{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":606072370,"defaultBranch":"main","name":"helm","ownerLogin":"Michael-Sinz","currentUserCanPush":false,"isFork":true,"isEmpty":false,"createdAt":"2023-02-24T14:36:30.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/36865706?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1680276847.2106261","currentOid":""},"activityList":{"items":[{"before":"b278a13d0362646becf470e0caecfc7ce8f592c7","after":"37527a32df03a8a390534c4c9ab1c303dbd4d7e0","ref":"refs/heads/fix-CVE-2023-25173_CVE-2023-25153_CVE-2022-41723","pushedAt":"2023-04-03T16:20:29.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"Michael-Sinz","name":"Michael Sinz","path":"/Michael-Sinz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/36865706?s=80&v=4"},"commit":{"message":"Address CVE-2023-25173, CVE-2023-25153 and CVE-2022-41723\n\nHelm has a direct dependency on containerd 1.6.15, which has two\nvulnerabilities:\n[CVE-2023-25173](https://github.com/advisories/GHSA-hmfx-3pcx-653p)\nand\n[CVE-2023-25153](https://github.com/advisories/GHSA-259w-8hf6-59c2)\n\nBoth require updating to 1.6.18\n\nThe fix is rather simple - change the version of containerd package.\n```\ngo mod edit -require=github.com/containerd/containerd@v1.6.18\ngo mod tidy\n```\n\nAddress CVE-2022-41723 due to indirect dependency via crypto v0.5.0:\n[CVE-2022-41723](https://github.com/advisories/GHSA-vvpx-j8f3-3w6h)\n\nThe local fix is relatively simple:\n```\ngo mod edit -require=golang.org/x/crypto@v0.7.0\ngo mod tidy\n```\n\nSigned-off-by: Michael Sinz <msinz@microsoft.com>","shortMessageHtmlLink":"Address <a title=\"CVE-2023-25173\" data-hovercard-type=\"advisory\" data-hovercard-url=\"/advisories/GHSA-hmfx-3pcx-653p/hovercard\" href=\"https://github.com/advisories/GHSA-hmfx-3pcx-653p\">CVE-2023-25173</a>, <a title=\"CVE-2023-25153\" data-hovercard-type=\"advisory\" data-hovercard-url=\"/advisories/GHSA-259w-8hf6-59c2/hovercard\" href=\"https://github.com/advisories/GHSA-259w-8hf6-59c2\">CVE-2023-25153</a> and <a title=\"CVE-2022-41723\" data-hovercard-type=\"advisory\" data-hovercard-url=\"/advisories/GHSA-vvpx-j8f3-3w6h/hovercard\" href=\"https://github.com/advisories/GHSA-vvpx-j8f3-3w6h\">CVE-2022-41723</a>"}},{"before":"d556ac547aebdf709020481c3597ac5bda4a0642","after":null,"ref":"refs/heads/CVE-2022-41723","pushedAt":"2023-03-31T15:34:07.210Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"Michael-Sinz","name":"Michael Sinz","path":"/Michael-Sinz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/36865706?s=80&v=4"}},{"before":null,"after":"d556ac547aebdf709020481c3597ac5bda4a0642","ref":"refs/heads/CVE-2022-41723","pushedAt":"2023-03-31T15:33:21.843Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"Michael-Sinz","name":"Michael Sinz","path":"/Michael-Sinz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/36865706?s=80&v=4"},"commit":{"message":"Address CVE-2023-25173 and CVE-2023-25153\n\nHelm has a direct dependency on containerd 1.6.15, which has two\nvulnerabilities:\n[CVE-2023-25173](https://github.com/advisories/GHSA-hmfx-3pcx-653p) and\n[CVE-2023-25153](https://github.com/advisories/GHSA-259w-8hf6-59c2)\n\nBoth require updating to 1.6.18\n\nThe fix is rather simple - change the version of containerd package.