci-rhel-critest 1ba61bf link true /test ci-rhel-critest
ci/prow/ci-rhel-e2e 1ba61bf link true /test ci-rhel-e2e
ci/prow/ci-fedora-critest 1ba61bf link true /test ci-fedora-critest
ci/prow/ci-fedora-integration 1ba61bf link true /test ci-fedora-integration
ci/prow/ci-cgroupv2-integration 1ba61bf link true /test ci-cgroupv2-integration
ci/prow/ci-fedora-kata 1ba61bf link true /test ci-fedora-kata
ci/prow/ci-cgroupv2-e2e-crun 1ba61bf link true /test ci-cgroupv2-e2e-crun
ci/prow/ci-crun-e2e 1ba61bf link true /test ci-crun-e2e
ci/prow/ci-e2e-conmonrs 1ba61bf link true /test ci-e2e-conmonrs
ci/prow/ci-images 1ba61bf link true /test ci-images
ci/prow/e2e-aws-ovn 1ba61bf link true /test e2e-aws-ovn
ci/prow/e2e-agnostic 74260b4 link true /test e2e-agnostic
ci/prow/e2e-gcp 74260b4 link true /test e2e-gcp

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@kwilczynski
Copy link
Contributor Author

/hold

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 14, 2023
saschagrunert
saschagrunert approved these changes Nov 20, 2023
View reviewed changes
Copy link
Member

@saschagrunert saschagrunert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Nov 20, 2023
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Nov 20, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kwilczynski, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 20, 2023
@kwilczynski
Copy link
Contributor Author

/hold cancel

@openshift-ci openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 20, 2023
@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 20, 2023
@dependabot
build(deps): bump google.golang.org/grpc from 1.43.0 to 1.58.3
c57ce3a 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.43.0 to 1.58.3.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.43.0...v1.58.3)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@kwilczynski kwilczynski force-pushed the feature/cherry-pick-2a04f729a-to-release-1.24 branch from 74260b4 to c57ce3a Compare November 20, 2023 11:39
@openshift-ci openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Nov 20, 2023
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Nov 20, 2023

New changes are detected. LGTM label has been removed.

@openshift-merge-robot openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 20, 2023
@kwilczynski
Copy link
Contributor Author

Rebased manually to resolve conflicts.

@saschagrunert saschagrunert merged commit 7f73171 into cri-o:release-1.24 Nov 20, 2023
@openshift-ci-robot
Copy link

@kwilczynski: Jira Issue OCPBUGS-20596 is in an unrecognized state (MODIFIED) and will not be moved to the MODIFIED state.

In response to this:

This is a manual cherry-pick of #7366

/kind dependency-change
/assign kwilczynski

Update the google.golang.org/grpc package from 1.43.0 to 1.58.3 to fix vulnerabilities CVE-2023-39325 and CVE-2023-4448.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@kwilczynski kwilczynski deleted the feature/cherry-pick-2a04f729a-to-release-1.24 branch November 20, 2023 11:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@saschagrunert saschagrunert saschagrunert approved these changes

@fidencio fidencio Awaiting requested review from fidencio

@mrunalp mrunalp Awaiting requested review from mrunalp mrunalp is a code owner

@hasan4791 hasan4791 Awaiting requested review from hasan4791

@wgahnagl wgahnagl Awaiting requested review from wgahnagl

@runcom runcom Awaiting requested review from runcom runcom is a code owner

Assignees

@kwilczynski kwilczynski

@saschagrunert saschagrunert

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. kind/dependency-change Categorizes issue or PR as related to changing dependencies release-note Denotes a PR that will be considered when it comes time to generate release notes.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kwilczynski @openshift-ci-robot @saschagrunert @openshift-merge-robot