search

openshift / ocp-release-operator-sdk

Apache License 2.0
16 stars 39 forks source link

OCPBUGS-5613: Bump goutils dependency from v1.1.0 to v1.1.1 for CVE-2021-4238 #298

Closed rashmigottipati closed 1 year ago

rashmigottipati commented 1 year ago

Description of the change: Bump goutils dependency from v1.1.0 to v1.1.1

Motivation for the change: https://nvd.nist.gov/vuln/detail/CVE-2021-4238

Checklist

If the pull request includes user-facing changes, extra documentation is required:

openshift-ci-robot commented 1 year ago

@rashmigottipati: This pull request references Jira Issue OCPBUGS-5613, which is invalid:

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to [this](https://github.com/openshift/ocp-release-operator-sdk/pull/298): >**Description of the change:** >Bump goutils dependency from v1.1.0 to v1.1.1 > >**Motivation for the change:** >https://nvd.nist.gov/vuln/detail/CVE-2021-4238 > >**Checklist** > >If the pull request includes user-facing changes, extra documentation is required: >- [ ] Add a new changelog fragment in `changelog/fragments` (see [`changelog/fragments/00-template.yaml`](https://github.com/operator-framework/operator-sdk/tree/master/changelog/fragments/00-template.yaml)) >- [ ] Add or update relevant sections of the docs website in [`website/content/en/docs`](https://github.com/operator-framework/operator-sdk/tree/master/website/content/en/docs) > Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
openshift-ci[bot] commented 1 year ago

@rashmigottipati: No Bugzilla bug is referenced in the title of this pull request. To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

In response to [this](https://github.com/openshift/ocp-release-operator-sdk/pull/298): >OCPBUGS-5613: Bump goutils dependency from v1.1.0 to v1.1.1 for CVE-2021-4238 Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
openshift-ci-robot commented 1 year ago

@rashmigottipati: No Jira bug is referenced in the title of this pull request. To reference a bug, add 'OCPBUGS-XXX:' to the title of this pull request and request another bug refresh with /jira refresh.

In response to [this](https://github.com/openshift/ocp-release-operator-sdk/pull/298): >**Description of the change:** >Bump goutils dependency from v1.1.0 to v1.1.1 > >**Motivation for the change:** >https://nvd.nist.gov/vuln/detail/CVE-2021-4238 > >**Checklist** > >If the pull request includes user-facing changes, extra documentation is required: >- [ ] Add a new changelog fragment in `changelog/fragments` (see [`changelog/fragments/00-template.yaml`](https://github.com/operator-framework/operator-sdk/tree/master/changelog/fragments/00-template.yaml)) >- [ ] Add or update relevant sections of the docs website in [`website/content/en/docs`](https://github.com/operator-framework/operator-sdk/tree/master/website/content/en/docs) > Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
openshift-ci[bot] commented 1 year ago

@rashmigottipati: This pull request references Bugzilla bug 2156729, which is invalid:

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to [this](https://github.com/openshift/ocp-release-operator-sdk/pull/298): >Bug 2156729: Bump goutils dependency from v1.1.0 to v1.1.1 for CVE-2021-4238 Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
jmrodri commented 1 year ago

@rashmigottipati the change in the PR looks correct. Nicely done.

openshift-ci-robot commented 1 year ago

@rashmigottipati: This pull request references Jira Issue OCPBUGS-5613, which is invalid:

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to [this](https://github.com/openshift/ocp-release-operator-sdk/pull/298): >**Description of the change:** >Bump goutils dependency from v1.1.0 to v1.1.1 > >**Motivation for the change:** >https://nvd.nist.gov/vuln/detail/CVE-2021-4238 > >**Checklist** > >If the pull request includes user-facing changes, extra documentation is required: >- [ ] Add a new changelog fragment in `changelog/fragments` (see [`changelog/fragments/00-template.yaml`](https://github.com/operator-framework/operator-sdk/tree/master/changelog/fragments/00-template.yaml)) >- [ ] Add or update relevant sections of the docs website in [`website/content/en/docs`](https://github.com/operator-framework/operator-sdk/tree/master/website/content/en/docs) > Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
openshift-ci[bot] commented 1 year ago

