OCPBUGS-37032: CVE-2024-3727 ose-machine-config-operator-container: containers/image: digest type does not guarantee valid type

[djoshy]

This bumps github.com/containers/image to v5.29.4 which includes the fix for CVE-2024-3727 vulnerability. More details can be found here.

[openshift-ci-robot]

@djoshy: This pull request references Jira Issue OCPBUGS-37032, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

* bug is open, matching expected state (open) * bug target version (4.18.0) matches configured target version for branch (4.18.0) * bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact: /cc @sergiordlr

The bug has been updated to refer to the pull request using the external bug tracker.

In response to [this](https://github.com/openshift/machine-config-operator/pull/4548): > > >This bumps github.com/containers/image to v5.29.4 which includes the fix for CVE-2024-3727 vulnerability. More details can be found [here](https://github.com/containers/image/pull/2418#issuecomment-2223604474). > > > Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fmachine-config-operator). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.

[cheesesashimi]

/lgtm /approve

[cheesesashimi]

/label acknowledge-critical-fixes-only

[cheesesashimi]

/retest e2e-hypershift

[openshift-ci[bot]]

@cheesesashimi: The /retest command does not accept any targets. The following commands are available to trigger required jobs:

• /test 4.12-upgrade-from-stable-4.11-images
• /test cluster-bootimages
• /test e2e-aws-ovn
• /test e2e-aws-ovn-upgrade
• /test e2e-gcp-op
• /test e2e-gcp-op-single-node
• /test e2e-hypershift
• /test images
• /test unit
• /test verify

The following commands are available to trigger optional jobs:

• /test 4.12-upgrade-from-stable-4.11-e2e-aws-ovn-upgrade
• /test bootstrap-unit
• /test e2e-aws-disruptive
• /test e2e-aws-ovn-fips
• /test e2e-aws-ovn-fips-op
• /test e2e-aws-ovn-upgrade-out-of-change
• /test e2e-aws-ovn-workers-rhel8
• /test e2e-aws-proxy
• /test e2e-aws-serial
• /test e2e-aws-single-node
• /test e2e-aws-upgrade-single-node
• /test e2e-aws-workers-rhel8
• /test e2e-azure
• /test e2e-azure-ovn-upgrade
• /test e2e-azure-ovn-upgrade-out-of-change
• /test e2e-azure-upgrade
• /test e2e-gcp-op-techpreview
• /test e2e-gcp-ovn-rt-upgrade
• /test e2e-gcp-rt
• /test e2e-gcp-rt-op
• /test e2e-gcp-single-node
• /test e2e-gcp-upgrade
• /test e2e-metal-assisted
• /test e2e-metal-ipi-ovn-dualstack
• /test e2e-metal-ipi-ovn-ipv6
• /test e2e-openstack
• /test e2e-openstack-dualstack
• /test e2e-openstack-externallb
• /test e2e-openstack-parallel
• /test e2e-ovirt
• /test e2e-ovirt-upgrade
• /test e2e-ovn-step-registry
• /test e2e-vsphere
• /test e2e-vsphere-ovn-upi
• /test e2e-vsphere-ovn-upi-zones
• /test e2e-vsphere-ovn-zones
• /test e2e-vsphere-upgrade
• /test okd-e2e-aws
• /test okd-e2e-gcp-op
• /test okd-e2e-upgrade
• /test okd-e2e-vsphere
• /test okd-images
• /test okd-scos-images
• /test security

Use /test all to run the following jobs that were automatically triggered:

• pull-ci-openshift-machine-config-operator-master-bootstrap-unit
• pull-ci-openshift-machine-config-operator-master-e2e-aws-ovn
• pull-ci-openshift-machine-config-operator-master-e2e-aws-ovn-upgrade
• pull-ci-openshift-machine-config-operator-master-e2e-aws-ovn-upgrade-out-of-change
• pull-ci-openshift-machine-config-operator-master-e2e-azure-ovn-upgrade-out-of-change
• pull-ci-openshift-machine-config-operator-master-e2e-gcp-op
• pull-ci-openshift-machine-config-operator-master-e2e-gcp-op-single-node
• pull-ci-openshift-machine-config-operator-master-e2e-gcp-op-techpreview
• pull-ci-openshift-machine-config-operator-master-e2e-hypershift
• pull-ci-openshift-machine-config-operator-master-e2e-vsphere-ovn-upi
• pull-ci-openshift-machine-config-operator-master-e2e-vsphere-ovn-upi-zones
• pull-ci-openshift-machine-config-operator-master-e2e-vsphere-ovn-zones
• pull-ci-openshift-machine-config-operator-master-images
• pull-ci-openshift-machine-config-operator-master-security
• pull-ci-openshift-machine-config-operator-master-unit
• pull-ci-openshift-machine-config-operator-master-verify

In response to [this](https://github.com/openshift/machine-config-operator/pull/4548#issuecomment-2311021594): >/retest e2e-hypershift Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.

[cheesesashimi]

/test e2e-hypershift

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 005ee68664fa12db7ec159deb984b30421331950 and 2 for PR HEAD bdea4517f8e2f16791aa23ca22b0fab9e80ef999 in total

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 005ee68664fa12db7ec159deb984b30421331950 and 2 for PR HEAD bdea4517f8e2f16791aa23ca22b0fab9e80ef999 in total

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 005ee68664fa12db7ec159deb984b30421331950 and 2 for PR HEAD bdea4517f8e2f16791aa23ca22b0fab9e80ef999 in total

[djoshy]

/test e2e-gcp-op

[djoshy]

/cherrypick release-4.17 release-4.16

[openshift-cherrypick-robot]

@djoshy: once the present PR merges, I will cherry-pick it on top of release-4.17 in a new PR and assign it to you.

In response to [this](https://github.com/openshift/machine-config-operator/pull/4548#issuecomment-2312509152): >/cherrypick release-4.17 release-4.16 Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 005ee68664fa12db7ec159deb984b30421331950 and 2 for PR HEAD bdea4517f8e2f16791aa23ca22b0fab9e80ef999 in total

[djoshy]

/retest

[djoshy]

/retest-required

[ptalgulk01]

No need of QE verification, the changes does not affect the MCO behaviour. Adding QE approved label

/label qe-approved

[openshift-ci-robot]

@djoshy: This pull request references Jira Issue OCPBUGS-37032, which is valid.

3 validation(s) were run on this bug

* bug is open, matching expected state (open) * bug target version (4.18.0) matches configured target version for branch (4.18.0) * bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact: /cc @sergiordlr

In response to [this](https://github.com/openshift/machine-config-operator/pull/4548): > > >This bumps github.com/containers/image to v5.29.4 which includes the fix for CVE-2024-3727 vulnerability. More details can be found [here](https://github.com/containers/image/pull/2418#issuecomment-2223604474). > > > Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fmachine-config-operator). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.

[cheesesashimi]

/lgtm /approve

[openshift-ci[bot]]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cheesesashimi, djoshy

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift/machine-config-operator/blob/master/OWNERS)~~ [cheesesashimi,djoshy] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD a3d9b1fe6cb9c5140e0a81091f91aef5f8dcc4ba and 2 for PR HEAD 7402f8d862755c4e680b4a397526288eabf37939 in total

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 70d43e63758a3fbb1577387dce9e21a5fe0b2e51 and 2 for PR HEAD 7402f8d862755c4e680b4a397526288eabf37939 in total

[djoshy]

/retest

[djoshy]

/retest

[djoshy]

/retest

[openshift-ci[bot]]

@djoshy: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).

[openshift-ci-robot]

@djoshy: Jira Issue OCPBUGS-37032: All pull requests linked via external trackers have merged:

• openshift/machine-config-operator#4548

Jira Issue OCPBUGS-37032 has been moved to the MODIFIED state.

In response to [this](https://github.com/openshift/machine-config-operator/pull/4548): > > >This bumps github.com/containers/image to v5.29.4 which includes the fix for CVE-2024-3727 vulnerability. More details can be found [here](https://github.com/containers/image/pull/2418#issuecomment-2223604474). > > > Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fmachine-config-operator). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.

[openshift-cherrypick-robot]

@djoshy: new pull request created: #4564

In response to [this](https://github.com/openshift/machine-config-operator/pull/4548#issuecomment-2312509152): >/cherrypick release-4.17 release-4.16 Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.

[openshift-bot]

[ART PR BUILD NOTIFIER]

Distgit: ose-machine-config-operator This PR has been included in build ose-machine-config-operator-container-v4.18.0-202409060444.p0.g1264949.assembly.stream.el9. All builds following this will include this PR.