Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of deps: update dependencies indirectly bringing in older runc into release/1.6.x #19865

Merged
merged 1 commit into from
Feb 2, 2024
Merged

Backport of deps: update dependencies indirectly bringing in older runc into release/1.6.x #19865

merged 1 commit into from
Feb 2, 2024

Conversation

hc-github-team-nomad-core
Copy link
Contributor

Backport

This PR is auto-generated from #19863 to be assessed for backporting due to the inclusion of the label backport/1.6.x.

🚨

Warning automatic cherry-pick of commits failed. If the first commit failed,
you will see a blank no-op commit below. If at least one commit succeeded, you
will see the cherry-picked commits up to, not including, the commit where
the merge conflict occurred.

The person who merged in the original PR is:
@tgross
This person should manually cherry-pick the original PR into a new backport PR,
and close this one when the manual backport PR is merged in.

merge conflict error: POST https://api.github.com/repos/hashicorp/nomad/merges: 409 Merge conflict []

The below text is copied from the body of the original PR.

Although Nomad itself is not vulnerable to CVE-2024-21626, we want to update dependencies that bring in the vulnerable packages so as not to trip vulnerability scanners. Update containerd and go-dockerclient as well as the various transitive dependencies these bring in.

Overview of commits

@hashicorp-cla
Copy link

hashicorp-cla commented Feb 2, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

@tgross
deps: update dependencies indirectly bringing in older runc (#19863)
2bfb885 
Although Nomad itself is not vulnerable to CVE-2024-21626, we want to update
dependencies that bring in the vulnerable packages so as not to trip
vulnerability scanners. Update `containerd` and `go-dockerclient` as well as the
various transitive dependencies these bring in.
@tgross tgross force-pushed the backport/runc-related-deps/slightly-equal-bass branch from 579e2c1 to 2bfb885 Compare February 2, 2024 21:11
@tgross tgross marked this pull request as ready for review February 2, 2024 21:12
@tgross tgross merged commit c97b4a5 into release/1.6.x Feb 2, 2024
25 checks passed
@tgross tgross deleted the backport/runc-related-deps/slightly-equal-bass branch February 2, 2024 21:29
tgross added a commit that referenced this pull request Feb 8, 2024
@hc-github-team-nomad-core @tgross
Backport of deps: update dependencies indirectly bringing in older ru…
77a8a9d 
…nc into release/1.6.x #19865

Although Nomad itself is not vulnerable to CVE-2024-21626, we want to update
dependencies that bring in the vulnerable packages so as not to trip
vulnerability scanners. Update `containerd` and `go-dockerclient` as well as the
various transitive dependencies these bring in.

Co-authored-by: Tim Gross <tgross@hashicorp.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tgross tgross tgross approved these changes

Assignees

@tgross tgross

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hc-github-team-nomad-core @hashicorp-cla @tgross