argo-workflows
argo-workflows copied to clipboard
argoproj
Cherry-pick 3.3.9
- [ ] 61211f9db fix: Add workflow failures before hooks run. Fixes #8882 (#9009)
- [ ] f5f1a3438 fix: sync lock should be released only if we're retrying (#9063)
- [ ] 89f3433bf fix: workflow.status is now set properly in metrics. Fixes #8895 (#8939)
- [ ] 62287487a fix: Treat 'connection reset by peer' as a transient network error. Fixes #9013 (#9017)
- [ ] e31ffcd33 fix: Correct kill command. Fixes #8687 (#8908)
- [ ] 416fce705 fix: Fork sub-process. Fixes #8454 (#8906)
- [ ] 750c4e1f6 fix: Only signal running containers, ignore failures. (#8909)
- [ ] ede1a39e7 fix: workflowMetadata needs to be loaded into globalParams in both ArgoServer and Controller (#8907)
- [ ] 7dacb5bca fix: Fixed Swagger error. Fixes #8830 (#8886)
- [ ] bc0100346 fix: Change to distroless. Fixes #8805 (#8806)
- [ ] fbb8246cd fix: set NODE_OPTIONS to no-experimental-fetch to prevent yarn start error (#8802)
- [ ] 39fbdb2a5 fix: fix a command in the quick-start page (#8782)
- [ ] 961f731b7 fix: Omitted task result should also be valid (#8776)
- [ ] 178bbbc31 fix: Temporarily fix CI build. Fixes #8757. (#8758)
- [ ] aa366db34 fix: remove list and watch on secrets. Fixes #8534 (#8555)
- [ ] 342abcd6d fix: mkdocs uses 4space indent for nested list (#8740)
- [ ] b3bf327a0 fix: Fix the resursive example to call the coinflip template (#8696)
- [ ] 9ddae875f fix: Fixed podName in killing daemon pods. Fixes #8692 (#8708)
- [ ] 72d3f32e5 fix: update go-color path/version (#8707)
- [ ] 92b3ef27a fix: upgrade moment from 2.29.2 to 2.29.3 (#8679)
- [ ] 859ebe99f fix: Terminate, rather than delete, deadlined pods. Fixes #8545 (#8620)
- [ ] 3fdf30d9f fix: Enhance artifact visualization. Fixes #8619 (#8655)
- [ ] 16fef4e54 fix: enable
ARGO_REMOVE_PVC_PROTECTION_FINALIZERby default. Fixes #8592 (#8661) - [ ] ed351ff08 fix: ArtifactGC moved from Template to Artifact. Fixes #8556. (#8581)
- [ ] 974031570 fix: Polish artifact visualisation. Fixes #7743 (#8552)
- [ ] 98dd898be fix: Correct CSP. Fixes #8560 (#8579)
- [ ] 5b8638fcb fix: modified
SearchArtifactto returnArtifactSearchResults. Fixes #8543 (#8557) - [ ] ecd91b1c4 fix: added json tag to ArtifactGCStrategies (#8523)
- [ ] f223bb8a3 fix: ArtifactGCOnWorkflowDeletion typo quick fix (#8519)
- [ ] 8c0a957c3 fix: Fix bug in entrypoint lookup (#8453)
- [ ] 4471b59a5 fix: open minio dashboard on different port in quick-start (#8407)
- [ ] d47081fb4 fix: upgrade react-moment from 1.0.0 to 1.1.1 (#8389)
- [ ] 010e359e4 fix: upgrade react-datepicker from 2.14.1 to 2.16.0 (#8388)
- [ ] 0c9d88b44 fix: upgrade prop-types from 15.7.2 to 15.8.1 (#8387)
- [ ] 2d91646aa fix: upgrade js-yaml from 3.13.1 to 3.14.1 (#8374)
- [ ] 54eaed060 fix: upgrade cron-parser from 2.16.3 to 2.18.0 (#8373)
- [ ] e9de085d6 fix: Erratum in docs. Fixes #8342 (#8359)
- [ ] a3d1d07e1 fix: upgrade react-chartjs-2 from 2.10.0 to 2.11.2 (#8357)
- [ ] b199cb947 fix: upgrade history from 4.7.2 to 4.10.1 (#8356)
- [ ] e40521556 fix: upgrade multiple dependencies with Snyk (#8355)
- [ ] 8c893bd13 fix: upgrade com.google.code.gson:gson from 2.8.9 to 2.9.0 (#8354)
- [ ] ae3881525 fix: examples/README.md: overriten => overridden (#8351)
- [ ] ab21eed52 fix: upgrade io.swagger:swagger-annotations from 1.6.2 to 1.6.5 (#8335)
- [ ] f708528fb fix: upgrade react-monaco-editor from 0.36.0 to 0.47.0 (#8339)
- [ ] 3c35bd2f5 fix: upgrade cronstrue from 1.109.0 to 1.125.0 (#8338)
- [ ] 7ee17ddb7 fix: upgrade com.squareup.okhttp3:logging-interceptor from 4.9.1 to 4.9.3 (#8336)
- [ ] aa9ff17d5 fix: Remove path traversal CWE-23 (#8331)
- [ ] 14a9a1dc5 fix: ui/package.json & ui/yarn.lock to reduce vulnerabilities (#8328)
- [ ] 58052c2b7 fix: sdks/java/pom.xml to reduce vulnerabilities (#8327)
- [ ] e232340cc fix: grep pattern (#8238)
- [ ] 8a1fbb86e fix: removed deprecated k8sapi executor. Fixes #7802 (#8205)
I propose to cherry pick the following commits related to security:
- https://github.com/argoproj/argo-workflows/commit/aa9ff17d5feaa79aa26d9dc9cf9f67533f886b1c fix: Remove path traversal CWE-23 (https://github.com/argoproj/argo-workflows/pull/8331)
- https://github.com/argoproj/argo-workflows/pull/9235
…ixes https://github.com/argoproj/argo-workflows/issues/9170. (https://github.com/argoproj/argo-workflows/pull/9213)
I propose to cherry pick the following commits related to security:
- aa9ff17 fix: Remove path traversal CWE-23 (fix: Remove path traversal CWE-23 #8331)
- chore: upgrade kube-openapi Fixes #9149 #9235
This fix contains other feature changes. We could cherry pick
I am busy with priority work. I will try to release before the end of this week.
Hi @terrytangyuan @sarabala1979, is this something I could help out with? If one of you can provide a quick write up of what needs to be done, happy to take a stab at it.
Yes, I can try cherry-picking to release-3.3 branch.
Update: it's cherry-picked but CI is failing. Investigating https://github.com/argoproj/argo-workflows/runs/7634723040?check_suite_focus=true
@mcgrawia @sarabala1979 https://github.com/argoproj/argo-workflows/pull/9235 has been cherry-picked and CI is passing in the release branch.
I cherry-picked this one as well.
Hi @terrytangyuan, it looks like the changes are ready to go on the release branch. Is there anything else that needs to be done before the patch can be released?
@terrytangyuan Sorry I forgot to mention. Cherry-pick process is to cherry-pick all fixes (exclude new feature fixes or fixes in new code). we will cherry-pick the issue and mark selected here. Can you try to cherry-pick the above list of issues?
Okay I thought you only needed help with the mentioned fixes. Unfortunately I am on vacation starting today. Would you be able to take it from here?
Hi @sarabala1979, I see some progress was made on cherry picking the commits to the release branch. Just offering again to see if there's anything I can do to get this over the finish line. The Critical level CVE was identified 26 days ago and we are about to break our 30 day patch SLAs with our customers if we cannot get this released asap. Please let me know, thanks