From d35cbab1ede76a1686fbfc4bae611deab9b1d22d Mon Sep 17 00:00:00 2001 From: Bryan Eastes Date: Thu, 15 Jun 2023 14:57:31 -0700 Subject: [PATCH 1/3] Bumping go-discover to the lastest version --- control-plane/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/control-plane/Dockerfile b/control-plane/Dockerfile index f401ac8262..c09f5ecf80 100644 --- a/control-plane/Dockerfile +++ b/control-plane/Dockerfile @@ -17,7 +17,7 @@ # go-discover builds the discover binary (which we don't currently publish # either). FROM golang:1.19.2-alpine as go-discover -RUN CGO_ENABLED=0 go install github.com/hashicorp/go-discover/cmd/discover@49f60c093101c9c5f6b04d5b1c80164251a761a6 +RUN CGO_ENABLED=0 go install github.com/hashicorp/go-discover/cmd/discover@214571b6a5309addf3db7775f4ee8cf4d264fd5f # dev copies the binary from a local build # ----------------------------------- From 6d912dc83320897d0f74e232996500832373ecd7 Mon Sep 17 00:00:00 2001 From: Bryan Eastes Date: Thu, 15 Jun 2023 15:06:07 -0700 Subject: [PATCH 2/3] Adding CHANGELOG entry. Not exactly sure what to do there --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1cf1d2084f..bb271bce39 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.1.? (TODO DATE) +SECURITY: +* [Go-Discover](https://github.com/hashicorp/go-discover) in the container has been updated to address [CVE-2020-14040](https://github.com/advisories/GHSA-5rcv-m4m3-hfh7) + + + ## 1.1.2 (June 5, 2023) SECURITY: From 4cb4b56293d9627ff9a1f3dba3588d8bbae930af Mon Sep 17 00:00:00 2001 From: Curt Bushko Date: Fri, 16 Jun 2023 16:22:22 -0400 Subject: [PATCH 3/3] Move changelog --- .changelog/2390.txt | 3 +++ CHANGELOG.md | 6 ------ 2 files changed, 3 insertions(+), 6 deletions(-) create mode 100644 .changelog/2390.txt diff --git a/.changelog/2390.txt b/.changelog/2390.txt new file mode 100644 index 0000000000..a4546bd781 --- /dev/null +++ b/.changelog/2390.txt @@ -0,0 +1,3 @@ +```release-note:security +Update [Go-Discover](https://github.com/hashicorp/go-discover) in the container has been updated to address [CVE-2020-14040](https://github.com/advisories/GHSA-5rcv-m4m3-hfh7) +``` diff --git a/CHANGELOG.md b/CHANGELOG.md index bb271bce39..1cf1d2084f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,3 @@ -## 1.1.? (TODO DATE) -SECURITY: -* [Go-Discover](https://github.com/hashicorp/go-discover) in the container has been updated to address [CVE-2020-14040](https://github.com/advisories/GHSA-5rcv-m4m3-hfh7) - - - ## 1.1.2 (June 5, 2023) SECURITY: