From 6db6f65d6481c61f709d9e793dac31e6d8154050 Mon Sep 17 00:00:00 2001 From: ajayk Date: Wed, 20 Dec 2023 11:21:39 -0800 Subject: [PATCH 1/3] mitigate CVE-2023-48795 for kubernetes-dashboard --- kubernetes-dashboard.yaml | 4 ++-- mc.yaml | 8 ++++---- minio.yaml | 8 ++++---- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/kubernetes-dashboard.yaml b/kubernetes-dashboard.yaml index 9cf4833c1cf..e32c90de951 100644 --- a/kubernetes-dashboard.yaml +++ b/kubernetes-dashboard.yaml @@ -2,7 +2,7 @@ package: name: kubernetes-dashboard # When bumping, check to see if the GHSA mitigations below can be removed. version: 2.7.0 - epoch: 10 + epoch: 11 description: General-purpose web UI for Kubernetes clusters copyright: - license: Apache-2.0 @@ -29,7 +29,7 @@ pipeline: - uses: go/bump with: - deps: golang.org/x/text@v0.3.8 golang.org/x/net@v0.7.0 github.com/docker/distribution@v2.8.2 golang.org/x/net@v0.17.0 + deps: golang.org/x/text@v0.3.8 golang.org/x/net@v0.7.0 github.com/docker/distribution@v2.8.2 golang.org/x/net@v0.17.0 golang.org/x/crypto@v0.17.0 - runs: | npm ci diff --git a/mc.yaml b/mc.yaml index d7a30832de6..d288edce22e 100644 --- a/mc.yaml +++ b/mc.yaml @@ -2,8 +2,8 @@ package: name: mc # minio uses strange versioning, the upstream version is RELEASE.2023-12-02T02-03-28Z # when bumping this, also bump the tag in git-checkout below - version: 0.20231202.020328 - epoch: 1 + version: 0.20231220.071422 + epoch: 0 description: Multi-Cloud Object Storage copyright: - license: AGPL-3.0 @@ -21,8 +21,8 @@ pipeline: - uses: git-checkout with: repository: https://github.com/minio/mc - tag: RELEASE.2023-12-02T02-03-28Z - expected-commit: f5f7147b9ec4cf78eb67f1cdc91b63d191852e6a + tag: RELEASE.2023-12-20T07-14-22Z + expected-commit: 8e1573ec1b9c174e9f8d82ee9996d002c1d9caaa - runs: | make build diff --git a/minio.yaml b/minio.yaml index c401f79c224..b017b8ec5bf 100644 --- a/minio.yaml +++ b/minio.yaml @@ -2,8 +2,8 @@ package: name: minio # minio uses strange versioning, the upstream version is RELEASE.2023-10-25T06-33-25Z # when bumping this, also bump the tag in git-checkout below - version: 0.20231101.183725 - epoch: 1 + version: 0.20231220.010002 + epoch: 0 description: Multi-Cloud Object Storage copyright: - license: AGPL-3.0 @@ -21,8 +21,8 @@ pipeline: - uses: git-checkout with: repository: https://github.com/minio/minio - tag: RELEASE.2023-11-01T18-37-25Z - expected-commit: 4b4a98d5e59354870325ad19703fba03d1b104c2 + tag: RELEASE.2023-12-20T01-00-02Z + expected-commit: 7a311a3b666a0e5476fbde24d4413220876d9df2 - runs: | make build From d37c021bbf7dbd51d53c771f3407502257fdc248 Mon Sep 17 00:00:00 2001 From: ajayk Date: Wed, 20 Dec 2023 11:23:59 -0800 Subject: [PATCH 2/3] mitigate CVE-2023-48795 for kubernetes-dashboard --- mc.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mc.yaml b/mc.yaml index d288edce22e..06cb1e54dd9 100644 --- a/mc.yaml +++ b/mc.yaml @@ -21,7 +21,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/minio/mc - tag: RELEASE.2023-12-20T07-14-22Z + tag: RELEASE.2023-12-20T07-14-22Z expected-commit: 8e1573ec1b9c174e9f8d82ee9996d002c1d9caaa - runs: | From 77b2106524cdc6fb3e64c364fccaa1f68447b3d2 Mon Sep 17 00:00:00 2001 From: ajayk Date: Wed, 20 Dec 2023 11:30:50 -0800 Subject: [PATCH 3/3] mitigate CVE-2023-48795 for memcached-exporter --- memcached-exporter.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/memcached-exporter.yaml b/memcached-exporter.yaml index 1ed4c32beb9..2168f36971a 100644 --- a/memcached-exporter.yaml +++ b/memcached-exporter.yaml @@ -1,7 +1,7 @@ package: name: memcached-exporter version: 0.14.1 - epoch: 0 + epoch: 1 description: Exports metrics from memcached servers for consumption by Prometheus. copyright: - license: Apache-2.0 @@ -21,7 +21,7 @@ pipeline: - uses: go/bump with: - deps: golang.org/x/net@v0.17.0 + deps: golang.org/x/net@v0.17.0 golang.org/x/crypto@v0.17.0 - uses: go/build with: