Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): CVE updates for Loki 2.9.11 #15647

Merged
merged 1 commit into from
Jan 9, 2025
Merged

fix(deps): CVE updates for Loki 2.9.11 #15647

merged 1 commit into from
Jan 9, 2025

Conversation

paul1r
Copy link
Collaborator

@paul1r paul1r commented Jan 8, 2025

What this PR does / why we need it:
CVE updates for golang-jwt, x/net, x/crypto, stdlib, and alpine

Which issue(s) this PR fixes:
Brings github.com/golang-jwt/jwt/v4 to 4.5.1
Brings golang.org/x/net to 0.34.0
Brings golang.org/x/crypto to 0.32.0
Brings alpine to 3.21.1
Brings go to 1.22.10

Special notes for your reviewer:

Checklist

  • Reviewed the CONTRIBUTING.md guide (required)
  • Documentation added
  • Tests updated
  • Title matches the required conventional commits format, see here
    • Note that Promtail is considered to be feature complete, and future development for logs collection will be in Grafana Alloy. As such, feat PRs are unlikely to be accepted unless a case can be made for the feature actually being a bug fix to existing behavior.
  • Changes that require user attention or interaction to upgrade are documented in docs/sources/setup/upgrade/_index.md
  • If the change is deprecating or removing a configuration option, update the deprecated-config.yaml and deleted-config.yaml files respectively in the tools/deprecated-config-checker directory. Example PR

@paul1r paul1r requested a review from a team as a code owner January 8, 2025 17:41
ashwanthgoli
ashwanthgoli approved these changes Jan 9, 2025
View reviewed changes
Copy link
Contributor

@ashwanthgoli ashwanthgoli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@paul1r paul1r merged commit 8447402 into release-2.9.x Jan 9, 2025
43 of 45 checks passed
@paul1r paul1r deleted the paul1r/cve_updates_jan_08_3_3 branch January 9, 2025 13:09
@loki-gh-app loki-gh-app bot mentioned this pull request Jan 9, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ashwanthgoli ashwanthgoli ashwanthgoli approved these changes

Assignees
No one assigned
Labels
size/M
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@paul1r @ashwanthgoli