Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update cve vulnerability #16948

Closed
wants to merge 1 commit into from
Closed

chore(deps): update cve vulnerability #16948

wants to merge 1 commit into from

Conversation

fengshunli
Copy link
Member

Checklist:

  • Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
  • The title of the PR states what changed and the related issues number (used for the release note).
  • The title of the PR conforms to the Toolchain Guide
  • I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
  • I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
  • Does this PR require documentation updates?
  • I've updated documentation as required by this PR.
  • I have signed off all my commits as required by DCO
  • I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
  • My build is green (troubleshooting builds).
  • My new feature complies with the feature status guidelines.
  • I have added a brief description of why this PR is necessary and/or what this PR solves.
  • Optional. My organization is added to USERS.md.
  • Optional. For bug fixes, I've indicated what older releases this fix should be cherry-picked into (this may or may not happen depending on risk/complexity).

see https://devhub.checkmarx.com/cve-details/CVE-2023-46402/
see https://devhub.checkmarx.com/cve-details/CVE-2023-47108/

@fengshunli fengshunli requested a review from a team as a code owner January 22, 2024 10:34
blakepettersson
blakepettersson requested changes Jan 22, 2024
View reviewed changes
Copy link
Member

@blakepettersson blakepettersson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See #16919 and #16920. For the bits which aren't already handled by Dependabot, can you open new PRs for them?

@fengshunli
Copy link
Member Author

See #16919 and #16920. For the bits which aren't already handled by Dependabot, can you open new PRs for them?

upgrading otelgrpc requires modifying outdated methods, which cannot be completed by robots, otherwise lint cannot check it.

@blakepettersson
Copy link
Member

upgrading otelgrpc requires modifying outdated methods, which cannot be completed by robots, otherwise lint cannot check it.

I see, then IMO it would make sense to break out anything which is not otelgrpc related and only address otelgrpc in this PR.

@fengshunli
Copy link
Member Author

upgrading otelgrpc requires modifying outdated methods, which cannot be completed by robots, otherwise lint cannot check it.

I see, then IMO it would make sense to break out anything which is not otelgrpc related and only address otelgrpc in this PR.

There are many changes in otelgrpc. Are there any reference use cases here?

@blakepettersson
Copy link
Member

Superseded by #18285 (among others)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blakepettersson blakepettersson blakepettersson requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fengshunli @blakepettersson