search

openshift / hypershift

Hyperscale OpenShift - clusters with hosted control planes
https://hypershift-docs.netlify.app
Apache License 2.0
423 stars 313 forks source link

ACM-12352: Upgrade go-retryablehttp #4416

Closed rokej closed 1 month ago

rokej commented 2 months ago

What this PR does / why we need it:

This PR is to upgrade the go-retryablehttp to v0.7.7 which fixes CVE-2024-6104 go-retryablehttp: url might write sensitive information to log file.

Which issue(s) this PR fixes (optional, use fixes #<issue_number>(, fixes #<issue_number>, ...) format, where issue_number might be a GitHub issue, or a Jira story: https://issues.redhat.com/browse/ACM-12352

Checklist

openshift-ci-robot commented 2 months ago

@rokej: This pull request references ACM-12352 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target either version "4.17." or "openshift-4.17.", but it targets "MCE 2.4.1" instead.

In response to [this](https://github.com/openshift/hypershift/pull/4416): > >**What this PR does / why we need it**: > >This PR is to upgrade the go-retryablehttp to v0.7.7 which fixes CVE-2024-6104 go-retryablehttp: url might write sensitive information to log file. > >**Which issue(s) this PR fixes** *(optional, use `fixes #(, fixes #, ...)` format, where issue_number might be a GitHub issue, or a Jira story*: >https://issues.redhat.com/browse/ACM-12352 > >**Checklist** >- [ ] Subject and description added to both, commit and PR. >- [ ] Relevant issues have been referenced. >- [ ] This change includes docs. >- [ ] This change includes unit tests. Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fhypershift). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
openshift-ci[bot] commented 2 months ago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: rokej Once this PR has been reviewed and has the lgtm label, please assign sjenning for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/openshift/hypershift/blob/main/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
jparrill commented 2 months ago

/area dependency

jparrill commented 2 months ago

Hey @rokej you need to execute make update locally to add the new files added by the code generators and then add them to the PR. This is why verify test is failing, it detects that there are something not committed to the PR after the make verify execution.

openshift-merge-robot commented 2 months ago

PR needs rebase.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.
openshift-ci[bot] commented 1 month ago

@rokej: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/verify c6c9fd3c2f50552f12c99a85f2076206c37a4894 link true /test verify
ci/prow/e2e-azure c6c9fd3c2f50552f12c99a85f2076206c37a4894 link false /test e2e-azure
ci/prow/e2e-aws-4-17 c6c9fd3c2f50552f12c99a85f2076206c37a4894 link true /test e2e-aws-4-17
ci/prow/security c6c9fd3c2f50552f12c99a85f2076206c37a4894 link true /test security

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).