Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sync to "upstream/master" to fix (golang.org/x/net) CVE-2023-39325/CVE-2023-3978 #29

Closed
wants to merge 98 commits into from
Closed

Sync to "upstream/master" to fix (golang.org/x/net) CVE-2023-39325/CVE-2023-3978 #29

wants to merge 98 commits into from

Conversation

mkandawires
Copy link
Collaborator

@mkandawires mkandawires commented Oct 16, 2023
edited
Loading

What type of PR is this?

What this PR does / why we need it:
Sync's to "upstream/master" to fix (golang.org/x/net) CVE-2023-39325/CVE-2023-3978

Which issue(s) this PR fixes:

Fixes #
CVE-2023-39325/CVE-2023-3978

cvvz and others added 30 commits June 12, 2023 08:01
@cvvz
fix uninstall-driver to make it backward compatibility
15e5837
@cvvz
fix
0cd1fbf
@k8s-ci-robot
Merge pull request kubernetes-sigs#952 from cvvz/fix-uninstall-driver
7463fa2 
chore: fix uninstall-driver to make it backward compatibility
@andyzhangx
vendor: cloud provider lib upgrade
fcc4eb7
@andyzhangx
feat: add getLatestAccountKey parameter in storage class
83dbfd4
@andyzhangx
Update driver-parameters.md
356c312
@andyzhangx
Merge pull request kubernetes-sigs#953 from andyzhangx/get-latest-acc…
b245c88 
…ount-key

feat: add getLatestAccountKey parameter in storage class
@dependabot
chore(deps): bump github.com/pelletier/go-toml from 1.9.4 to 1.9.5
04e93f8 
Bumps [github.com/pelletier/go-toml](https://github.com/pelletier/go-toml) from 1.9.4 to 1.9.5.
- [Release notes](https://github.com/pelletier/go-toml/releases)
- [Changelog](https://github.com/pelletier/go-toml/blob/v2/.goreleaser.yaml)
- [Commits](pelletier/go-toml@v1.9.4...v1.9.5)

---
updated-dependencies:
- dependency-name: github.com/pelletier/go-toml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@andyzhangx
fix: dynamic provisioning support with blobfuse msi auth
7964310
@k8s-ci-robot
Merge pull request kubernetes-sigs#954 from andyzhangx/fix-blobfuse-m…
fa6a31b 
…si-dynamic-support

fix: dynamic provisioning support with blobfuse msi auth
@andyzhangx
cleanup: update new chart versions and remove deprecated versions
65e43bd
@dependabot
chore(deps): bump actions/checkout from 2 to 3
49aff49 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@k8s-ci-robot
Merge pull request kubernetes-sigs#961 from kubernetes-sigs/dependabo…
88186c1 
…t/github_actions/actions/checkout-3

chore(deps): bump actions/checkout from 2 to 3
@andyzhangx
Merge pull request kubernetes-sigs#960 from andyzhangx/remove-depreca…
b711d43 
…ted-versions4

cleanup: update new chart versions and remove deprecated versions
@andyzhangx
Update README.md
7f1a4ce
@k8s-ci-robot
Merge pull request kubernetes-sigs#940 from kubernetes-sigs/dependabo…
c8b97d3 
…t/go_modules/github.com/pelletier/go-toml-1.9.5

chore(deps): bump github.com/pelletier/go-toml from 1.9.4 to 1.9.5
@andyzhangx
chore: TimedCache code change due to azure lib upgrade
648cd4f
@andyzhangx
fix: storage account search default values
d48db3f
@andyzhangx
Merge pull request kubernetes-sigs#967 from andyzhangx/fix-account-se…
9c74b4a 
…arch-default

fix: storage account search default values
@andyzhangx
cleanup: remove secret print in error message
db30b63
@andyzhangx
Merge pull request kubernetes-sigs#973 from andyzhangx/remove-secret-…
3a9dba2 
…print

cleanup: remove secret print in error message
@andyzhangx
feat: install blobfuse 2.0.4 as default version
d390f9f
@andyzhangx
Merge pull request kubernetes-sigs#980 from andyzhangx/blobfuse-2.0.4
42060c2 
feat: install blobfuse 2.0.4 as default version
@andyzhangx
Update driver-parameters.md
cd4535f
@dependabot
chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity
bbd8cfe 
Bumps [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](Azure/azure-sdk-for-go@v1.2...sdk/azcore/v1.3.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@k8s-ci-robot
Merge pull request kubernetes-sigs#983 from kubernetes-sigs/dependabo…
79941c3 
…t/go_modules/github.com/Azure/azure-sdk-for-go/sdk/azidentity-1.3.0

chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.2.0 to 1.3.0
@andyzhangx
cleanup: update new chart versions and remove deprecated versions
8d85db3
@andyzhangx
Merge pull request kubernetes-sigs#985 from andyzhangx/remove-depreca…
e7748d7 
…ted-versions5

