Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update glog 1.2.0 -> 1.2.4 - CVE-2024-45339 #6301

Merged
merged 3 commits into from
Mar 4, 2025
Merged

Update glog 1.2.0 -> 1.2.4 - CVE-2024-45339 #6301

merged 3 commits into from
Mar 4, 2025
+9 −9

Conversation

ddl-ebrown
Copy link
Contributor

@ddl-ebrown ddl-ebrown commented Mar 4, 2025
edited by flyte-bot
Loading

Replaces #6200

Tracking issue

Why are the changes needed?

What changes were proposed in this pull request?

How was this patch tested?

Labels

Please add one or more of the following labels to categorize your PR:

  • added: For new features.
  • changed: For changes in existing functionality.
  • deprecated: For soon-to-be-removed features.
  • removed: For features being removed.
  • fixed: For any bug fixed.
  • security: In case of vulnerabilities

This is important to improve the readability of release notes.

Setup process

Screenshots

Check all the applicable boxes

  • I updated the documentation accordingly.
  • All new and existing tests passed.
  • All commits are signed-off.

Related PRs

Docs link

Summary by Bito

This PR updates the glog dependency from v1.2.0 to v1.2.4 across multiple modules to address security vulnerability CVE-2024-45339. The changes are implemented in go.mod and go.sum files for datacatalog, flyteadmin, and the root project, with necessary checksum entries added and obsolete entries removed to maintain integrity and properly reference the updated secure version.

Unit tests added: False

Estimated effort to review (1-5, lower is better): 1

@flyte-bot
Copy link
Collaborator

flyte-bot commented Mar 4, 2025
edited
Loading

Code Review Agent Run #3f7165

Actionable Suggestions - 0
Review Details
  • Files reviewed - 6 · Commit Range: ba9ccd7..ba9ccd7
    • datacatalog/go.mod
    • datacatalog/go.sum
    • flyteadmin/go.mod
    • flyteadmin/go.sum
    • go.mod
    • go.sum
  • Files skipped - 0
  • Tools
    • Golangci-lint (Linter) - ✖︎ Failed
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful

AI Code Review powered by Bito Logo

@ddl-ebrown ddl-ebrown mentioned this pull request Mar 4, 2025
Open
@flyte-bot
Copy link
Collaborator

flyte-bot commented Mar 4, 2025
edited
Loading

Changelist by Bito

This pull request implements the following key changes.

Key Change Files Impacted
Bug Fix - Security Update for glog Dependency

go.mod - Updated glog from v1.2.0 to v1.2.4 in go.mod to address vulnerability.

go.sum - Replaced glog checksums to reflect the upgrade to v1.2.4.

go.mod - Updated glog from v1.2.0 to v1.2.4 in go.mod, ensuring dependency security.

go.sum - Replaced glog checksums in line with the version update to v1.2.4.

go.mod - Upgraded glog from v1.2.0 to v1.2.4 in go.mod at the root level.

go.sum - Refreshed glog dependency checksums to match the new v1.2.4 version.

@codecov Codecov
Copy link

codecov bot commented Mar 4, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 58.49%. Comparing base (6e5aca7) to head (8533253).
Report is 2 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #6301   +/-   ##
=======================================
  Coverage   58.48%   58.49%           
=======================================
  Files         937      937           
  Lines       71088    71088           
=======================================
+ Hits        41577    41583    +6     
+ Misses      26359    26353    -6     
  Partials     3152     3152
Flag Coverage Δ
unittests-datacatalog 59.06% <ø> (ø)
unittests-flyteadmin 56.30% <ø> (+0.02%) ⬆️
unittests-flytecopilot 30.99% <ø> (ø)
unittests-flytectl 64.70% <ø> (ø)
unittests-flyteidl 76.12% <ø> (ø)
unittests-flyteplugins 61.00% <ø> (ø)
unittests-flytepropeller 54.79% <ø> (ø)
unittests-flytestdlib 64.04% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@flyte-bot
Copy link
Collaborator

flyte-bot commented Mar 4, 2025
edited
Loading

Code Review Agent Run #8a6dcb

Actionable Suggestions - 0
Review Details
  • Files reviewed - 6 · Commit Range: dca842c..dca842c
    • datacatalog/go.mod
    • datacatalog/go.sum
    • flyteadmin/go.mod
    • flyteadmin/go.sum
    • go.mod
    • go.sum
  • Files skipped - 0
  • Tools
    • Golangci-lint (Linter) - ✖︎ Failed
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful

AI Code Review powered by Bito Logo

@eapolinario
Update go.sum via make generate
f62090c 
Signed-off-by: Eduardo Apolinario <[email protected]>
@eapolinario eapolinario enabled auto-merge (squash) March 4, 2025 17:02
eapolinario
eapolinario previously approved these changes Mar 4, 2025
View reviewed changes
Copy link
Contributor

@eapolinario eapolinario left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you.

@eapolinario
go mod tidy
8533253 
Signed-off-by: Eduardo Apolinario <[email protected]>
ddl-ebrown
ddl-ebrown commented Mar 4, 2025
View reviewed changes
datacatalog/go.sum
@@ -145,8 +145,6 @@ github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69
github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68=
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ahh thanks @eapolinario I was wondering what tooling had to be used to cleanup the CI fails

@flyte-bot
Copy link
Collaborator

flyte-bot commented Mar 4, 2025
edited
Loading

Code Review Agent Run #c0ed0e

Actionable Suggestions - 0
Review Details
  • Files reviewed - 3 · Commit Range: dca842c..8533253
    • datacatalog/go.sum
    • flyteadmin/go.sum
    • go.sum
  • Files skipped - 0
  • Tools
    • Golangci-lint (Linter) - ✖︎ Failed
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful

AI Code Review powered by Bito Logo

@eapolinario eapolinario merged commit 4f0a73b into flyteorg:master Mar 4, 2025
50 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eapolinario eapolinario eapolinario approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ddl-ebrown @flyte-bot @eapolinario