Skip to content

calico-3.31/3.31.2-r4: cve remediation #76196

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Ankush-Pathak merged 3 commits into from
Dec 22, 2025
Merged

calico-3.31/3.31.2-r4: cve remediation #76196

Ankush-Pathak merged 3 commits into from
Dec 22, 2025

Conversation

@octo-sts
Copy link
Contributor

@octo-sts octo-sts bot commented Dec 17, 2025

@octo-sts octo-sts bot added automated pr request-cve-remediation go/bump GHSA-r6j8-c6r2-37rr p:calico-3.31 P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. cve-pr-closer/v2-adv-disagreement labels Dec 17, 2025
@Ankush-Pathak Ankush-Pathak force-pushed the cve-calico-3.31-3.31.2-r4-553ceadae1a570e1bc6ff5ecb7c3f0d9 branch from ed988a9 to 0f9411c Compare December 22, 2025 14:44
@Ankush-Pathak Ankush-Pathak self-assigned this Dec 22, 2025
@Ankush-Pathak
fix(calico-3.31): Bump to 3.31.3
cbdb775 
Signed-off-by: Ankush Pathak <ankush.pathak@chainguard.dev>
@octo-sts
Copy link
Contributor Author

octo-sts bot commented Dec 22, 2025
edited
Loading

🔢 Build Failed: Dependency Version Mismatch

package golang.org/x/crypto: requested version 'v0.45.0', is already at version 'v0.46.0'

Build Details

Category Details
Build System melange/go
Failure Point gobump command during go/bump step

Root Cause Analysis 🔍

The build configuration is attempting to downgrade golang.org/x/crypto from v0.46.0 to v0.45.0, which is not allowed. The package is already at a newer version (v0.46.0) than the requested version (v0.45.0), causing a version constraint conflict.

Was this comment helpful? Please use 👍 or 👎 reactions on this comment.

@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Dec 22, 2025
@Ankush-Pathak
fix(calico-3.31): Drop crypto bump as it's not required anymore
aa9c341 
Signed-off-by: Ankush Pathak <ankush.pathak@chainguard.dev>
@octo-sts octo-sts bot added bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. manual/review-needed approver-bot/manual-review-needed staging-approver-bot/manual-review-needed labels Dec 22, 2025
@Ankush-Pathak Ankush-Pathak enabled auto-merge (squash) December 22, 2025 15:52
@Ankush-Pathak Ankush-Pathak requested a review from a team December 22, 2025 17:10
@Ankush-Pathak Ankush-Pathak merged commit bd858a7 into main Dec 22, 2025
24 checks passed
@Ankush-Pathak Ankush-Pathak deleted the cve-calico-3.31-3.31.2-r4-553ceadae1a570e1bc6ff5ecb7c3f0d9 branch December 22, 2025 17:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@OddBloke OddBloke OddBloke approved these changes

Assignees

@Ankush-Pathak Ankush-Pathak

Labels

ai/skip-comment Stop AI from commenting on PR approver-bot/manual-review-needed automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. cve-pr-closer/v2-adv-disagreement GHSA-r6j8-c6r2-37rr go/bump manual/review-needed p:calico-3.31 P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. request-cve-remediation staging-approver-bot/manual-review-needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@OddBloke @Ankush-Pathak