cleanup: update new chart versions and remove deprecated versions
@andyzhangx
Update driver-parameters.md
f51f4fc
@andyzhangx
feat: install blobfuse 2.0.5 as default version
773dd43
andyzhangx and others added 26 commits October 7, 2023 19:27
@andyzhangx
Merge pull request kubernetes-sigs#1028 from andyzhangx/fix-typpo
f0b60b9 
cleanup: fix typo
@andyzhangx
Merge pull request kubernetes-sigs#1027 from andyzhangx/refine-inline…
43bebf5 
…-volume-example

doc: refine inline volume example
@andyzhangx
test: remove override in blobfuse proxy enabled test
eda7aa0 
fix

fix

fix
@andyzhangx
test: use driver name blob.csi.azure.com in external e2e test
fd36cf5
@andyzhangx
Merge pull request kubernetes-sigs#1029 from andyzhangx/remove-override
59dce46 
test: remove override in blobfuse proxy enabled test
@andyzhangx
test: fix verify-helm-chart failure
f2e9b3b
@andyzhangx
test: fix github action failure
e292fdd
@andyzhangx
Merge pull request kubernetes-sigs#1031 from andyzhangx/fix-test-failure
2435950 
test: fix verify-helm-chart failure
@dependabot
chore(deps): bump google.golang.org/grpc from 1.54.0 to 1.58.3
a717f0b 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.54.0 to 1.58.3.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.54.0...v1.58.3)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@andyzhangx
Merge pull request kubernetes-sigs#1041 from kubernetes-sigs/dependab…
ca7781c 
…ot/go_modules/google.golang.org/grpc-1.58.3

chore(deps): bump google.golang.org/grpc from 1.54.0 to 1.58.3
@andyzhangx
fix: CVE-2023-39325
cf9ebd9
@andyzhangx
Merge pull request kubernetes-sigs#1042 from andyzhangx/CVE-2023-39325
f83417a 
fix: CVE-2023-39325
@andyzhangx
test: adjust log print in e2e test
51d152e 
disable error exit

test: fix blob_log.sh
@andyzhangx
test: fix external e2e test
9db3c7d
@dependabot
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.11.0 to 2.13.0
af21c75 
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.11.0 to 2.13.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](onsi/ginkgo@v2.11.0...v2.13.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@andyzhangx
test: fix test failures
b5f65f2
@andyzhangx
Merge pull request kubernetes-sigs#1040 from andyzhangx/adjust-log-print
dd006e4 
test: adjust log print in e2e test
@andyzhangx
cleanup: fix k8s.io/endpointslice dependency
0049e36
@andyzhangx
Merge pull request kubernetes-sigs#1051 from andyzhangx/fix-endpoints…
d4588ee 
…lice-dep

cleanup: fix k8s.io/endpointslice dependency
@k8s-ci-robot
Merge pull request kubernetes-sigs#1044 from kubernetes-sigs/dependab…
a9c9291 
…ot/go_modules/github.com/onsi/ginkgo/v2-2.13.0

chore(deps): bump github.com/onsi/ginkgo/v2 from 2.11.0 to 2.13.0
@andyzhangx
test: don't return error in blob_log.sh
13aefef
@cvvz
support arm
c8dc8b5
@andyzhangx
Merge pull request kubernetes-sigs#1054 from andyzhangx/fix-blob-log-…
39d6d04 
…error

test: don't return error in blob_log.sh
@k8s-ci-robot
Merge pull request kubernetes-sigs#1055 from cvvz/support-arm
bd3ac82 
fix: support arm in init.sh
Sync to "upstream/master" to fix (golang.org/x/net) CVE-2023-39325/CV…
2e982d3 
…E-2023-3978

- Sync's to "upstream/master" to fix (golang.org/x/net) CVE-2023-39325/CVE-2023-3978
Fix assignment mismatch in TestGetAuthEnv(6 variables but d.GetAuthEn…
7f1820e 
…v returns 8 values)
@coveralls
Copy link

coveralls commented Oct 16, 2023
edited
Loading

Pull Request Test Coverage Report for Build 6540918334

  • 69 of 79 (87.34%) changed or added relevant lines in 3 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.3%) to 78.881%
Changes Missing Coverage Covered Lines Changed/Added Lines %
pkg/blob/controllerserver.go 24 25 96.0%
pkg/blob/blob.go 28 31 90.32%
pkg/blob/nodeserver.go 17 23 73.91%
Totals Coverage Status
Change from base Build 6411928884: 0.3%
Covered Lines: 2058
Relevant Lines: 2609
💛 - Coveralls

Fix CVE-2023-38545/CVE-2023-38546 for CBL-Mariner
fe3e601 
- Fixes CVE-2023-38545/CVE-2023-38546 curl vulnerabilities in CBL-Mariner
@mkandawires mkandawires deleted the stmkanda/sync-upstream-fix-CVE-2023-39325 branch October 23, 2023 15:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@mkandawires @coveralls @cvvz @k8s-ci-robot @andyzhangx