Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update image dependencies #4111

Merged
merged 1 commit into from
Oct 31, 2023
Merged

update image dependencies #4111

merged 1 commit into from
Oct 31, 2023

Conversation

cbodonnell
Copy link
Contributor

@cbodonnell cbodonnell commented Oct 30, 2023
edited
Loading

What this PR does / why we need it:

Upgrades the local-volume-provider, schemahero, minio, and mc dependency images to resolve several CVEs.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Steps to reproduce

Does this PR introduce a user-facing change?

* Upgrades the replicated/local-volume-provider image to v0.5.5 to resolve CVE-2023-45128 with critical severity, CVE-2023-4911, CVE-2023-29491, CVE-2023-45141, and GHSA-m425-mq94-257g with high severity, and CVE-2023-36054, CVE-2023-3446, CVE-2023-3817, CVE-2023-41338, CVE-2023-39325, CVE-2023-3978, and CVE-2023-44487 with medium severity.
* Upgrades the replicated/schemahero image to 0.16.0 to resolve CVE-2023-4911 with high severity, CVE-2023-2603, CVE-2023-29491, CVE-2023-2650, CVE-2023-31484, and CVE-2023-3978 with medium severity.
* Upgrades the minio/minio image to RELEASE.2023-10-25T06-33-25Z to resolve CVE-2023-4911 and CVE-2023-44487 with high severity, CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2023-39325, and CVE-2023-44487 with medium severity.
* Upgrades the minio/mc image to RELEASE.2023-10-14T01-57-03Z to resolve CVE-2023-4911 with high severity, and CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, and CVE-2023-39325 with medium severity.

Does this PR require documentation?

sgalsaleh
sgalsaleh previously approved these changes Oct 30, 2023
View reviewed changes
@cbodonnell cbodonnell force-pushed the cbo/update-image-deps branch from 30f9ab1 to a4af746 Compare October 30, 2023 23:07
@cbodonnell cbodonnell requested a review from sgalsaleh October 31, 2023 13:38
@cbodonnell cbodonnell merged commit 64bd419 into main Oct 31, 2023
240 checks passed
@cbodonnell cbodonnell deleted the cbo/update-image-deps branch October 31, 2023 13:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sgalsaleh sgalsaleh sgalsaleh approved these changes

Assignees
No one assigned
Labels
type::security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cbodonnell @sgalsaleh