OCPBUGS-67556,OCPBUGS-67652: CVE-2025-65637 - bump github.com/sirupsen/logrus to v1.9.3 [4.13]#2626
Conversation
|
Important Review skippedAuto reviews are limited based on label configuration. 🚫 Review skipped — only excluded labels are configured. (1)
Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
📝 Coding Plan
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
@rissh: the contents of this pull request could not be automatically validated. The following commits could not be validated and must be approved by a top-level approver:
Comment |
|
@rissh: This pull request references Jira Issue OCPBUGS-67556, which is valid. The bug has been moved to the POST state. 7 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Jira (ocp-sustaining-admins@redhat.com), skipping review request. The bug has been updated to refer to the pull request using the external bug tracker. This pull request references Jira Issue OCPBUGS-67652, which is valid. The bug has been moved to the POST state. 7 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Jira (ocp-sustaining-admins@redhat.com), skipping review request. The bug has been updated to refer to the pull request using the external bug tracker. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
f455142 to
bc30617
Compare
|
@rissh: the contents of this pull request could not be automatically validated. The following commits could not be validated and must be approved by a top-level approver:
Comment |
|
/retest |
|
/lgtm |
|
/retest-required |
|
/retest |
|
I doubt these failures are related to this fix |
|
/override ci/prow/e2e-aws-ovn-serial |
|
/test e2e-gcp |
|
@dusk125: dusk125 unauthorized: /override is restricted to Repo administrators, approvers in top level OWNERS file, and the following github teams:openshift: openshift-release-oversight openshift-staff-engineers openshift-sustaining-engineers. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
e2e-gcp Test Failure AnalysisThe 7 failures in the JUnit section are pre-existing permafailures unrelated to this logrus CVE fix. Failing Tests (all GCP storage infrastructure)
Evidence This Is Unrelated to the CVE Fix
Note: We added |
|
/verified by e2e and conformance tests |
|
@sjenning: This PR has been marked as verified by DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED Approval requirements bypassed by manually added approval. This pull-request has been approved by: dusk125, rissh The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
/remove-label backports/unvalidated-commits |
|
/retest-required |
|
/override ci/prow/e2e-aws-ovn-serial |
|
@sjenning: Overrode contexts on behalf of sjenning: ci/prow/e2e-aws-ovn-serial, ci/prow/e2e-gcp DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@rissh: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
7aa9360
into
openshift:release-4.13
|
@rissh: An error was encountered invalid pull identifier with 2 parts: "mjuanxd/logrus-dos-poc" for bug OCPBUGS-67556 on the Jira server at https://redhat.atlassian.net. No known errors were detected, please see the full error message for details. Full error message.
Please contact an administrator to resolve this issue, then request a bug refresh with Jira Issue OCPBUGS-67556 has been moved to the MODIFIED state and will move to the VERIFIED state when the change is available in an accepted nightly payload. 🕓 An error was encountered invalid pull identifier with 2 parts: "mjuanxd/logrus-dos-poc" for bug OCPBUGS-67652 on the Jira server at https://redhat.atlassian.net. No known errors were detected, please see the full error message for details. Full error message.
Please contact an administrator to resolve this issue, then request a bug refresh with Jira Issue OCPBUGS-67652 has been moved to the MODIFIED state and will move to the VERIFIED state when the change is available in an accepted nightly payload. 🕓 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Summary
github.com/sirupsen/logrusfrom v1.8.1 to v1.9.3replacedirectives forgolang.org/xpackages to prevent transitive dependency cascadeCVE Details
Related PRs
release-4.17: #2573
release-4.16: #2582
release-4.15: #2583
release-4.14: #2586
Testing