Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-1.13] bump otel dependency: fixing CVE alert #6437

Closed
wants to merge 41 commits into from
Closed

[release-1.13] bump otel dependency: fixing CVE alert #6437

wants to merge 41 commits into from

Conversation

inteon
Copy link
Member

@inteon inteon commented Oct 20, 2023

Bump the otel dependency to fix a CVE alert.

Kind

/kind cleanup

Release Note

NONE

inteon and others added 30 commits September 12, 2023 08:45
@inteon
fix trivy CVE alert for cyphar/filepath-securejoin
2bf89ee 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@jetstack-bot
Merge pull request cert-manager#6335 from jetstack-bot/cherry-pick-63…
84d51a1 
…33-to-release-1.13

[release-1.13] Fix trivy CVE alert for cyphar/filepath-securejoin
@inteon @pmerrison
upgrade dependencies
d540b36 
Co-authored-by: Paul Merrison <paul@tetrate.io>
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@jetstack-bot
Merge pull request cert-manager#6338 from jetstack-bot/cherry-pick-63…
a7a7fab 
…32-to-release-1.13

[release-1.13] Upgrade dependencies
@inteon
update cert-manager version imported by cmctl to the latest 'release-…
37d3b66 
…1.13' commit

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@jetstack-bot
Merge pull request cert-manager#6339 from inteon/release-1.13_cmrel
d34bd7a 
Update cert-manager version imported by cmctl to the latest 'release-1.13' commit
@inteon
BUGFIX: CertificateRequest short names must be unique.
60bff40 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@inteon
add uniqueness check for names util
47fb159 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@inteon
fix feedback: make hash secure
bd33617 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@inteon
add more test cases and fix typo
7bd7baf 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@inteon
add extra comment
ed86440 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@jetstack-bot
Merge pull request cert-manager#6358 from jetstack-bot/cherry-pick-63…
661aa82 
…54-to-release-1.13

[release-1.13] BUGFIX: CertificateRequest short names must be unique.
@inteon
fix go-restful 'DO NOT USE' version
d1f1831 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@jetstack-bot
Merge pull request cert-manager#6368 from inteon/release-1.13_go_rest…
bb7ddf0 
…ful_3

[release-1.13] Fix go-restful dependency "do not use" version
@inteon
upgrade go from 1.20.7 to 1.20.8
22b41ea 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@jetstack-bot
Merge pull request cert-manager#6370 from jetstack-bot/cherry-pick-63…
f64cbc0 
…69-to-release-1.13

[release-1.13] Upgrade Go from 1.20.7 to 1.20.8
@inteon
import latest release-1.13 commit in cmctl
309aff2 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@jetstack-bot
Merge pull request cert-manager#6374 from inteon/release-1.13_ctl
8472ff4 
[release-1.13] import latest release 1.13 commit in cmctl
@asapekia
closes cert-manager#6346
5806ddd 
Signed-off-by: Arin <136636751+asapekia@users.noreply.github.com>
@jetstack-bot
Merge pull request cert-manager#6381 from jetstack-bot/cherry-pick-63…
bcc17fd 
…80-to-release-1.13

[release-1.13] BUGFIX[helm]: Fix issue where webhook feature gates were only set if controller feature gates are set (closes cert-manager#6346)
@SgtCoDFish
[release-1.13] bump base images to latest
6ac788e 
prompted by cert-manager#4033

Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
@jetstack-bot
Merge pull request cert-manager#6395 from SgtCoDFish/release-1.13-bum…
e33d558 
…pbase

[release-1.13] bump base images to latest
@maelvls
venafi: ResetCertificate wasn't working
ee3d5d5 
Signed-off-by: Maël Valais <mael@vls.dev>
@jetstack-bot
Merge pull request cert-manager#6402 from jetstack-bot/cherry-pick-63…
b4265b7 
…98-to-release-1.13

[release-1.13] Venafi issuer: ResetCertificate wasn't working
@SgtCoDFish
[release-1.13] Bump go to address CVE-2023-39325 and update base images
c8c8a8e 
Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
@jetstack-bot
Merge pull request cert-manager#6411 from SgtCoDFish/release-1.13-bumpgo
5f2eb6e 
[release-1.13] Bump go to address CVE-2023-39325 and update base images
@inteon
Fix DuplicateSecretName issue
20ed627 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@inteon
add tests
715d145 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@inteon
only sort the duplicates
ac1ae05 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@inteon
make changes based on feedback
9ccc140 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
inteon and others added 11 commits October 18, 2023 08:43
@inteon
add test for SecretCertificateNameAnnotationsMismatch
e760795 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@inteon
update the Condition Message for IncorrectCertificate
7b96f83 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@inteon
fix backport for older golang version (import golang.org/x/exp/slices…
43ea3a1 
… instead of slices)

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@jetstack-bot
Merge pull request cert-manager#6425 from jetstack-bot/cherry-pick-64…
de6e5b2 
…06-to-release-1.13

[release-1.13] Fix DuplicateSecretName issue
@inteon @SgtCoDFish
[release-1.13] fix the 'make update-licenses' command on macos
7acf23d 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@SgtCoDFish
[release-1.13] update go-licenses to incorporate Tim's changes
d456e2b 
includes running `make update-licenses`

Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
@SgtCoDFish
bump jmespath version to fix license
6bdf62a 
this was done on master and seems a harmless bump

Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
@SgtCoDFish
[release-1.13] Bump /x/net to address CVE-2023-44487 / CVE-2023-39325
3aa659a 
Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
@jetstack-bot
Merge pull request cert-manager#6430 from SgtCoDFish/release-1.13-lic…
5f19cb1 
…ensemacos

[release-1.13] Licence checker updates
@jetstack-bot
Merge pull request cert-manager#6432 from SgtCoDFish/release-1.13-bum…
fcda9a5 
…pnet

[release-1.13] Bump golang.org/x/net
@inteon
bump otel version and related dependencies
c75d7df 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@jetstack-bot jetstack-bot added kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. release-note-none Denotes a PR that doesn't merit a release note. area/acme Indicates a PR directly modifies the ACME Issuer code labels Oct 20, 2023
@jetstack-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from inteon. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jetstack-bot jetstack-bot added dco-signoff: no Indicates that at least one commit in this pull request is missing the DCO sign-off message. area/deploy Indicates a PR modifies deployment configuration labels Oct 20, 2023
@jetstack-bot
Copy link
Contributor

Thanks for your pull request. Before we can look at it, you'll need to add a 'DCO signoff' to your commits.

📝 Please follow instructions in the contributing guide to update your commits with the DCO

Full details of the Developer Certificate of Origin can be found at developercertificate.org.

The list of commits missing DCO signoff:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@jetstack-bot jetstack-bot added the area/testing Issues relating to testing label Oct 20, 2023
@inteon inteon closed this Oct 20, 2023
@jetstack-bot jetstack-bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 20, 2023
@jetstack-bot
Copy link
Contributor

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jetstack-bot jetstack-bot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Oct 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/acme Indicates a PR directly modifies the ACME Issuer code area/deploy Indicates a PR modifies deployment configuration area/testing Issues relating to testing dco-signoff: no Indicates that at least one commit in this pull request is missing the DCO sign-off message. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. release-note-none Denotes a PR that doesn't merit a release note. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@inteon @jetstack-bot @asapekia @SgtCoDFish @maelvls