Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump github.com/docker/docker dependencies #1590

Merged
merged 1 commit into from
May 3, 2024

Conversation

HeavyWombat
Copy link
Contributor

Changes

Ref: GHSA-x84c-p2g9-rqv9

Update to address vulnerability finding.

Submitter Checklist

  • Includes tests if functionality changed/was added
  • Includes docs if changes are user-facing
  • Set a kind label on this PR
  • Release notes block has been filled in, or marked NONE

See the contributor guide
for details on coding conventions, github and prow interactions, and the code review process.

Release Notes

NONE

@HeavyWombat HeavyWombat added the kind/dependency-change Categorizes issue or PR as related to changing dependencies label May 2, 2024
@openshift-ci openshift-ci bot added the release-note-none Label for when a PR does not need a release note label May 2, 2024
@pull-request-size pull-request-size bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label May 2, 2024
@openshift-ci openshift-ci bot requested review from adambkaplan and otaviof May 2, 2024 11:39
@qu1queee
Copy link
Contributor

qu1queee commented May 2, 2024

thanks. What about #1589 ? seems it tries to address the same.

@HeavyWombat
Copy link
Contributor Author

thanks. What about #1589 ? seems it tries to address the same.

This was only addressing the github.com/docker/cli dependency, but there seems to be another finding. At least this what the vulnerability scanner told me, so I figured it makes sense to bump all github.com/docker repositories, including the one that is only an indirect dependency.

Ref: GHSA-x84c-p2g9-rqv9

Update to address vulnerability finding.
@HeavyWombat HeavyWombat force-pushed the bump/github.com/docker/docker branch from 6102b2a to ae420b6 Compare May 3, 2024 12:57
Copy link
Contributor

@qu1queee qu1queee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label May 3, 2024
Copy link
Contributor

openshift-ci bot commented May 3, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: qu1queee

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 3, 2024
@openshift-merge-bot openshift-merge-bot bot merged commit 93e8497 into main May 3, 2024
14 checks passed
@openshift-merge-bot openshift-merge-bot bot deleted the bump/github.com/docker/docker branch May 3, 2024 13:34
@SaschaSchwarze0 SaschaSchwarze0 added this to the release-v0.14.0 milestone May 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/dependency-change Categorizes issue or PR as related to changing dependencies lgtm Indicates that a PR is ready to be merged. release-note-none Label for when a PR does not need a release note size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
Status: Done
Development

Successfully merging this pull request may close these issues.

3 participants