ci(security): filter out kuma from security update #8098

slonka · 2023-10-23T06:55:25Z

since the publishing of our CVE advisory in Kuma and it being picked up by osv scanner https://osv.dev/vulnerability/GHSA-9wmc-rg4h-28wv our security update action is failing in parent project (it's trying to update to 2.0.8 per our policy of upgrading deps to the lowest one that is patched).

This PR simply filters out kuma from that job.

Checklist prior to review

Link to relevant issue as well as docs and UI issues -- not reported via issue
This will not break child repos: it doesn't hardcode values (.e.g "kumahq" as a image registry) and it will work on Windows, system specific functions like syscall.Mkfifo have equivalent implementation on the other OS --
Tests (Unit test, E2E tests, manual test on universal and k8s) --
- Don't forget ci/ labels to run additional/fewer tests
Do you need to update UPGRADE.md? --
Does it need to be backported according to the backporting policy? (this GH action will add "backport" label based on these file globs, if you want to prevent it from adding the "backport" label use no-backport-autolabel label) -- yes

Signed-off-by: slonka <slonka@users.noreply.github.com>

github-actions · 2023-10-23T10:09:51Z

backporting to release-2.1 with action

backporting to release-2.3 with action
backporting to release-2.2 with action
backporting to release-2.4 with action

github-actions · 2023-10-23T10:09:51Z

backporting to release-2.0 with action

Signed-off-by: slonka <slonka@users.noreply.github.com>

#8103) ci(security): filter out kuma from security update (#8098) Signed-off-by: slonka <slonka@users.noreply.github.com> Co-authored-by: Krzysztof Słonka <slonka@users.noreply.github.com>

#8102) ci(security): filter out kuma from security update (#8098) Signed-off-by: slonka <slonka@users.noreply.github.com> Co-authored-by: Krzysztof Słonka <slonka@users.noreply.github.com>

#8101) ci(security): filter out kuma from security update (#8098) Signed-off-by: slonka <slonka@users.noreply.github.com> Co-authored-by: Krzysztof Słonka <slonka@users.noreply.github.com>

#8100) ci(security): filter out kuma from security update (#8098) Signed-off-by: slonka <slonka@users.noreply.github.com> Co-authored-by: Krzysztof Słonka <slonka@users.noreply.github.com>

#8099) ci(security): filter out kuma from security update (#8098) Signed-off-by: slonka <slonka@users.noreply.github.com> Co-authored-by: Krzysztof Słonka <slonka@users.noreply.github.com>

ci(security): filter out kuma from security update

3759ca4

Signed-off-by: slonka <slonka@users.noreply.github.com>

slonka added the ci/skip-test PR: Don't run unit and e2e tests (maybe this is just a doc change) label Oct 23, 2023

slonka requested a review from a team as a code owner October 23, 2023 06:55

slonka requested review from lobkovilya and lukidzi and removed request for a team October 23, 2023 06:55

slonka added the backport label Oct 23, 2023

bartsmykla approved these changes Oct 23, 2023

View reviewed changes

slonka removed the backport label Oct 23, 2023

slonka merged commit c7295a9 into kumahq:master Oct 23, 2023
18 checks passed

slonka added the backport label Oct 23, 2023

kumahq bot pushed a commit that referenced this pull request Oct 23, 2023

ci(security): filter out kuma from security update (#8098)

0135a99

Signed-off-by: slonka <slonka@users.noreply.github.com>

This was referenced Oct 23, 2023

ci(security): filter out kuma from security update (backport of #8098) #8099

Merged

ci(security): filter out kuma from security update (backport of #8098) #8100

Merged

ci(security): filter out kuma from security update (backport of #8098) #8101

Merged

kumahq bot pushed a commit that referenced this pull request Oct 23, 2023

ci(security): filter out kuma from security update (#8098)

553640a

Signed-off-by: slonka <slonka@users.noreply.github.com>

kumahq bot pushed a commit that referenced this pull request Oct 23, 2023

ci(security): filter out kuma from security update (#8098)

19c6d74

Signed-off-by: slonka <slonka@users.noreply.github.com>

kumahq bot pushed a commit that referenced this pull request Oct 23, 2023

ci(security): filter out kuma from security update (#8098)

5115755

Signed-off-by: slonka <slonka@users.noreply.github.com>

This was referenced Oct 23, 2023

ci(security): filter out kuma from security update (backport of #8098) #8102

Merged

ci(security): filter out kuma from security update (backport of #8098) #8103

Merged

kumahq bot pushed a commit that referenced this pull request Oct 23, 2023

ci(security): filter out kuma from security update (#8098)

3d17290

Signed-off-by: slonka <slonka@users.noreply.github.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci(security): filter out kuma from security update #8098

ci(security): filter out kuma from security update #8098

slonka commented Oct 23, 2023 •

edited

Loading

github-actions bot commented Oct 23, 2023 •

edited

Loading

github-actions bot commented Oct 23, 2023

ci(security): filter out kuma from security update #8098

ci(security): filter out kuma from security update #8098

Conversation

slonka commented Oct 23, 2023 • edited Loading

Checklist prior to review

github-actions bot commented Oct 23, 2023 • edited Loading

github-actions bot commented Oct 23, 2023

slonka commented Oct 23, 2023 •

edited

Loading

github-actions bot commented Oct 23, 2023 •

edited

Loading