@rashmigottipati: No Bugzilla bug is referenced in the title of this pull request. To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

In response to [this](https://github.com/openshift/ocp-release-operator-sdk/pull/298): >OCPBUGS-5613: Bump goutils dependency from v1.1.0 to v1.1.1 for CVE-2021-4238 Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
oceanc80 commented 1 year ago

/jira refresh

openshift-ci-robot commented 1 year ago

@oceanc80: This pull request references Jira Issue OCPBUGS-5613, which is invalid:

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to [this](https://github.com/openshift/ocp-release-operator-sdk/pull/298#issuecomment-1387364463): >/jira refresh Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
oceanc80 commented 1 year ago

/jira refresh

openshift-ci-robot commented 1 year ago

@oceanc80: This pull request references Jira Issue OCPBUGS-5613, which is valid.

6 validation(s) were run on this bug * bug is open, matching expected state (open) * bug target version (4.8.z) matches configured target version for branch (4.8.z) * bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST) * dependent bug [Jira Issue OCPBUGS-5614](https://issues.redhat.com//browse/OCPBUGS-5614) is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE)) * dependent [Jira Issue OCPBUGS-5614](https://issues.redhat.com//browse/OCPBUGS-5614) targets the "4.9.z" version, which is one of the valid target versions: 4.9.0, 4.9.z * bug has dependents

No GitHub users were found matching the public email listed for the QA contact in Jira (jfan@redhat.com), skipping review request.

In response to [this](https://github.com/openshift/ocp-release-operator-sdk/pull/298#issuecomment-1387366335): >/jira refresh Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
openshift-ci[bot] commented 1 year ago

@rashmigottipati: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
rashmigottipati commented 1 year ago

@emmajiafan could you please review this PR and add the qe-approved label? Thanks!

oceanc80 commented 1 year ago

/label backport-risk-assessed

emmajiafan commented 1 year ago

/label qe-approved

oceanc80 commented 1 year ago

/label cherry-pick-approved

openshift-ci[bot] commented 1 year ago

@oceanc80: Can not set label cherry-pick-approved: Must be member in one of these teams: []

In response to [this](https://github.com/openshift/ocp-release-operator-sdk/pull/298#issuecomment-1396984310): >/label cherry-pick-approved Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
openshift-ci[bot] commented 1 year ago

@bandrade: Can not set label cherry-pick-approved: Must be member in one of these teams: []

In response to [this](https://github.com/openshift/ocp-release-operator-sdk/pull/298#pullrequestreview-1261836615): >/label cherry-pick-approved Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
openshift-ci[bot] commented 1 year ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bandrade, everettraven, rashmigottipati, varshaprasad96

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift/ocp-release-operator-sdk/blob/release-4.8/OWNERS)~~ [varshaprasad96] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
everettraven commented 1 year ago

/label cherry-pick-approved

openshift-ci[bot] commented 1 year ago

@everettraven: Can not set label cherry-pick-approved: Must be member in one of these teams: []

In response to [this](https://github.com/openshift/ocp-release-operator-sdk/pull/298#issuecomment-1397037836): >/label cherry-pick-approved Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
joelanford commented 1 year ago

I added it manually. Thanks folks!

openshift-ci-robot commented 1 year ago

@rashmigottipati: Jira Issue OCPBUGS-5613 is in an unrecognized state (ON_QA) and will not be moved to the MODIFIED state.

In response to [this](https://github.com/openshift/ocp-release-operator-sdk/pull/298): >**Description of the change:** >Bump goutils dependency from v1.1.0 to v1.1.1 > >**Motivation for the change:** >https://nvd.nist.gov/vuln/detail/CVE-2021-4238 > >**Checklist** > >If the pull request includes user-facing changes, extra documentation is required: >- [ ] Add a new changelog fragment in `changelog/fragments` (see [`changelog/fragments/00-template.yaml`](https://github.com/operator-framework/operator-sdk/tree/master/changelog/fragments/00-template.yaml)) >- [ ] Add or update relevant sections of the docs website in [`website/content/en/docs`](https://github.com/operator-framework/operator-sdk/tree/master/website/content/en/docs) > Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.