Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sync to "upstream/master" to fix CVE-2023-39325/CVE-2023-3978 #30

Merged
merged 114 commits into from
Oct 26, 2023
Merged

Sync to "upstream/master" to fix CVE-2023-39325/CVE-2023-3978 #30

merged 114 commits into from
Oct 26, 2023

Conversation

mkandawires
Copy link
Collaborator

@mkandawires mkandawires commented Oct 23, 2023
edited
Loading

What this PR does / why we need it:
Sync to "upstream/master" to fix (golang.org/x/net) CVE-2023-39325/CVE-2023-3978
Which issue(s) this PR fixes:
CVE-2023-39325/CVE-2023-3978

cvvz and others added 30 commits June 12, 2023 08:01
@cvvz
fix uninstall-driver to make it backward compatibility
15e5837
@cvvz
fix
0cd1fbf
@k8s-ci-robot
Merge pull request kubernetes-sigs#952 from cvvz/fix-uninstall-driver
7463fa2 
chore: fix uninstall-driver to make it backward compatibility
@andyzhangx
vendor: cloud provider lib upgrade
fcc4eb7
@andyzhangx
feat: add getLatestAccountKey parameter in storage class
83dbfd4
@andyzhangx
Update driver-parameters.md
356c312
@andyzhangx
Merge pull request kubernetes-sigs#953 from andyzhangx/get-latest-acc…
b245c88 
…ount-key

feat: add getLatestAccountKey parameter in storage class
@dependabot
chore(deps): bump github.com/pelletier/go-toml from 1.9.4 to 1.9.5
04e93f8 
Bumps [github.com/pelletier/go-toml](https://github.com/pelletier/go-toml) from 1.9.4 to 1.9.5.
- [Release notes](https://github.com/pelletier/go-toml/releases)
- [Changelog](https://github.com/pelletier/go-toml/blob/v2/.goreleaser.yaml)
- [Commits](pelletier/go-toml@v1.9.4...v1.9.5)

---
updated-dependencies:
- dependency-name: github.com/pelletier/go-toml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@andyzhangx
fix: dynamic provisioning support with blobfuse msi auth
7964310
@k8s-ci-robot
Merge pull request kubernetes-sigs#954 from andyzhangx/fix-blobfuse-m…
fa6a31b 
…si-dynamic-support

fix: dynamic provisioning support with blobfuse msi auth
@andyzhangx
cleanup: update new chart versions and remove deprecated versions
65e43bd
@dependabot
chore(deps): bump actions/checkout from 2 to 3
49aff49 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@k8s-ci-robot
Merge pull request kubernetes-sigs#961 from kubernetes-sigs/dependabo…
88186c1 
…t/github_actions/actions/checkout-3

chore(deps): bump actions/checkout from 2 to 3
@andyzhangx
Merge pull request kubernetes-sigs#960 from andyzhangx/remove-depreca…
b711d43 
…ted-versions4

cleanup: update new chart versions and remove deprecated versions
@andyzhangx
Update README.md
7f1a4ce
@k8s-ci-robot
Merge pull request kubernetes-sigs#940 from kubernetes-sigs/dependabo…
c8b97d3 
…t/go_modules/github.com/pelletier/go-toml-1.9.5

chore(deps): bump github.com/pelletier/go-toml from 1.9.4 to 1.9.5
@andyzhangx
chore: TimedCache code change due to azure lib upgrade
648cd4f
@andyzhangx
fix: storage account search default values
d48db3f
@andyzhangx
Merge pull request kubernetes-sigs#967 from andyzhangx/fix-account-se…
9c74b4a 
…arch-default

fix: storage account search default values
@andyzhangx
cleanup: remove secret print in error message
db30b63
@andyzhangx
Merge pull request kubernetes-sigs#973 from andyzhangx/remove-secret-…
3a9dba2 
…print

cleanup: remove secret print in error message
@andyzhangx
feat: install blobfuse 2.0.4 as default version
d390f9f
@andyzhangx
Merge pull request kubernetes-sigs#980 from andyzhangx/blobfuse-2.0.4
42060c2 
feat: install blobfuse 2.0.4 as default version
@andyzhangx
Update driver-parameters.md
cd4535f
@dependabot
chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity
bbd8cfe 
Bumps [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](Azure/azure-sdk-for-go@v1.2...sdk/azcore/v1.3.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@k8s-ci-robot
Merge pull request kubernetes-sigs#983 from kubernetes-sigs/dependabo…
79941c3 
…t/go_modules/github.com/Azure/azure-sdk-for-go/sdk/azidentity-1.3.0

chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.2.0 to 1.3.0
@andyzhangx
cleanup: update new chart versions and remove deprecated versions
8d85db3
@andyzhangx
Merge pull request kubernetes-sigs#985 from andyzhangx/remove-depreca…
e7748d7 
…ted-versions5

cleanup: update new chart versions and remove deprecated versions
@andyzhangx
Update driver-parameters.md
f51f4fc
@andyzhangx
feat: install blobfuse 2.0.5 as default version
773dd43
andyzhangx and others added 23 commits October 16, 2023 07:58
@andyzhangx
test: don't return error in blob_log.sh
13aefef
@cvvz
support arm
c8dc8b5
@andyzhangx
Merge pull request kubernetes-sigs#1054 from andyzhangx/fix-blob-log-…
39d6d04 
…error

test: don't return error in blob_log.sh
@andyzhangx
fix: nfs volume creation failure due to global storage ep enabled
2273955
@k8s-ci-robot
Merge pull request kubernetes-sigs#1055 from cvvz/support-arm
bd3ac82 
fix: support arm in init.sh
@dependabot
chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/resourcemanag…
cd5ab9e 
…er/keyvault/armkeyvault

