search

openshift / assisted-installer-agent

Apache License 2.0
24 stars 81 forks source link

ACM-14598: Libraries bump to mitigate CVE-2024-27289 #792

Closed paul-maidment closed 1 month ago

paul-maidment commented 1 month ago

The goal of this PR is to ensure that the github.com/jackc/pgx library is no longer on 4.16.0 which is vulnerable to CVE-2024-27289

By replacing the library, we achieve this.

Also, as we were unable to build a recent version of this project due to incompatible versions, the go version has been bumped to 1.21

openshift-ci-robot commented 1 month ago

@paul-maidment: This pull request references ACM-14598 which is a valid jira issue.

In response to [this](https://github.com/openshift/assisted-installer-agent/pull/792): >The goal of this PR is to ensure that the github.com/jackc/pgx library is no longer on 4.16.0 which is vulnerable to CVE-2024-27289 > >By replacing the library, we achieve this. Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fassisted-installer-agent). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
openshift-ci[bot] commented 1 month ago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: paul-maidment Once this PR has been reviewed and has the lgtm label, please assign adriengentil for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/openshift/assisted-installer-agent/blob/release-ocm-2.10/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
codecov[bot] commented 1 month ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 66.38%. Comparing base (558afa5) to head (ceeee98).

:exclamation: Current head ceeee98 differs from pull request most recent head c4c6c6f

Please upload reports for the commit c4c6c6f to get more accurate results.

Additional details and impacted files [![Impacted file tree graph](https://app.codecov.io/gh/openshift/assisted-installer-agent/pull/792/graphs/tree.svg?width=650&height=150&src=pr&token=ZYXZPU4167&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=openshift)](https://app.codecov.io/gh/openshift/assisted-installer-agent/pull/792?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=openshift) ```diff @@ Coverage Diff @@ ## release-ocm-2.10 #792 +/- ## ==================================================== + Coverage 60.56% 66.38% +5.81% ==================================================== Files 74 65 -9 Lines 3664 3031 -633 ==================================================== - Hits 2219 2012 -207 + Misses 1289 878 -411 + Partials 156 141 -15 ``` [see 10 files with indirect coverage changes](https://app.codecov.io/gh/openshift/assisted-installer-agent/pull/792/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=openshift)
openshift-ci-robot commented 1 month ago

@paul-maidment: This pull request references ACM-14598 which is a valid jira issue.

In response to [this](https://github.com/openshift/assisted-installer-agent/pull/792): >The goal of this PR is to ensure that the github.com/jackc/pgx library is no longer on 4.16.0 which is vulnerable to CVE-2024-27289 > >By replacing the library, we achieve this. > >Also, as we were unable to build a recent version of this project due to incompatible versions, the go version has been bumped to 1.21 Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fassisted-installer-agent). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
gamli75 commented 1 month ago

/retest

openshift-ci[bot] commented 1 month ago

@paul-maidment: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/unit-test c4c6c6f9ac014703772d5fc78f30a150c0d17cef link true /test unit-test
ci/prow/lint c4c6c6f9ac014703772d5fc78f30a150c0d17cef link true /test lint
ci/prow/mce-images c4c6c6f9ac014703772d5fc78f30a150c0d17cef link true /test mce-images
ci/prow/images c4c6c6f9ac014703772d5fc78f30a150c0d17cef link true /test images
ci/prow/e2e-ai-operator-ztp c4c6c6f9ac014703772d5fc78f30a150c0d17cef link true /test e2e-ai-operator-ztp
ci/prow/subsystem-test c4c6c6f9ac014703772d5fc78f30a150c0d17cef link true /test subsystem-test

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
paul-maidment commented 1 month ago

Will be covered by changes being made in https://github.com/openshift/assisted-installer-agent/pull/801