Skip to content

DFBUGS-1963: [release-4.18-compaibility] upgrade minimatch, undici, and underscore.string to secure versions #1987

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 14, 2025
Merged

DFBUGS-1963: [release-4.18-compaibility] upgrade minimatch, undici, and underscore.string to secure versions #1987

merged 1 commit into from
Apr 14, 2025

Conversation

weirdwiz
Copy link
Contributor

@weirdwiz weirdwiz commented Apr 10, 2025
edited
Loading

@weirdwiz weirdwiz changed the title upgrade minimatch, undici, and underscore.string to secure versions [release-4.18-compaibility] upgrade minimatch, undici, and underscore.string to secure versions Apr 10, 2025
@weirdwiz weirdwiz changed the title [release-4.18-compaibility] upgrade minimatch, undici, and underscore.string to secure versions DFBUGS-1963: [release-4.18-compaibility] upgrade minimatch, undici, and underscore.string to secure versions Apr 10, 2025
@openshift-ci-robot openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid jira ticket of any type jira/invalid-bug Indicates that the referenced jira bug is invalid for the branch this PR is targeting labels Apr 10, 2025
@openshift-ci-robot
Copy link

openshift-ci-robot commented Apr 10, 2025
edited by openshift-ci bot
Loading

@weirdwiz: This pull request references [Jira Issue DFBUGS-1963](https://issues.redhat.com//browse/DFBUGS-1963), which is invalid:

  • expected the bug to target the "odf-4.18.2" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

fixes:

  • CVE-2025-22150
  • CVE-2022-3517
  • WS-2017-3772

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci-robot
Copy link

openshift-ci-robot commented Apr 10, 2025
edited by openshift-ci bot
Loading

@weirdwiz: This pull request references [Jira Issue DFBUGS-1963](https://issues.redhat.com//browse/DFBUGS-1963), which is invalid:

  • expected the bug to target the "odf-4.18.2" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

fixes:

  • CVE-2025-22150
  • CVE-2022-3517
  • WS-2017-3772

https://issues.redhat.com/browse/DFBUGS-1963
https://issues.redhat.com/browse/DFBUGS-1959
https://issues.redhat.com/browse/DFBUGS-1960

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@weirdwiz weirdwiz force-pushed the fix_cve_4.18_compat branch 3 times, most recently from b874a25 to 706fca0 Compare April 14, 2025 11:59
@alfonsomthd
Copy link
Collaborator

/approve

@alfonsomthd
Copy link
Collaborator

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Apr 14, 2025
@weirdwiz
Copy link
Contributor Author

/jira refresh

@openshift-ci-robot openshift-ci-robot added jira/valid-bug Indicates that the referenced jira bug is valid for the branch this PR is targeting and removed jira/invalid-bug Indicates that the referenced jira bug is invalid for the branch this PR is targeting labels Apr 14, 2025
@openshift-ci-robot
Copy link

openshift-ci-robot commented Apr 14, 2025
edited by openshift-ci bot
Loading

@weirdwiz: This pull request references [Jira Issue DFBUGS-1963](https://issues.redhat.com//browse/DFBUGS-1963), which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (odf-4.18.2) matches configured target version for branch (odf-4.18.2)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @PrasadDesala

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Apr 14, 2025
edited
Loading

@openshift-ci-robot: GitHub didn't allow me to request PR reviews from the following users: PrasadDesala.

Note that only red-hat-storage members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

@weirdwiz: This pull request references [Jira Issue DFBUGS-1963](https://issues.redhat.com//browse/DFBUGS-1963), which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (odf-4.18.2) matches configured target version for branch (odf-4.18.2)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @PrasadDesala

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@weirdwiz weirdwiz force-pushed the fix_cve_4.18_compat branch from 706fca0 to 2e9490f Compare April 14, 2025 13:27
@openshift-ci openshift-ci bot removed the lgtm label Apr 14, 2025
@SanjalKatiyar
Copy link
Collaborator

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Apr 14, 2025
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Apr 14, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: alfonsomthd, SanjalKatiyar, weirdwiz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [SanjalKatiyar,alfonsomthd]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot bot merged commit c4d4da6 into red-hat-storage:release-4.18-compatibility Apr 14, 2025
5 checks passed
@openshift-ci-robot
Copy link

openshift-ci-robot commented Apr 14, 2025
edited by openshift-ci bot
Loading

@weirdwiz: [Jira Issue DFBUGS-1963](https://issues.redhat.com//browse/DFBUGS-1963) is in an unrecognized state (MODIFIED) and will not be moved to the MODIFIED state.

In response to this:

fixes:

  • CVE-2025-22150
  • CVE-2022-3517
  • WS-2017-3772

https://issues.redhat.com/browse/DFBUGS-1963
https://issues.redhat.com/browse/DFBUGS-1959
https://issues.redhat.com/browse/DFBUGS-1960

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@alfonsomthd alfonsomthd

@SanjalKatiyar SanjalKatiyar

Labels
approved jira/valid-bug Indicates that the referenced jira bug is valid for the branch this PR is targeting jira/valid-reference Indicates that this PR references a valid jira ticket of any type lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@weirdwiz @openshift-ci-robot @alfonsomthd @SanjalKatiyar