Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

jsonpath-plus package version override to solve CVE #3343

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dpanshug
Copy link
Contributor

Description

jsonpath-plus version upgrade to 10.0.1
Will resolve CVE-2024-21534 https://bugzilla.redhat.com/show_bug.cgi?id=2317968

How Has This Been Tested?

Test Impact

Request review criteria:

Self checklist (all need to be checked):

  • The developer has manually tested the changes and verified that the changes work
  • Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
  • The developer has added tests or explained why testing cannot be added (unit or cypress tests for related changes)

If you have UI changes:

  • Included any necessary screenshots or gifs if it was a UI change.
  • Included tags to the UX team if it was a UI/UX change.

After the PR is posted & before it merges:

  • The developer has tested their solution on a cluster by using the image produced by the PR to main

Copy link
Contributor

openshift-ci bot commented Oct 17, 2024

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress This PR is in WIP state label Oct 17, 2024
Copy link
Contributor

openshift-ci bot commented Oct 17, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign alexcreasy for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Copy link

codecov bot commented Oct 17, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 84.81%. Comparing base (c4ae140) to head (e6eac9d).
Report is 3 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #3343      +/-   ##
==========================================
- Coverage   84.84%   84.81%   -0.04%     
==========================================
  Files        1321     1326       +5     
  Lines       29446    29651     +205     
  Branches     8037     8101      +64     
==========================================
+ Hits        24983    25148     +165     
- Misses       4463     4503      +40     

see 21 files with indirect coverage changes


Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c4ae140...e6eac9d. Read the comment docs.

@dpanshug
Copy link
Contributor Author

dpanshug commented Oct 22, 2024

We don't have clarity on the correct fix version and are waiting for confirmation from the ProdSec and jsonpath-plus community.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
do-not-merge/work-in-progress This PR is in WIP state
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant