quay-operator icon indicating copy to clipboard operation
quay-operator copied to clipboard
verified publisher icon quay

cve: update go-jose package to 4.0.2 (PROJQUAY-6850)

Open Marcusk19 opened this issue 1 year ago • 8 comments

Changes dependency for github.com/quay/config-tool to github.com/quay/quay/config-tool. The current config-tool dependency is archived and is now located in the quay monorepo.

Updates the go-jose dependency to 4.0.2 as a result due to this update in the github.com/quay/quay/config-tool package. Should address CVE-2024-28180

Marcusk19 avatar Dec 02 '24 19:12 Marcusk19

/retest

Marcusk19 avatar Dec 03 '24 14:12 Marcusk19

/retest

Marcusk19 avatar Dec 03 '24 15:12 Marcusk19

/retest

Marcusk19 avatar Dec 03 '24 17:12 Marcusk19

ocp tests are failing with 503 status from apps.openshift. Could it have to do with the updated go module?

deshpandevlab avatar Dec 03 '24 20:12 deshpandevlab

@deshpandevlab which test are you referring to? if it's the ocp-latest-e2e @jonathankingfc was telling me how it's a flakey one

Marcusk19 avatar Dec 03 '24 20:12 Marcusk19

/retest

Marcusk19 avatar Dec 04 '24 15:12 Marcusk19

/test ocp-latest-e2e

deshpandevlab avatar Dec 04 '24 19:12 deshpandevlab

@Marcusk19: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/ocp-latest-e2e 84c8346cba57c7bdb42afb5f30415ca43b3c1fdf link true /test ocp-latest-e2e

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

openshift-ci[bot] avatar Dec 04 '24 21:12 openshift-ci[bot]