\n```\ngo mod edit -require=github.com/containerd/containerd@v1.6.18\ngo mod tidy\n```","shortMessageHtmlLink":"Address <a title=\"CVE-2023-25173\" data-hovercard-type=\"advisory\" data-hovercard-url=\"/advisories/GHSA-hmfx-3pcx-653p/hovercard\" href=\"https://github.com/advisories/GHSA-hmfx-3pcx-653p\">CVE-2023-25173</a> and <a title=\"CVE-2023-25153\" data-hovercard-type=\"advisory\" data-hovercard-url=\"/advisories/GHSA-259w-8hf6-59c2/hovercard\" href=\"https://github.com/advisories/GHSA-259w-8hf6-59c2\">CVE-2023-25153</a>"}},{"before":"904db7ae87164c4bffeadbc6c41559832ccbcde7","after":"eea2f27babb0fddd9fb1907f4d8531c8f5c73c66","ref":"refs/heads/main","pushedAt":"2023-03-31T15:32:16.512Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"Michael-Sinz","name":"Michael Sinz","path":"/Michael-Sinz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/36865706?s=80&v=4"},"commit":{"message":"Fixes Readiness Check for statefulsets using partitioned rolling update. (#11774)\n\n* Fixes Readiness Check for statefulsets using partitioned rolling update.\r\nFixes #11773\r\n\r\nThis change updates readiness check in ready.go to correctly\r\naccount for statefulsets that are utilizing a partitioned upgrade.\r\nThese statefulsets only upgrade a subset of the managed pods with each call\r\nto helm upgrade. This causes the upgrade to legitimately hit the condition where\r\nsts.status.CurrentRevision != sts.Status.UpdateRevision which causes helm to mark\r\nthe upgrade has failed when in fact it is successful.\r\n\r\nThis change fixes that behavior to only check when partition is unspecified or 0.\r\n\r\nSigned-off-by: Aman Nijhawan <anijhawan@yugabyte.com>\r\n\r\n* Adding a unit test to verify that partitioned rolling upgrade for a statefulset works.\r\n\r\nSigned-off-by: Aman Nijhawan <anijhawan@yugabyte.com>\r\n\r\n---------\r\n\r\nSigned-off-by: Aman Nijhawan <anijhawan@yugabyte.com>\r\nCo-authored-by: Aman Nijhawan <anijhawan@yugabyte.com>","shortMessageHtmlLink":"Fixes Readiness Check for statefulsets using partitioned rolling upda…"}},{"before":null,"after":"b278a13d0362646becf470e0caecfc7ce8f592c7","ref":"refs/heads/fix-CVE-2023-25173_CVE-2023-25153_CVE-2022-41723","pushedAt":"2023-03-31T15:24:19.701Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"Michael-Sinz","name":"Michael Sinz","path":"/Michael-Sinz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/36865706?s=80&v=4"},"commit":{"message":"Address CVE-2023-25173, CVE-2023-25153 and CVE-2022-41723\n\nHelm has a direct dependency on containerd 1.6.15, which has two\nvulnerabilities:\n[CVE-2023-25173](https://github.com/advisories/GHSA-hmfx-3pcx-653p)\nand\n[CVE-2023-25153](https://github.com/advisories/GHSA-259w-8hf6-59c2)\n\nBoth require updating to 1.6.18\n\nThe fix is rather simple - change the version of containerd package.\n```\ngo mod edit -require=github.com/containerd/containerd@v1.6.18\ngo mod tidy\n```\n\nAddress CVE-2022-41723 due to indirect dependency via crypto v0.5.0:\n[CVE-2022-41723](https://github.com/advisories/GHSA-vvpx-j8f3-3w6h)\n\nThe local fix is relatively simple:\n```\ngo mod edit -require=golang.org/x/crypto@v0.7.0\ngo mod tidy\n```","shortMessageHtmlLink":"Address <a title=\"CVE-2023-25173\" data-hovercard-type=\"advisory\" data-hovercard-url=\"/advisories/GHSA-hmfx-3pcx-653p/hovercard\" href=\"https://github.com/advisories/GHSA-hmfx-3pcx-653p\">CVE-2023-25173</a>, <a title=\"CVE-2023-25153\" data-hovercard-type=\"advisory\" data-hovercard-url=\"/advisories/GHSA-259w-8hf6-59c2/hovercard\" href=\"https://github.com/advisories/GHSA-259w-8hf6-59c2\">CVE-2023-25153</a> and <a title=\"CVE-2022-41723\" data-hovercard-type=\"advisory\" data-hovercard-url=\"/advisories/GHSA-vvpx-j8f3-3w6h/hovercard\" href=\"https://github.com/advisories/GHSA-vvpx-j8f3-3w6h\">CVE-2022-41723</a>"}},{"before":"eea2f27babb0fddd9fb1907f4d8531c8f5c73c66","after":"904db7ae87164c4bffeadbc6c41559832ccbcde7","ref":"refs/heads/main","pushedAt":"2023-03-31T15:17:32.243Z","pushType":"push","commitsCount":1,"pusher":{"login":"Michael-Sinz","name":"Michael