Open SeanDougherty opened 2 days ago
All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)
*-static
Release
./cgmanifest.json
./toolkit/scripts/toolchain/cgmanifest.json
.github/workflows/cgmanifest.json
./SPECS/LICENSES-AND-NOTICES/data/licenses.json
./SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md
./SPECS/LICENSES-AND-NOTICES/LICENSE-EXCEPTIONS.PHOTON
*.signatures.json
sudo make go-tidy-all
sudo make go-test-coverage
This PR patches a vendored dependency, go-jose.v2, in the keda package to address CVE-2024-28180.
go-jose.v2
NO
Merge Checklist
All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)
*-static
subpackages, etc.) have had theirRelease
tag incremented../cgmanifest.json
,./toolkit/scripts/toolchain/cgmanifest.json
,.github/workflows/cgmanifest.json
)./SPECS/LICENSES-AND-NOTICES/data/licenses.json
,./SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md
,./SPECS/LICENSES-AND-NOTICES/LICENSE-EXCEPTIONS.PHOTON
)*.signatures.json
filessudo make go-tidy-all
andsudo make go-test-coverage
passSummary
This PR patches a vendored dependency,
go-jose.v2
, in the keda package to address CVE-2024-28180.Change Log
Does this affect the toolchain?
NO
Associated issues
Links to CVEs
Test Methodology