search

envoyproxy / envoy

Cloud-native high-performance edge/middle/service proxy
https://www.envoyproxy.io
Apache License 2.0
25.07k stars 4.82k forks source link

Patch c-ares CVE-2024-25629 #37269

Open yanavlasov opened 1 day ago

yanavlasov commented 1 day ago

Additional Description: c-ares is currently behind on upgrades due to incompatibility with gRPC. Patching c-ares CVE-2024-25629 to avoid scanner complaints.

Risk Level: Low Testing: Unit Test Docs Changes: N/A Release Notes: N/A Platform Specific Features: N/A

repokitteh-read-only[bot] commented 1 day ago

CC @envoyproxy/dependency-shepherds: Your approval is needed for changes made to (bazel/.*repos.*\.bzl)|(bazel/dependency_imports\.bzl)|(api/bazel/.*\.bzl)|(.*/requirements\.txt)|(.*\.patch). envoyproxy/dependency-shepherds assignee is @moderation

:cat: Caused by: https://github.com/envoyproxy/envoy/pull/37269 was opened by yanavlasov. see: [more](https://github.com/envoyproxy/envoy/pull/37269), [trace](https://prod.repokitteh.app/traces/ui/envoyproxy/envoy/4f1b4d20-a77b-11ef-80aa-43374f542b21).