[release-1.12] Bump x/net to fix CVE-2025-22870 reported by trivy #7624
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2930d22 to
b3d8555
Compare
This ensures that cmrel will be able to parse go1.23.0 directives from 1.23+ Signed-off-by: Ashley Davis <ashley.davis@cyberark.com>
… trivy Signed-off-by: Ashley Davis <ashley.davis@cyberark.com>
1762001 to
674ba77
Compare
Caused by upstream change. These tests shouldn't be run, but for now just fix the break Signed-off-by: Ashley Davis <ashley.davis@cyberark.com>
wallrj
approved these changes
Mar 19, 2025
There was a problem hiding this comment.
I ran trivy locally and noticed that there's one other failure, which we should probably just add to the ignore file, here or in another PR.
There's already an ignore line for a previous timezone issue.
"Results": [
{
"Target": "_bin/containers/cert-manager-controller-linux-amd64.tar (debian 11.10)",
"Class": "os-pkgs",
"Type": "debian",
"Vulnerabilities": [
{
"VulnerabilityID": "DLA-4085-1",
"VendorIDs": [
"DLA-4085-1"
],
"PkgName": "tzdata",
"InstalledVersion": "2024a-0+deb11u1",
"FixedVersion": "2025a-0+deb11u1",
"Layer": {
"DiffID": "sha256:9ed498e122b248a801130d052c25418381ee7bf215cdf7990965bae0dc37dcc2"
},
"DataSource": {
"ID": "debian",
"Name": "Debian Security Tracker",
"URL": "https://salsa.debian.org/security-tracker-team/security-tracker"
},
"Title": "tzdata - new timezone database",
"Severity": "UNKNOWN"
}
]
}
]
}
make: *** [make/scan.mk:26: trivy-scan-controller] Error 1
$ git grep DLA-
.trivyignore:# DLA-3972-1 refers to an out-of-date timezone database in Debian 11 (bullseye).
.trivyignore:# https://security-tracker.debian.org/tracker/DLA-3972-1
.trivyignore:DLA-3972-1
/approve
/lgtm
/hold in case you also want to add the ignore line here.
|
Cheers Richard - I've updated with the ignore and a further update! |
b95e84f to
e16f9b5
Compare
Signed-off-by: Ashley Davis <ashley.davis@cyberark.com>
e16f9b5 to
f838c91
Compare
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: wallrj The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
a635006
into
cert-manager:release-1.12
7 checks passed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request Motivation
Similar to #7623 and #7622
This ended up expanding to address a couple of other reported issues, too. Each commit should be self-explanatory.
Kind
/kind bug
Release Note