Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: bump-up docker dependency #1679

Merged

Conversation

junczhu
Copy link
Collaborator

@junczhu junczhu commented Aug 2, 2024

Description

What this PR does / why we need it:

Fix security issue GO-2024-3005

Which issue(s) this PR fixes (optional, using fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when the PR gets merged):

Fixes # Authz zero length regression · CVE-2024-41110 · GitHub Advisory Database

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Helm Chart Change (any edit/addition/update that is necessary for changes merged to the main branch)
  • This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Please also list any relevant details for your test configuration

  • Test A
  • Test B

Checklist:

  • Does the affected code have corresponding tests?
  • Are the changes documented, not just with inline documentation, but also with conceptual documentation such as an overview of a new feature, or task-based documentation like a tutorial? Consider if this change should be announced on your project blog.
  • Does this introduce breaking changes that would require an announcement or bumping the major version?
  • Do all new files have appropriate license header?

Post Merge Requirements

  • MAINTAINERS: manually trigger the "Publish Package" workflow after merging any PR that indicates Helm Chart Change

Copy link

codecov bot commented Aug 2, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

@junczhu junczhu marked this pull request as ready for review August 2, 2024 03:16
@junczhu junczhu enabled auto-merge (squash) August 2, 2024 03:16
akashsinghal
akashsinghal previously approved these changes Aug 2, 2024
susanshi
susanshi previously approved these changes Aug 2, 2024
@susanshi susanshi disabled auto-merge August 2, 2024 07:12
@junczhu junczhu marked this pull request as draft August 2, 2024 07:25
@junczhu junczhu dismissed stale reviews from susanshi and akashsinghal via 0fc0895 August 2, 2024 07:35
@junczhu junczhu marked this pull request as ready for review August 2, 2024 07:42
@junczhu junczhu enabled auto-merge (squash) August 2, 2024 07:42
@junczhu
Copy link
Collaborator Author

junczhu commented Aug 2, 2024

Passed Local Fork test
image

@junczhu junczhu merged commit b12b038 into ratify-project:dev Aug 2, 2024
18 checks passed
akashsinghal pushed a commit to akashsinghal/ratify that referenced this pull request Sep 13, 2024
binbin-li pushed a commit to binbin-li/ratify that referenced this pull request Sep 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants