Skip to content

No-Jira: Bump golang.org/x/crypto to 0.45.0 #90

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Amulyam24 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

No-Jira: Bump golang.org/x/crypto to 0.45.0 #90

Amulyam24 wants to merge 1 commit into from

Conversation

@Amulyam24
Copy link

@Amulyam24 Amulyam24 commented Dec 11, 2025

We use CCM in cluster-api-provider-ibmcloud, this PR updaes golang.org/x/crypto to 0.45.0 to fix the security vulnerabilities

#13 [ccm-builder 3/4] RUN git clone https://github.com/openshift/cloud-provider-powervs
#13 0.052 Cloning into 'cloud-provider-powervs'...
#13 DONE 3.0s

#14 [ccm-builder 4/4] RUN cd cloud-provider-powervs && git checkout 2424e8d && CGO_ENABLED=0 GOARCH=amd64 go build      -ldflags "-s -w" -o /build/ibm-cloud-controller-manager .
#14 0.500 Note: switching to '2424e8d'.
#14 0.500 
#14 0.500 You are in 'detached HEAD' state. You can look around, make experimental
#14 0.500 changes and commit them, and you can discard any commits you make in this
#14 0.500 state without impacting any branches by switching back to a branch.
#14 0.500 
#14 0.500 If you want to create a new branch to retain commits you create, you may
#14 0.500 do so (now or later) by using -c with the switch command. Example:
#14 0.500 
#14 0.500   git switch -c <new-branch-name>
#14 0.500 
#14 0.500 Or undo this operation with:
#14 0.500 
#14 0.500   git switch -
#14 0.500 
#14 0.500 Turn off this advice by setting config variable advice.detachedHead to false
#14 0.500 
#14 0.500 HEAD is now at 2424e8dd Merge pull request #87 from Prajyot-Parab/main
#14 DONE 110.1s

#15 [centos-base 2/2] COPY --from=ccm-builder /build/ibm-cloud-controller-manager /bin/ibm-cloud-controller-manager
#15 DONE 0.1s

#16 exporting to docker image format
#16 exporting layers
#16 exporting layers 2.4s done
#16 exporting manifest sha256:3ec9aa78b6479332cdbb366dbdd191d29f9c60be506757a4bef74d53cfeb94a7 done
#16 exporting config sha256:be5cd3d2af40d21d8e1f76d3a6a3f019564050cd9286249b8fb9741680e84f9b done
#16 sending tarball
#16 sending tarball 4.0s done
#16 DONE 6.4s

#17 importing to docker
#17 loading layer 6ee281da9ae8 84.56MB / 84.56MB 3.4s done
#17 loading layer b91c50db6c22 22.57MB / 22.57MB 0.8s done
#17 DONE 3.4s
make[2]: Leaving directory '/home/runner/work/cluster-api-provider-ibmcloud/cluster-api-provider-ibmcloud/hack/ccm'




Report Summary

┌──────────────────────────────────────┬──────────┬─────────────────┬─────────┐
│                Target                │   Type   │ Vulnerabilities │ Secrets │
├──────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ usr/bin/ibm-cloud-controller-manager │ gobinary │        2        │    -    │
└──────────────────────────────────────┴──────────┴─────────────────┴─────────┘


usr/bin/ibm-cloud-controller-manager (gobinary)
===============================================
Total: 2 (MEDIUM: 2, HIGH: 0, CRITICAL: 0)

┌─────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│       Library       │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                            Title                            │
├─────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ golang.org/x/crypto │ CVE-2025-47914 │ MEDIUM   │ fixed  │ v0.37.0           │ 0.45.0        │ SSH Agent servers do not validate the size of messages when │
│                     │                │          │        │                   │               │ processing...                                               │
│                     │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2025-47914                  │
│                     ├────────────────┤          │        │                   │               ├─────────────────────────────────────────────────────────────┤
│                     │ CVE-2025-58181 │          │        │                   │               │ SSH servers parsing GSSAPI authentication requests do not   │
│                     │                │          │        │                   │               │ validate the ...                                            │
│                     │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2025-58181                  │
└─────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘

Check container images failed! There are vulnerabilities to be fixed

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Dec 11, 2025
@openshift-ci-robot
Copy link

openshift-ci-robot commented Dec 11, 2025

@Amulyam24: This pull request explicitly references no jira issue.

