Skip to content

chore(deps): update konflux references (release-v0.5) #2097

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
red-hat-konflux wants to merge 1 commit into from
Closed

chore(deps): update konflux references (release-v0.5) #2097

red-hat-konflux wants to merge 1 commit into from

Conversation

@red-hat-konflux
Copy link
Contributor

@red-hat-konflux red-hat-konflux bot commented Oct 23, 2024
edited
Loading

This PR contains the following updates:

Package Change Notes
quay.io/konflux-ci/tekton-catalog/task-apply-tags f485e25 -> 87fd7fc
quay.io/konflux-ci/tekton-catalog/task-build-image-index 327d745 -> 7b2c5ab
quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta 2a0c67e -> ee8a91b
quay.io/konflux-ci/tekton-catalog/task-clair-scan 28fee4b -> 0a54211
quay.io/konflux-ci/tekton-catalog/task-clamav-scan a94b652 -> b4f450f
quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check b4f9599 -> 5a1a165
quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks 5131cce -> df8a25a
quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta d1e63ec -> 4bf48d0
quay.io/konflux-ci/tekton-catalog/task-init 092c113 -> 0523b51
quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta 621b13a -> 4072f73
quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta e32feb2 -> 80d48a1
quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan bacfab0 -> 8f3b23b
quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta 0.2 -> 0.3 ⚠️migration⚠️
quay.io/konflux-ci/tekton-catalog/task-show-sbom 52f8b96 -> 945a7c9
quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta 261f075 -> 24dba7b

Configuration

📅 Schedule: Branch creation - "after 5am on saturday" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test

@codecov
Copy link

codecov bot commented Oct 23, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 72.11%. Comparing base (2561af4) to head (e1cf59b).
Report is 4 commits behind head on release-v0.5.

Additional details and impacted files

Impacted file tree graph

@@              Coverage Diff              @@
##           release-v0.5    #2097   +/-   ##
=============================================
  Coverage         72.11%   72.11%           
=============================================
  Files                88       88           
  Lines              7347     7347           
=============================================
  Hits               5298     5298           
  Misses             2049     2049
Flag Coverage Δ
generative 72.11% <ø> (ø)
integration 72.11% <ø> (ø)
unit 72.11% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

@red-hat-konflux red-hat-konflux bot changed the title chore(deps): update konflux references to e4201b5 (release-v0.5) chore(deps): update konflux references (release-v0.5) Oct 24, 2024
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/references/release-v0.5 branch 6 times, most recently from 1ed8d4e to d544239 Compare October 31, 2024 10:48
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/references/release-v0.5 branch 8 times, most recently from 4018df6 to f4bcddc Compare November 7, 2024 12:10
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/references/release-v0.5 branch 4 times, most recently from e62317b to 632919f Compare November 13, 2024 12:34
@lcarva
Copy link
Contributor

lcarva commented Nov 13, 2024

EC failing due to CVEs.

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/references/release-v0.5 branch 9 times, most recently from 7e0ae42 to ab1016f Compare November 19, 2024 18:57
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/references/release-v0.5 branch 2 times, most recently from 83b0b42 to 604f23e Compare November 23, 2024 12:53
@red-hat-konflux
chore(deps): update konflux references
e1cf59b 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/references/release-v0.5 branch from 604f23e to e1cf59b Compare November 30, 2024 12:05
@simonbaird
Copy link
Member

simonbaird commented Dec 4, 2024

These are the CVEs:

- name: CVE-2024-3596
  description: A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.
  issued: "2024-07-09T00:00:00Z"
  normalized_severity: High
  package_name: krb5-libs
  fixed_in_version: 0:1.21.1-4.el9_5
- name: CVE-2024-10963
  description: A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.
  issued: "2024-11-07T00:00:00Z"
  normalized_severity: High
  package_name: pam

@simonbaird
Copy link
Member

simonbaird commented Dec 4, 2024
edited
Loading

Assuming the krb lib is from the ubi-minimal, a base image update might fix it.

@simonbaird
Copy link
Member

simonbaird commented Dec 4, 2024

Rebase on #2198 might fix it.

@simonbaird simonbaird mentioned this pull request Dec 5, 2024
Merged
simonbaird pushed a commit to simonbaird/conforma-cli that referenced this pull request Dec 5, 2024
@red-hat-konflux @simonbaird
chore(deps): update konflux references
aab5f54 
Originally in conforma#2097. I'm cherry-picking it here with the goal of
getting EC to pass on this PR.

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@simonbaird
Copy link
Member

simonbaird commented Dec 5, 2024

I picked this over to #2198 . If all goes to plan this one will be abandoned.

@simonbaird simonbaird marked this pull request as draft December 5, 2024 14:24
@simonbaird
Copy link
Member

simonbaird commented Dec 5, 2024

All went to plan. This one is abandoned.

@simonbaird simonbaird closed this Dec 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lcarva @simonbaird