Sinz","path":"/Michael-Sinz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/36865706?s=80&v=4"},"commit":{"message":"Address CVE-2023-25173, CVE-2023-25153 and CVE-2022-41723\n\nHelm has a direct dependency on containerd 1.6.15, which has two\nvulnerabilities:\n[CVE-2023-25173](https://github.com/advisories/GHSA-hmfx-3pcx-653p)\nand\n[CVE-2023-25153](https://github.com/advisories/GHSA-259w-8hf6-59c2)\n\nBoth require updating to 1.6.18\n\nThe fix is rather simple - change the version of containerd package.\n```\ngo mod edit -require=github.com/containerd/containerd@v1.6.18\ngo mod tidy\n```\n\nAddress CVE-2022-41723 due to indirect dependency via crypto v0.5.0:\n[CVE-2022-41723](https://github.com/advisories/GHSA-vvpx-j8f3-3w6h)\n\nThe local fix is relatively simple:\n```\ngo mod edit -require=golang.org/x/crypto@v0.7.0\ngo mod tidy\n```","shortMessageHtmlLink":"Address <a title=\"CVE-2023-25173\" data-hovercard-type=\"advisory\" data-hovercard-url=\"/advisories/GHSA-hmfx-3pcx-653p/hovercard\" href=\"https://github.com/advisories/GHSA-hmfx-3pcx-653p\">CVE-2023-25173</a>, <a title=\"CVE-2023-25153\" data-hovercard-type=\"advisory\" data-hovercard-url=\"/advisories/GHSA-259w-8hf6-59c2/hovercard\" href=\"https://github.com/advisories/GHSA-259w-8hf6-59c2\">CVE-2023-25153</a> and <a title=\"CVE-2022-41723\" data-hovercard-type=\"advisory\" data-hovercard-url=\"/advisories/GHSA-vvpx-j8f3-3w6h/hovercard\" href=\"https://github.com/advisories/GHSA-vvpx-j8f3-3w6h\">CVE-2022-41723</a>"}},{"before":"d556ac547aebdf709020481c3597ac5bda4a0642","after":"eea2f27babb0fddd9fb1907f4d8531c8f5c73c66","ref":"refs/heads/main","pushedAt":"2023-03-31T15:09:17.243Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"Michael-Sinz","name":"Michael Sinz","path":"/Michael-Sinz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/36865706?s=80&v=4"},"commit":{"message":"Fixes Readiness Check for statefulsets using partitioned rolling update. (#11774)\n\n* Fixes Readiness Check for statefulsets using partitioned rolling update.\r\nFixes #11773\r\n\r\nThis change updates readiness check in ready.go to correctly\r\naccount for statefulsets that are utilizing a partitioned upgrade.\r\nThese statefulsets only upgrade a subset of the managed pods with each call\r\nto helm upgrade. This causes the upgrade to legitimately hit the condition where\r\nsts.status.CurrentRevision != sts.Status.UpdateRevision which causes helm to mark\r\nthe upgrade has failed when in fact it is successful.\r\n\r\nThis change fixes that behavior to only check when partition is unspecified or 0.\r\n\r\nSigned-off-by: Aman Nijhawan <anijhawan@yugabyte.com>\r\n\r\n* Adding a unit test to verify that partitioned rolling upgrade for a statefulset works.\r\n\r\nSigned-off-by: Aman Nijhawan <anijhawan@yugabyte.com>\r\n\r\n---------\r\n\r\nSigned-off-by: Aman Nijhawan <anijhawan@yugabyte.com>\r\nCo-authored-by: Aman Nijhawan <anijhawan@yugabyte.com>","shortMessageHtmlLink":"Fixes Readiness Check for statefulsets using partitioned rolling upda…"}},{"before":"d556ac547aebdf709020481c3597ac5bda4a0642","after":null,"ref":"refs/heads/CVE-2022-41723","pushedAt":"2023-03-15T13:46:57.314Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"Michael-Sinz","name":"Michael