Details

In response to this:

We use CCM in cluster-api-provider-ibmcloud, this PR updaes golang.org/x/crypto to 0.45.0 to fix the security vulnerabilities

#13 [ccm-builder 3/4] RUN git clone https://github.com/openshift/cloud-provider-powervs
#13 0.052 Cloning into 'cloud-provider-powervs'...
#13 DONE 3.0s

#14 [ccm-builder 4/4] RUN cd cloud-provider-powervs && git checkout 2424e8d && CGO_ENABLED=0 GOARCH=amd64 go build      -ldflags "-s -w" -o /build/ibm-cloud-controller-manager .
#14 0.500 Note: switching to '2424e8d'.
#14 0.500 
#14 0.500 You are in 'detached HEAD' state. You can look around, make experimental
#14 0.500 changes and commit them, and you can discard any commits you make in this
#14 0.500 state without impacting any branches by switching back to a branch.
#14 0.500 
#14 0.500 If you want to create a new branch to retain commits you create, you may
#14 0.500 do so (now or later) by using -c with the switch command. Example:
#14 0.500 
#14 0.500   git switch -c <new-branch-name>
#14 0.500 
#14 0.500 Or undo this operation with:
#14 0.500 
#14 0.500   git switch -
#14 0.500 
#14 0.500 Turn off this advice by setting config variable advice.detachedHead to false
#14 0.500 
#14 0.500 HEAD is now at 2424e8dd Merge pull request #87 from Prajyot-Parab/main
#14 DONE 110.1s

#15 [centos-base 2/2] COPY --from=ccm-builder /build/ibm-cloud-controller-manager /bin/ibm-cloud-controller-manager
#15 DONE 0.1s

#16 exporting to docker image format
#16 exporting layers
#16 exporting layers 2.4s done
#16 exporting manifest sha256:3ec9aa78b6479332cdbb366dbdd191d29f9c60be506757a4bef74d53cfeb94a7 done
#16 exporting config sha256:be5cd3d2af40d21d8e1f76d3a6a3f019564050cd9286249b8fb9741680e84f9b done
#16 sending tarball
#16 sending tarball 4.0s done
#16 DONE 6.4s

#17 importing to docker
#17 loading layer 6ee281da9ae8 84.56MB / 84.56MB 3.4s done
#17 loading layer b91c50db6c22 22.57MB / 22.57MB 0.8s done
#17 DONE 3.4s
make[2]: Leaving directory '/home/runner/work/cluster-api-provider-ibmcloud/cluster-api-provider-ibmcloud/hack/ccm'




Report Summary

┌──────────────────────────────────────┬──────────┬─────────────────┬─────────┐
│                Target                │   Type   │ Vulnerabilities │ Secrets │
├──────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ usr/bin/ibm-cloud-controller-manager │ gobinary │        2        │    -    │
└──────────────────────────────────────┴──────────┴─────────────────┴─────────┘


usr/bin/ibm-cloud-controller-manager (gobinary)
===============================================
Total: 2 (MEDIUM: 2, HIGH: 0, CRITICAL: 0)

┌─────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│       Library       │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                            Title                            │
├─────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ golang.org/x/crypto │ CVE-2025-47914 │ MEDIUM   │ fixed  │ v0.37.0           │ 0.45.0        │ SSH Agent servers do not validate the size of messages when │
│                     │                │          │        │                   │               │ processing...                                               │
│                     │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2025-47914                  │
│                     ├────────────────┤          │        │                   │               ├─────────────────────────────────────────────────────────────┤
│                     │ CVE-2025-58181 │          │        │                   │               │ SSH servers parsing GSSAPI authentication requests do not   │
│                     │                │          │        │                   │               │ validate the ...                                            │
│                     │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2025-58181                  │
└─────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘

Check container images failed! There are vulnerabilities to be fixed

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot requested review from alkleinrh and jaypoulz December 11, 2025 14:05
@openshift-ci openshift-ci bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Dec 11, 2025
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Dec 11, 2025

Hi @Amulyam24. Thanks for your PR.

I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@Amulyam24
Copy link
Author

Amulyam24 commented Dec 11, 2025

/cc @Prajyot-Parab @Karthik-K-N

@Amulyam24 Amulyam24 mentioned this pull request Dec 11, 2025
Open
Prajyot-Parab
Prajyot-Parab reviewed Dec 11, 2025
View reviewed changes
Copy link
Member

@Prajyot-Parab Prajyot-Parab left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Dec 11, 2025
@Prajyot-Parab
Copy link
Member

Prajyot-Parab commented Dec 11, 2025

/ok-to-test

@openshift-ci openshift-ci bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Dec 11, 2025
@openshift-ci openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Dec 11, 2025
Prajyot-Parab
Prajyot-Parab reviewed Dec 12, 2025
View reviewed changes
Copy link
Member

@Prajyot-Parab Prajyot-Parab left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Dec 12, 2025
@openshift-ci openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Dec 15, 2025
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Dec 15, 2025

@Amulyam24: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Karthik-K-N
Karthik-K-N approved these changes Dec 15, 2025
View reviewed changes
Copy link
Member

@Karthik-K-N Karthik-K-N left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Dec 15, 2025
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Dec 15, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Karthik-K-N

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alkleinrh alkleinrh Awaiting requested review from alkleinrh

@jaypoulz jaypoulz Awaiting requested review from jaypoulz

2 more reviewers

@Prajyot-Parab Prajyot-Parab Prajyot-Parab left review comments

@Karthik-K-N Karthik-K-N Karthik-K-N approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@Karthik-K-N Karthik-K-N

@Prajyot-Parab Prajyot-Parab

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Amulyam24 @openshift-ci-robot @Prajyot-Parab @Karthik-K-N