Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: upgrade support-bundle to v0.0.45 (backport #9661) #9663

Merged
merged 1 commit into from
Oct 17, 2024
Merged

chore: upgrade support-bundle to v0.0.45 (backport #9661) #9663

merged 1 commit into from
Oct 17, 2024

Conversation

mergify[bot]
Copy link

@mergify mergify bot commented Oct 17, 2024

Which issue(s) this PR fixes:

Issue #9658

What this PR does / why we need it:

Fix CVE issues.

After:

longhornio/support-bundle-kit:v0.0.45 (suse linux enterprise server 15.6)
=========================================================================
Total: 0 (HIGH: 0, CRITICAL: 0)


usr/bin/yq (gobinary)
=====================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-34156 │ HIGH     │ fixed  │ 1.22.5            │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │
│         │                │          │        │                   │                │ which contains deeply nested structures...                │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

Before:

longhornio/support-bundle-kit:v0.0.43 (suse linux enterprise server 15.6)
=========================================================================
Total: 3 (HIGH: 3, CRITICAL: 0)

┌────────────────────────────┬─────────────────────┬──────────┬────────┬─────────────────────┬─────────────────────┬───────────────────────────────┐
│          Library           │    Vulnerability    │ Severity │ Status │  Installed Version  │    Fixed Version    │             Title             │
├────────────────────────────┼─────────────────────┼──────────┼────────┼─────────────────────┼─────────────────────┼───────────────────────────────┤
│ libopenssl-3-fips-provider │ SUSE-SU-2024:3501-1 │ HIGH     │ fixed  │ 3.1.4-150600.5.15.1 │ 3.1.4-150600.5.18.1 │ Security update for openssl-3 │
├────────────────────────────┤                     │          │        │                     │                     │                               │
│ libopenssl3                │                     │          │        │                     │                     │                               │
├────────────────────────────┤                     │          │        │                     │                     │                               │
│ openssl-3                  │                     │          │        │                     │                     │                               │
└────────────────────────────┴─────────────────────┴──────────┴────────┴─────────────────────┴─────────────────────┴───────────────────────────────┘

usr/bin/support-bundle-kit (gobinary)
=====================================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-34156 │ HIGH     │ fixed  │ 1.22.6            │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │
│         │                │          │        │                   │                │ which contains deeply nested structures...                │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

usr/bin/yq (gobinary)
=====================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-34156 │ HIGH     │ fixed  │ 1.22.5            │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │
│         │                │          │        │                   │                │ which contains deeply nested structures...                │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

Special notes for your reviewer:

Upstream yq CVE issue is pending for PR mikefarah/yq#2163.

Additional documentation or context

Summary by CodeRabbit

  • New Features

    • Updated Longhorn Support Bundle Kit image to version v0.0.45.
    • Introduced new namespace longhorn-system and PriorityClass for improved resource management.
    • Added new ServiceAccounts and ConfigMaps for enhanced configuration.
    • Updated CustomResourceDefinitions to support new versions and features.

  • Documentation

    • Enhanced README with compatibility warnings for Kubernetes v1.25, advising users on Pod Security Policies.
This is an automatic backport of pull request #9661 done by [Mergify](https://mergify.com).

@mergify Mergify
Copy link
Author

mergify bot commented Oct 17, 2024

Cherry-pick of 4aa07b4 has failed:

On branch mergify/bp/v1.6.x/pr-9661
Your branch is up to date with 'origin/v1.6.x'.

You are currently cherry-picking commit 4aa07b4.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   chart/README.md
	modified:   chart/questions.yaml
	modified:   chart/values.yaml
	modified:   deploy/longhorn.yaml

Unmerged paths:
  (use "git add/rm <file>..." as appropriate to mark resolution)
	both modified:   deploy/longhorn-images.txt
	deleted by us:   deploy/longhorn-okd.yaml

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

@mergify mergify bot added the conflicts label Oct 17, 2024
@mergify mergify bot requested a review from a team as a code owner October 17, 2024 00:33
@mergify mergify bot mentioned this pull request Oct 17, 2024
Merged
@derekbit
Copy link
Member

cc @c3y1huang

@c3y1huang
Copy link
Contributor

ref #9660

@c3y1huang
chore: upgrade support-bundle to v0.0.45
b26382a 
longhorn/longhorn-9658

Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com>
(cherry picked from commit 4aa07b4)
@c3y1huang c3y1huang self-assigned this Oct 17, 2024
@c3y1huang c3y1huang mentioned this pull request Oct 17, 2024
Open
@derekbit derekbit merged commit 90ebb37 into v1.6.x Oct 17, 2024
5 checks passed
@derekbit derekbit deleted the mergify/bp/v1.6.x/pr-9661 branch October 17, 2024 01:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@derekbit derekbit derekbit approved these changes

@yangchiu yangchiu Awaiting requested review from yangchiu

Assignees

@c3y1huang c3y1huang

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@derekbit @c3y1huang