Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[improve][function-go]: upgrade prom client_golang to v1.15.1 to fix CVE-2022-21698 #20562

Closed
wants to merge 2 commits into from
Closed

[improve][function-go]: upgrade prom client_golang to v1.15.1 to fix CVE-2022-21698 #20562

wants to merge 2 commits into from

Conversation

ericsyh
Copy link
Contributor

@ericsyh ericsyh commented Jun 12, 2023
edited
Loading

Fixes #xyz

Master Issue: #xyz

PIP: #xyz

Motivation

Prometheus client_golang v1.11.1 is impacted by the CVE-2022-21698

Modifications

Upgrade the Prometheus client_golang to v1.15.1

Verifying this change

  • Make sure that the change passes the CI checks.

(Please pick either of the following options)

This change is a trivial rework / code cleanup without any test coverage.

(or)

This change is already covered by existing tests, such as (please describe tests).

(or)

This change added tests and can be verified as follows:

(example:)

  • Added integration tests for end-to-end deployment with large payloads (10MB)
  • Extended integration test for recovery after broker failure

Does this pull request potentially affect one of the following parts:

If the box was checked, please highlight the changes

  • Dependencies (add or upgrade a dependency)
  • The public API
  • The schema
  • The default values of configurations
  • The threading model
  • The binary protocol
  • The REST endpoints
  • The admin CLI options
  • The metrics
  • Anything that affects deployment

Documentation

  • doc
  • doc-required
  • doc-not-needed
  • doc-complete

Matching PR in forked repository

PR in forked repository:

@github-actions github-actions bot added the doc-not-needed Your PR changes do not impact docs label Jun 12, 2023
freeznet
freeznet approved these changes Jun 14, 2023
View reviewed changes
Copy link
Contributor

@freeznet freeznet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, and we will need to bump https://github.com/apache/pulsar-client-go/blob/master/go.mod as well.

@ericsyh
tidy the mod
155dce4 
Signed-off-by: ericsyh <[email protected]>
@ericsyh ericsyh closed this Jun 14, 2023
@tisonkun
Copy link
Member

tisonkun commented Jul 7, 2023

@ericsyh do we have a superseded PR or why do we close this one?

@ericsyh
Copy link
Contributor Author

ericsyh commented Jul 7, 2023

@tisonkun Yep, we have a superseded PR #20579. Sorry, I should link them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@freeznet freeznet freeznet approved these changes

Assignees

@ericsyh ericsyh

Labels
area/function doc-not-needed Your PR changes do not impact docs ready-to-test
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ericsyh @tisonkun @freeznet