Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump helm-rb to address security vuln in Helm #3178

Merged
merged 1 commit into from
Nov 4, 2024
Merged

Bump helm-rb to address security vuln in Helm #3178

merged 1 commit into from
Nov 4, 2024

Conversation

camertron
Copy link
Contributor

What are you trying to accomplish?

GitHub internal tooling is telling us there's a security vulnerability in the version of Helm that Kuby uses. This PR upgrades to v0.3.0 of helm-rb, which includes a patched version of Helm.

Integration

No updates necessary in production.

List the issues that this change affects.

Partially addresses https://github.com/github/vuln-mgmt/issues/125433 (internal-only)

Risk Assessment

  • Low risk the change is small, highly observable, and easily rolled back.
  • Medium risk changes that are isolated, reduced in scope or could impact few users. The change will not impact library availability.
  • High risk changes are those that could impact customers and SLOs, low or no test coverage, low observability, or slow to rollback.

Accessibility

  • No new axe scan violation - This change does not introduce any new axe scan violations.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Oct 30, 2024

⚠️ No Changeset found

Latest commit: 83f2dda

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@camertron camertron added the skip changeset Pull requests that don't change the library output label Oct 30, 2024
@camertron camertron marked this pull request as ready for review November 4, 2024 22:43
@camertron camertron requested a review from a team as a code owner November 4, 2024 22:43
@camertron camertron merged commit a2398ab into main Nov 4, 2024
38 of 40 checks passed
@camertron camertron deleted the bump_helm_rb branch November 4, 2024 22:43
@camertron
Copy link
Contributor Author

Follow-up: edc7163

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@broccolinisoup broccolinisoup Awaiting requested review from broccolinisoup broccolinisoup is a code owner automatically assigned from primer/engineer-reviewers

Assignees
No one assigned
Labels
skip changeset Pull requests that don't change the library output
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@camertron