Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade lestrrat-go/jwx to v1.2.29 #5141

Merged
merged 1 commit into from
Apr 3, 2024
Merged

Upgrade lestrrat-go/jwx to v1.2.29 #5141

merged 1 commit into from
Apr 3, 2024

Conversation

ddl-ebrown
Copy link
Contributor

@ddl-ebrown ddl-ebrown commented Mar 29, 2024
edited
Loading

Tracking issue

https://github.com/flyteorg/flyte/issues/

Why are the changes needed?

Resolves vulnerabilities

What changes were proposed in this pull request?

How was this patch tested?

Setup process

Screenshots

Check all the applicable boxes

  • I updated the documentation accordingly.
  • All new and existing tests passed.
  • All commits are signed-off.

Related PRs

Docs link

@dosubot dosubot bot added size:M This PR changes 30-99 lines, ignoring generated files. security Issues related to Security improvements labels Mar 29, 2024
@codecov Codecov
Copy link

codecov bot commented Mar 29, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 59.11%. Comparing base (9cf1f6f) to head (45d8f28).
Report is 1 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #5141      +/-   ##
==========================================
- Coverage   60.06%   59.11%   -0.96%     
==========================================
  Files         463      645     +182     
  Lines       38884    55574   +16690     
==========================================
+ Hits        23357    32852    +9495     
- Misses      13687    20129    +6442     
- Partials     1840     2593     +753
Flag Coverage Δ
unittests 59.11% <ø> (-0.96%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@dosubot dosubot bot added size:L This PR changes 100-499 lines, ignoring generated files. and removed size:M This PR changes 30-99 lines, ignoring generated files. labels Mar 29, 2024
@ddl-ebrown
Copy link
Contributor Author

ddl-ebrown commented Mar 29, 2024
edited
Loading

Looks like this one is going to require some test fixes

 --- FAIL: Test_tokenEndpoint/Valid_token_request (0.96s)
        token_test.go:93: 
            	Error Trace:	/home/runner/work/flyte/flyte/flyteadmin/auth/authzserver/token_test.go:93
            	Error:      	Should be true
            	Test:       	Test_tokenEndpoint/Valid_token_request
        token_test.go:107: 
            	Error Trace:	/home/runner/work/flyte/flyte/flyteadmin/auth/authzserver/token_test.go:107
            	Error:      	Should be true
            	Test:       	Test_tokenEndpoint/Valid_token_request

UPDATE: ran this test locally in isolation and it passed. I think there might be some shared state / test races / timing issues somewhere.

@ddl-ebrown ddl-ebrown force-pushed the upgrade-lestrrat-go branch 2 times, most recently from d2d609d to c851a1b Compare March 29, 2024 21:21
@ddl-ebrown
Copy link
Contributor Author

Test fails are gone now in CI - think it was an unrelated intermittent fail.

I've updated everything against master so I think this one is good now @eapolinario

pingsutw
pingsutw previously approved these changes Mar 29, 2024
View reviewed changes
@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Mar 29, 2024
@ddl-ebrown ddl-ebrown changed the title Upgrade lestrrat-go/jwx to v1.2.29 / golang.org/x/crypto to v0.21.0 Upgrade lestrrat-go/jwx to v1.2.29 Mar 30, 2024
@ddl-ebrown ddl-ebrown force-pushed the upgrade-lestrrat-go branch 2 times, most recently from 42fe6cb to 23ad80a Compare April 1, 2024 19:41
@dosubot dosubot bot added size:M This PR changes 30-99 lines, ignoring generated files. and removed size:L This PR changes 100-499 lines, ignoring generated files. labels Apr 1, 2024
@ddl-ebrown ddl-ebrown force-pushed the upgrade-lestrrat-go branch 2 times, most recently from b636d3c to 8db5163 Compare April 1, 2024 23:00
@ddl-ebrown
Upgrade lestrrat-go/jwx to v1.2.29
45d8f28 
 - go get -u github.com/lestrrat-go/jwx

   Resolves a number of vulnerabilities including:

   CVE-2024-28122 medium
   CVE-2024-21664 high
   CVE-2023-49290 medium
   CVE-2024-28122 medium

Signed-off-by: ddl-ebrown <[email protected]>
@eapolinario eapolinario merged commit dc1294e into flyteorg:master Apr 3, 2024
47 of 48 checks passed
@ddl-ebrown ddl-ebrown deleted the upgrade-lestrrat-go branch April 3, 2024 01:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pingsutw pingsutw pingsutw approved these changes

@eapolinario eapolinario eapolinario approved these changes

Assignees
No one assigned
Labels
lgtm This PR has been approved by a maintainer security Issues related to Security improvements size:M This PR changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ddl-ebrown @eapolinario @pingsutw