Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cherry-pick prometheus/client_golang module update to address CVE #2239

Merged
merged 1 commit into from
Jan 27, 2023
Merged

Cherry-pick prometheus/client_golang module update to address CVE #2239

merged 1 commit into from
Jan 27, 2023

Conversation

jdn5126
Copy link
Contributor

@jdn5126 jdn5126 commented Jan 27, 2023

What type of PR is this?
enhancement

Which issue does this PR fix:
N/A

What does this PR do / Why do we need it:
Though we are unaffected by CVE-2022-21698, this PR updates prometheus/client_golang module to prevent CVE from appearing via image scan.

If an issue # is not available please add repro steps and logs from IPAMD/CNI showing the issue:
N/A

Testing done on this change:
Verified that new image passes enhanced image scan. Verified that unit-tests and basic integration tests pass against new image.

Automation added to e2e:
N/A

Will this PR introduce any new dependencies?:
No

Will this break upgrades or downgrades? Has updating a running cluster been tested?:
No, Yes

Does this change require updates to the CNI daemonset config files to work?:
No

Does this PR introduce any user-facing change?:
Yes

Patch prometheus/client_golang to resolve image scan flagging CVE-2022-21698

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@jdn5126 jdn5126 requested a review from a team as a code owner January 27, 2023 21:08
jayanthvn
jayanthvn approved these changes Jan 27, 2023
View reviewed changes
Copy link
Contributor

@jayanthvn jayanthvn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@jayanthvn jayanthvn merged commit d847b89 into aws:release-1.12 Jan 27, 2023
orsenthil
orsenthil reviewed Jan 27, 2023
View reviewed changes
Copy link
Member

@orsenthil orsenthil left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@haouc haouc mentioned this pull request Feb 2, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@orsenthil orsenthil orsenthil left review comments

@jayanthvn jayanthvn jayanthvn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jdn5126 @orsenthil @jayanthvn