Fix CVE-2025-65637#59
Conversation
- CVE-2025-65637: github.com/sirupsen/logrus v1.9.0 → 1.8.3, 1.9.1, 1.9.3
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Repository: openshift/coderabbit/.coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
Hi @oadp-rebasebot-app[bot]. Thanks for your PR. I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with Regular contributors should join the org to skip this step. Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/ok-to-test |
|
/override "Cross Compile for openbsd/386 openbsd/amd64 freebsd/386 freebsd/amd64 freebsd/arm aix/ppc64 darwin/amd64 darwin/arm64" |
|
[APPROVALNOTIFIER] This PR is APPROVED Approval requirements bypassed by manually added approval. This pull-request has been approved by: kaovilai, oadp-rebasebot-app[bot] The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
@kaovilai: kaovilai unauthorized: /override is restricted to Repo administrators, approvers in top level OWNERS file, and the following github teams:openshift: openshift-release-oversight openshift-staff-engineers openshift-sustaining-engineers. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
CVE Fixes
Automated scan found 1 fixable Go dependency CVE(s) in
openshift/resticon branchoadp-1.3.How this was fixed
go get <package>@<fixed_version>for each vulnerable dependencygo mod tidyto clean upWave propagation note
This repo is in wave 1-2. Downstream repos (waves 3+) should pick up these fixes
automatically through the rebase pipeline. If they don't, check the dependency chain.
Generated by cve-scan pipeline