Bumps [github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/keyvault/armkeyvault](https://github.com/Azure/azure-sdk-for-go) from 1.0.0 to 1.2.0.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](Azure/azure-sdk-for-go@v1.0...v1.2)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/keyvault/armkeyvault
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@andyzhangx
Merge pull request kubernetes-sigs#1059 from andyzhangx/fix-global-en…
f7eadb3 
…dpoint

fix: nfs volume creation failure due to Microsoft.Storage.Global Service endpoint enabled
@andyzhangx
Merge pull request kubernetes-sigs#1062 from kubernetes-sigs/dependab…
c84d27d 
…ot/go_modules/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/keyvault/armkeyvault-1.2.0

chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/keyvault/armkeyvault from 1.0.0 to 1.2.0
@andyzhangx
feat: add node metrics
a74154b 
fix test
@dependabot
chore(deps): bump github.com/jongio/azidext/go/azidext
7c9fdd9 
Bumps [github.com/jongio/azidext/go/azidext](https://github.com/jongio/azidext) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/jongio/azidext/releases)
- [Commits](jongio/azidext@go/azidext/v0.4.0...go/azidext/v0.5.0)

---
updated-dependencies:
- dependency-name: github.com/jongio/azidext/go/azidext
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@umagnus
use azcopy for volume cloning
fec2d23
@andyzhangx
Merge pull request kubernetes-sigs#1069 from andyzhangx/add-node-metrics
87a48b6 
feat: add node metrics
@andyzhangx
Merge pull request kubernetes-sigs#1071 from kubernetes-sigs/dependab…
b99e1cf 
…ot/go_modules/github.com/jongio/azidext/go/azidext-0.5.0

chore(deps): bump github.com/jongio/azidext/go/azidext from 0.4.0 to 0.5.0
@umagnus
fix helm check blob csi pod status doc
fe6ef9b
@k8s-ci-robot
Merge pull request kubernetes-sigs#914 from umagnus/add_volume_cloning
fde2ca6 
feat: support volume cloning
@k8s-ci-robot
Merge pull request kubernetes-sigs#1072 from umagnus/fix_helm_doc
645ae25 
doc: correct check blob csi pod status doc
@andyzhangx
fix: increase provisioner timeout as 20min
e22ec21
@andyzhangx
Merge pull request kubernetes-sigs#1073 from andyzhangx/provisioner-t…
3fc2fed 
…imeout-1200s

fix: increase provisioner timeout as 20min
@andyzhangx
chore: upgrade sidecar image versions
e6ad387
@andyzhangx
chore: upgrade sidecar image versions
b8fca17
@andyzhangx
Merge pull request kubernetes-sigs#1081 from andyzhangx/upgrade-sidec…
d570e04 
…ar-images5

chore: upgrade sidecar image versions
Merge remote-tracking branch 'upstream/master' into mkandawires/sync-…
8cd3840 
…upstream-fix-CVE-2023-39325
Sync to "upstream/master" to fix CVE-2023-39325/CVE-2023-3978
45dd0ab 
- Sync's to "upstream/master" to fix (golang.org/x/net) CVE-2023-39325/CVE-2023-3978
@mkandawires mkandawires changed the title Mkandawires/sync upstream fix CVE 2023 39325 Sync to "upstream/master" to fix CVE-2023-39325/CVE-2023-3978 Oct 23, 2023
@coveralls
Copy link

Pull Request Test Coverage Report for Build 6615530477

  • 264 of 308 (85.71%) changed or added relevant lines in 6 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.8%) to 79.364%
Changes Missing Coverage Covered Lines Changed/Added Lines %
pkg/blob/blob.go 31 34 91.18%
pkg/blob/nodeserver.go 35 41 85.37%
pkg/util/util.go 76 82 92.68%
pkg/blob/controllerserver.go 102 131 77.86%
Totals Coverage Status
Change from base Build 6411928884: 0.8%
Covered Lines: 2246
Relevant Lines: 2830
💛 - Coveralls

@mkandawires mkandawires marked this pull request as ready for review October 23, 2023 15:58
@chaireez chaireez self-requested a review October 26, 2023 13:10
chaireez
chaireez approved these changes Oct 26, 2023
View reviewed changes
Copy link
Collaborator

@chaireez chaireez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

talked offline and new image was tested against hydra cluster

@mkandawires mkandawires merged commit 5eee268 into staging Oct 26, 2023
13 checks passed
@mkandawires mkandawires deleted the mkandawires/sync-upstream-fix-CVE-2023-39325 branch October 26, 2023 13:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chaireez chaireez chaireez approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@mkandawires @coveralls @chaireez @cvvz @k8s-ci-robot @andyzhangx @umagnus