Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revert #3875 (updates github.com/prometheus/(common|client_golang)) #5511

Merged
merged 1 commit into from Mar 24, 2022
Merged

Revert #3875 (updates github.com/prometheus/(common|client_golang)) #5511

merged 1 commit into from Mar 24, 2022

Conversation

leonz
Copy link
Contributor

@leonz leonz commented Mar 23, 2022
edited

The current version of prometheus client_golang in ECK has a high impact vulnerability (CVE-2022-21698) that gets flagged by vulnerability scanners. This package stopped being upgraded in #3875 due to prometheus/common#255, but that has since been resolved.

@elasticmachine
Copy link
Collaborator

Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually?

3 similar comments
@elasticmachine
Copy link
Collaborator

Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually?

@elasticmachine
Copy link
Collaborator

Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually?

@elasticmachine
Copy link
Collaborator

Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually?

@cla-checker-service
Copy link

cla-checker-service bot commented Mar 23, 2022
edited

💚 CLA has been signed

@botelastic botelastic bot added the triage label Mar 23, 2022
@thbkrkr
Copy link
Contributor

thbkrkr commented Mar 24, 2022

Jenkins test this please

@thbkrkr thbkrkr added the >renovate PRs created by or relating to Renovate label Mar 24, 2022
@botelastic botelastic bot removed the triage label Mar 24, 2022
@thbkrkr
Copy link
Contributor

thbkrkr commented Mar 24, 2022

@elasticmachine run elasticsearch-ci/docs

@thbkrkr thbkrkr merged commit f4aa52c into elastic:main Mar 24, 2022
@leonz leonz deleted the patch-1 branch March 24, 2022 17:34
@thbkrkr thbkrkr added the v2.2.0 label Mar 29, 2022
@thbkrkr thbkrkr added the exclude-from-release-notes Exclude this PR from appearing in the release notes label Apr 11, 2022
fantapsody pushed a commit to fantapsody/cloud-on-k8s that referenced this pull request Feb 7, 2023
@leonz @fantapsody
Revert elastic#3875 (updates github.com/prometheus/(common|client_gol…
356022d 
…ang)) (elastic#5511)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thbkrkr thbkrkr thbkrkr approved these changes

Assignees
No one assigned
Labels
exclude-from-release-notes Exclude this PR from appearing in the release notes >renovate PRs created by or relating to Renovate v2.2.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@leonz @elasticmachine @thbkrkr