Skip to content

versions: Update tempfile crate #11250

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 9, 2025
Merged

versions: Update tempfile crate #11250

merged 1 commit into from
May 9, 2025

Conversation

stevenhorsman
Copy link
Member

Update the tempfile crate to resolve security
issue CVE-2025-1744

@katacontainersbot katacontainersbot added the size/huge Largest and most complex task (probably needs breaking into small pieces) label May 9, 2025
burgerdev
burgerdev approved these changes May 9, 2025
View reviewed changes
Copy link
Contributor

@burgerdev burgerdev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updating the crate sounds good, but how is it related to the linked vuln?

@stevenhorsman
Copy link
Member Author

Updating the crate sounds good, but how is it related to the linked vuln?

Sorry, I copied the wrong vulnerability here, I will fix it now. Thanks for catching this

@stevenhorsman
versions: Update tempfile crate
787198f 
Update the tempfile crate to resolve security issue
[WS-2023-0045](XAMPPRocky/remove_dir_all@7247a8b)
that came with the remove_dir_all dependency in prior versions

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
@stevenhorsman stevenhorsman force-pushed the tempfile-3.19.1-bump branch from 8727f48 to 787198f Compare May 9, 2025 08:58
@stevenhorsman
Copy link
Member Author

FYI: I found a few more crates that needed bumping after this, so created #11251 which includes this tempfile update. I'm unsure if multiple crate bumps in the same PR is helpful to reduce the amount of CI and reviews needed, or harmful as it's less easy to isolate failures, so I'll leave them both at the moment to see if the CI is okay, but I'm happy if they need to be broken down individually

zvonkok
zvonkok approved these changes May 9, 2025
View reviewed changes
Copy link
Contributor

@zvonkok zvonkok left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks Steve!

@zvonkok zvonkok merged commit 26a3cb4 into kata-containers:main May 9, 2025
502 of 531 checks passed
@stevenhorsman stevenhorsman deleted the tempfile-3.19.1-bump branch June 11, 2025 09:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@burgerdev burgerdev burgerdev approved these changes

@zvonkok zvonkok zvonkok approved these changes

Assignees
No one assigned
Labels
ok-to-test size/huge Largest and most complex task (probably needs breaking into small pieces)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@stevenhorsman @burgerdev @zvonkok @katacontainersbot