Backport of suppressing alpine CVEs as there is no fix yet into release/1.21.x #22281

nitin-sachdev-29 · 2025-04-18T06:46:34Z

Description

This PR is auto-generated from #22278 to be assessed for backporting due to the inclusion of the label backport/1.21.

The below text is copied from the body of the original PR.

Description
Suppressing following alpine CVEs as there is no fix yet:

GHSA-8mxc-vqrq-gcm8 from Alpine Linux's Security Issue Tracker in jq@1.7.1-r0

CVE-2025-31498 from Alpine Linux's Security Issue Tracker in c-ares@1.34.3-r0

GHSA-5rjg-pf4q-hgcr from Alpine Linux's Security Issue Tracker in gnupg@2.4.7-r0

CVE-2025-31498 from Alpine Linux's Security Issue Tracker in c-ares@1.34.3-r0

GHSA-5rjg-pf4q-hgcr from Alpine Linux's Security Issue Tracker in gnupg@2.4.7-r0

GHSA-8mxc-vqrq-gcm8 from Alpine Linux's Security Issue Tracker in jq@1.7.1-r0

Testing & Reproduction steps

Links

PR Checklist

updated test coverage
external facing docs updated
appropriate backport labels added
not a security concern

* backport of commit 73c592c * CVE Fix (#22268) * Fixed following CVEs: GHSA-vvgc-356p-c3xw in golang.org/x/net@v0.37.0 GO-2025-3595 in golang.org/x/net@v0.37.0 GO-2025-3553 in github.com/golang-jwt/jwt/v4@v4.5.1 GHSA-mh63-6h87-95cp in github.com/golang-jwt/jwt/v4@v4.5.1 stdlib in Go GO-2025-3563@1.23.7 * added changelog (cherry picked from commit 519fb0a) --------- Co-authored-by: nitin.sachdev <nitin.sachdev@hashicorp.com>

* backport of commit cedded6 * backport of commit dd4f628 --------- Co-authored-by: nitin.sachdev <nitin.sachdev@hashicorp.com>

* prepping for 1.21.0-rc2 release (#22267) * Backport of CVE Fix into release/1.21.0-rc2 (#22271) * backport of commit 73c592c * CVE Fix (#22268) * Fixed following CVEs: GHSA-vvgc-356p-c3xw in golang.org/x/net@v0.37.0 GO-2025-3595 in golang.org/x/net@v0.37.0 GO-2025-3553 in github.com/golang-jwt/jwt/v4@v4.5.1 GHSA-mh63-6h87-95cp in github.com/golang-jwt/jwt/v4@v4.5.1 stdlib in Go GO-2025-3563@1.23.7 * added changelog (cherry picked from commit 519fb0a) * Prep release 1.21.0 rc2 (#22272) * prepping for 1.21.0-rc2 release * fixed VERSION * Backport of Upgraded go to 1.23.8 into release/1.21.0-rc2 (#22276) * Backport of CVE Fix into release/1.21.x (#22269) * backport of commit 73c592c * CVE Fix (#22268) * Fixed following CVEs: GHSA-vvgc-356p-c3xw in golang.org/x/net@v0.37.0 GO-2025-3595 in golang.org/x/net@v0.37.0 GO-2025-3553 in github.com/golang-jwt/jwt/v4@v4.5.1 GHSA-mh63-6h87-95cp in github.com/golang-jwt/jwt/v4@v4.5.1 stdlib in Go GO-2025-3563@1.23.7 * added changelog (cherry picked from commit 519fb0a) --------- Co-authored-by: nitin.sachdev <nitin.sachdev@hashicorp.com> * backport of commit cedded6 * backport of commit dd4f628 --------- Co-authored-by: hc-github-team-consul-core <github-team-consul-core@hashicorp.com> * Backport of suppressing alpine CVEs as there is no fix yet into release/1.21.x (#22281) * Backport of CVE Fix into release/1.21.x (#22269) * backport of commit 73c592c * CVE Fix (#22268) * Fixed following CVEs: GHSA-vvgc-356p-c3xw in golang.org/x/net@v0.37.0 GO-2025-3595 in golang.org/x/net@v0.37.0 GO-2025-3553 in github.com/golang-jwt/jwt/v4@v4.5.1 GHSA-mh63-6h87-95cp in github.com/golang-jwt/jwt/v4@v4.5.1 stdlib in Go GO-2025-3563@1.23.7 * added changelog (cherry picked from commit 519fb0a) --------- Co-authored-by: nitin.sachdev <nitin.sachdev@hashicorp.com> * Backport of Upgraded go to 1.23.8 into release/1.21.x (#22274) * backport of commit cedded6 * backport of commit dd4f628 --------- Co-authored-by: nitin.sachdev <nitin.sachdev@hashicorp.com> * backport of commit 5d7f3ee --------- Co-authored-by: hc-github-team-consul-core <github-team-consul-core@hashicorp.com> * post release 1.21.0-rc2 * executed go mod tidy * Remove s390x build configuration from CI workflows --------- Co-authored-by: hc-github-team-consul-core <github-team-consul-core@hashicorp.com>

hc-github-team-consul-core and others added 3 commits April 17, 2025 15:10

Backport of Upgraded go to 1.23.8 into release/1.21.x (#22274)

b801207

* backport of commit cedded6 * backport of commit dd4f628 --------- Co-authored-by: nitin.sachdev <nitin.sachdev@hashicorp.com>

backport of commit 5d7f3ee

61137f6

nitin-sachdev-29 added pr/no-changelog PR does not need a corresponding .changelog entry pr/no-backport labels Apr 18, 2025

nitin-sachdev-29 self-assigned this Apr 18, 2025

nitin-sachdev-29 requested review from a team as code owners April 18, 2025 06:46

nitin-sachdev-29 requested a review from sarahethompson April 18, 2025 06:46

github-actions bot added theme/api Relating to the HTTP API interface pr/dependencies PR specifically updates dependencies of project labels Apr 18, 2025

sujay-hashicorp approved these changes Apr 18, 2025

View reviewed changes

nitin-sachdev-29 enabled auto-merge (squash) April 18, 2025 06:53

sujay-hashicorp approved these changes Apr 18, 2025

View reviewed changes

nitin-sachdev-29 merged commit aad6d48 into release/1.21.0-rc2 Apr 18, 2025
182 of 193 checks passed

nitin-sachdev-29 deleted the backport/nitin/cve-suppress/highly-expert-squid branch April 18, 2025 07:38

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Backport of suppressing alpine CVEs as there is no fix yet into release/1.21.x #22281

Backport of suppressing alpine CVEs as there is no fix yet into release/1.21.x #22281

Uh oh!

nitin-sachdev-29 commented Apr 18, 2025

Uh oh!

Uh oh!

Uh oh!

Backport of suppressing alpine CVEs as there is no fix yet into release/1.21.x #22281

Backport of suppressing alpine CVEs as there is no fix yet into release/1.21.x #22281

Uh oh!

Conversation

nitin-sachdev-29 commented Apr 18, 2025

Description

Testing & Reproduction steps

Links

PR Checklist

Uh oh!

Uh oh!

Uh oh!