Skip to content

chore: fix CVE-2025-22871 #40

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 30, 2025
Merged

chore: fix CVE-2025-22871 #40

merged 1 commit into from
Apr 30, 2025

Conversation

@ryanzhang-oss
Copy link
Contributor

@ryanzhang-oss ryanzhang-oss commented Apr 30, 2025

Description of your changes

Bump go version to fix CVE

Fixes #

I have:

  • [x Run make reviewable to ensure this PR is ready for review.

How has this code been tested

Special notes for your reviewer

fix CVE-2025-22871
58ff3d9 
Signed-off-by: Ryan Zhang <zhangryan@microsoft.com>
@ryanzhang-oss ryanzhang-oss requested a review from Copilot April 30, 2025 19:03
Copilot AI reviewed Apr 30, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR bumps the Go version from '1.23.6' to '1.23.8' in several configuration and workflow files to address CVE-2025-22871.

  • Update .golangci.yml to use the new Go version
  • Update multiple GitHub workflow files (upgrade.yml, trivy.yml, code-lint.yml, ci.yml) to use the new Go version

Reviewed Changes

Copilot reviewed 5 out of 9 changed files in this pull request and generated no comments.

Show a summary per file
File Description
.golangci.yml Updated Go version to ensure linters run against 1.23.8
.github/workflows/upgrade.yml Updated Go version in the workflow environment
.github/workflows/trivy.yml Updated Go version for scanning purposes
.github/workflows/code-lint.yml Updated Go version for code linting
.github/workflows/ci.yml Updated Go version for continuous integration
Files not reviewed (4)
  • docker/hub-agent.Dockerfile: Language not supported
  • docker/member-agent.Dockerfile: Language not supported
  • docker/refresh-token.Dockerfile: Language not supported
  • go.mod: Language not supported

@codecov
Copy link

codecov bot commented Apr 30, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

📢 Thoughts on this report? Let us know!

@ryanzhang-oss ryanzhang-oss merged commit d92c2d5 into kubefleet-dev:main Apr 30, 2025
17 checks passed
audrastump pushed a commit to audrastump/kubefleet that referenced this pull request May 7, 2025
@ryanzhang-oss @audrastump
chore: fix CVE-2025-22871 (kubefleet-dev#40)
3d598ba 
fix CVE-2025-22871

Signed-off-by: Ryan Zhang <zhangryan@microsoft.com>
Co-authored-by: Ryan Zhang <zhangryan@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@britaniar britaniar britaniar approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ryanzhang-oss @britaniar