Sinz","path":"/Michael-Sinz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/36865706?s=80&v=4"}},{"before":"32bb0952cadc1ba724a05030beeb293f07a43945","after":"d556ac547aebdf709020481c3597ac5bda4a0642","ref":"refs/heads/main","pushedAt":"2023-03-15T13:39:07.891Z","pushType":"push","commitsCount":1,"pusher":{"login":"Michael-Sinz","name":"Michael Sinz","path":"/Michael-Sinz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/36865706?s=80&v=4"},"commit":{"message":"Address CVE-2023-25173 and CVE-2023-25153\n\nHelm has a direct dependency on containerd 1.6.15, which has two\nvulnerabilities:\n[CVE-2023-25173](https://github.com/advisories/GHSA-hmfx-3pcx-653p) and\n[CVE-2023-25153](https://github.com/advisories/GHSA-259w-8hf6-59c2)\n\nBoth require updating to 1.6.18\n\nThe fix is rather simple - change the version of containerd package.\n```\ngo mod edit -require=github.com/containerd/containerd@v1.6.18\ngo mod tidy\n```","shortMessageHtmlLink":"Address <a title=\"CVE-2023-25173\" data-hovercard-type=\"advisory\" data-hovercard-url=\"/advisories/GHSA-hmfx-3pcx-653p/hovercard\" href=\"https://github.com/advisories/GHSA-hmfx-3pcx-653p\">CVE-2023-25173</a> and <a title=\"CVE-2023-25153\" data-hovercard-type=\"advisory\" data-hovercard-url=\"/advisories/GHSA-259w-8hf6-59c2/hovercard\" href=\"https://github.com/advisories/GHSA-259w-8hf6-59c2\">CVE-2023-25153</a>"}},{"before":"32bb0952cadc1ba724a05030beeb293f07a43945","after":"d556ac547aebdf709020481c3597ac5bda4a0642","ref":"refs/heads/CVE-2022-41723","pushedAt":"2023-03-15T13:37:52.755Z","pushType":"push","commitsCount":1,"pusher":{"login":"Michael-Sinz","name":"Michael Sinz","path":"/Michael-Sinz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/36865706?s=80&v=4"},"commit":{"message":"Address CVE-2023-25173 and CVE-2023-25153\n\nHelm has a direct dependency on containerd 1.6.15, which has two\nvulnerabilities:\n[CVE-2023-25173](https://github.com/advisories/GHSA-hmfx-3pcx-653p) and\n[CVE-2023-25153](https://github.com/advisories/GHSA-259w-8hf6-59c2)\n\nBoth require updating to 1.6.18\n\nThe fix is rather simple - change the version of containerd package.\n```\ngo mod edit -require=github.com/containerd/containerd@v1.6.18\ngo mod tidy\n```","shortMessageHtmlLink":"Address <a title=\"CVE-2023-25173\" data-hovercard-type=\"advisory\" data-hovercard-url=\"/advisories/GHSA-hmfx-3pcx-653p/hovercard\" href=\"https://github.com/advisories/GHSA-hmfx-3pcx-653p\">CVE-2023-25173</a> and <a title=\"CVE-2023-25153\" data-hovercard-type=\"advisory\" data-hovercard-url=\"/advisories/GHSA-259w-8hf6-59c2/hovercard\" href=\"https://github.com/advisories/GHSA-259w-8hf6-59c2\">CVE-2023-25153</a>"}},{"before":null,"after":"32bb0952cadc1ba724a05030beeb293f07a43945","ref":"refs/heads/CVE-2022-41723","pushedAt":"2023-03-15T13:02:29.089Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"Michael-Sinz","name":"Michael Sinz","path":"/Michael-Sinz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/36865706?s=80&v=4"},"commit":{"message":"fix: Address CVE-2022-41723 due to indirect dependency\n\nThe local fix is relatively simple:\n```\ngo mod edit --replace golang.org/x/net=golang.org/x/net@v0.7.0\ngo mod tidy\n```\n\nThis is all the change that was needed to address this.\n\nThis is to address issue #11850\nhttps://github.com/helm/helm/issues/11850","shortMessageHtmlLink":"fix: Address <a title=\"CVE-2022-41723\" data-hovercard-type=\"advisory\" data-hovercard-url=\"/advisories/GHSA-vvpx-j8f3-3w6h/hovercard\" href=\"https://github.com/advisories/GHSA-vvpx-j8f3-3w6h\">CVE-2022-41723</a> due to indirect dependency"}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAADESwRtAA","startCursor":null,"endCursor":null}},"title":"Activity · Michael-Sinz/helm"}