Skip to content

CVE-2025-22869 #8743

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
blackpiglet merged 2 commits into from
Mar 5, 2025
Merged

CVE-2025-22869 #8743

blackpiglet merged 2 commits into from
Mar 5, 2025

Conversation

@kaovilai
Copy link
Collaborator

@kaovilai kaovilai commented Mar 3, 2025
edited
Loading

Including https://go-review.googlesource.com/c/crypto/+/652135 patch to fix CVE

go get golang.org/x/[email protected] [email protected] && go mod tidy

Signed-off-by: Tiger Kaovilai [email protected]

Thank you for contributing to Velero!

Please add a summary of your change

Fix CVE-2025-22869

Does your change fix a particular issue?

Fixes #8744

Please indicate you've done the following:

@kaovilai kaovilai added the kind/changelog-not-required PR does not require a user changelog. Often for docs, website, or build changes label Mar 3, 2025
@github-actions github-actions bot requested review from Lyndon-Li and sseago March 3, 2025 15:14
@github-actions github-actions bot added the Dependencies Pull requests that update a dependency file label Mar 3, 2025
kaovilai
kaovilai commented Mar 3, 2025
View reviewed changes
@sseago
Copy link
Collaborator

sseago commented Mar 3, 2025

@kaovilai s/1.22/1.23 also in:
hack/build-image/Dockerfile
Dockerfile
Dockerfile-Windows
Tiltfile

@codecov
Copy link

codecov bot commented Mar 3, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 59.53%. Comparing base (aa88d1c) to head (945911c).
Report is 3 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #8743   +/-   ##
=======================================
  Coverage   59.53%   59.53%           
=======================================
  Files         371      371           
  Lines       40196    40196           
=======================================
  Hits        23932    23932           
  Misses      14767    14767           
  Partials     1497     1497

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@kaovilai kaovilai mentioned this pull request Mar 3, 2025
Closed
sseago
sseago previously approved these changes Mar 3, 2025
View reviewed changes
@sseago
Copy link
Collaborator

sseago commented Mar 3, 2025

I'm not sure why the linter check is failing. Are there infra issues here? It's failing without any obvious error messages.

weshayutin
weshayutin approved these changes Mar 4, 2025
View reviewed changes
Copy link
Contributor

@weshayutin weshayutin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks @kaovilai

blackpiglet
blackpiglet previously approved these changes Mar 4, 2025
View reviewed changes
sseago
sseago previously approved these changes Mar 4, 2025
View reviewed changes
@kaovilai
Copy link
Collaborator Author

kaovilai commented Mar 4, 2025

There's a go only PR here

@kaovilai kaovilai changed the title CVE-2025-22869 + go1.23 CVE-2025-22869 Mar 4, 2025
@kaovilai
CVE-2025-22869 + go1.23
bf2b118 
Including https://go-review.googlesource.com/c/crypto/+/652135 patch to fix CVE

```sh
go get golang.org/x/[email protected] toolchain@none && go mod tidy
```

Signed-off-by: Tiger Kaovilai <[email protected]>
@kaovilai kaovilai dismissed stale reviews from sseago and blackpiglet via 96c4f77 March 4, 2025 15:47
@kaovilai kaovilai requested a review from sseago March 4, 2025 15:47
sseago
sseago reviewed Mar 4, 2025
View reviewed changes
@kaovilai
dockerfile go:1.23
945911c 
Signed-off-by: Tiger Kaovilai <[email protected]>
@kaovilai kaovilai requested a review from sseago March 4, 2025 17:19
@blackpiglet blackpiglet merged commit 5e68beb into vmware-tanzu:main Mar 5, 2025
42 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sseago sseago sseago approved these changes

@blackpiglet blackpiglet blackpiglet approved these changes

@Lyndon-Li Lyndon-Li Awaiting requested review from Lyndon-Li

+1 more reviewer

@weshayutin weshayutin weshayutin approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@kaovilai kaovilai

Labels

Dependencies Pull requests that update a dependency file kind/changelog-not-required PR does not require a user changelog. Often for docs, website, or build changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CVE-2025-22869

4 participants

@kaovilai @sseago @weshayutin @blackpiglet