Skip to content

verticadb-operator/25.4.0.0-r1: cve remediation #76231

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
philroche merged 3 commits into from
Dec 19, 2025
Merged

verticadb-operator/25.4.0.0-r1: cve remediation #76231

philroche merged 3 commits into from
Dec 19, 2025

Conversation

@octo-sts
Copy link
Contributor

@octo-sts octo-sts bot commented Dec 17, 2025

@octo-sts octo-sts bot added automated pr request-cve-remediation go/bump GHSA-cfpf-hrx2-8rv6 p:verticadb-operator P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. labels Dec 17, 2025
@octo-sts
Copy link
Contributor Author

octo-sts bot commented Dec 17, 2025
edited
Loading

🔢 Build Failed: Dependency Version Mismatch

failed to run update. Error: The following errors were found:: - package github.com/expr-lang/expr: requested version 'v1.17.0', is already at version 'v1.17.7'

Build Details

Category Details
Build System melange/go
Failure Point go/bump step in melange pipeline

Root Cause Analysis 🔍

The gobump tool failed because it was instructed to downgrade the github.com/expr-lang/expr package from v1.17.7 to v1.17.0, which is not allowed as it would be a downgrade to an older version. The package is already at a newer version than requested.

Was this comment helpful? Please use 👍 or 👎 reactions on this comment.

@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Dec 17, 2025
@dnegreira
add go-version: 1.24 to expr bump
30c6064 
Signed-off-by: David Negreira <david.negreira@chainguard.dev>
@dnegreira
Remove unused bump
cc8e93b 
Signed-off-by: David Negreira <david.negreira@chainguard.dev>
@octo-sts octo-sts bot added bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. manual/review-needed approver-bot/manual-review-needed staging-approver-bot/manual-review-needed labels Dec 18, 2025
@philroche philroche merged commit 25c2533 into main Dec 19, 2025
24 checks passed
@philroche philroche deleted the cve-verticadb-operator-25.4.0.0-r1-f2d4f0c01b16d423a4e12f9a8589c0a6 branch December 19, 2025 08:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@philroche philroche philroche approved these changes

Assignees

No one assigned

Labels

ai/skip-comment Stop AI from commenting on PR approver-bot/manual-review-needed automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. GHSA-cfpf-hrx2-8rv6 go/bump manual/review-needed p:verticadb-operator P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. request-cve-remediation staging-approver-bot/manual-review-needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@philroche @dnegreira