Skip to content

CVE-2025-30204: update golang-jwt#1249

Merged
1 commit merged intonotaryproject:release-1.3from
artem-panchenko:apanchenko/address-cves
Apr 9, 2025
Merged

CVE-2025-30204: update golang-jwt#1249
1 commit merged intonotaryproject:release-1.3from
artem-panchenko:apanchenko/address-cves

Conversation

@artem-panchenko
Copy link

@artem-panchenko artem-panchenko commented Apr 3, 2025

Please consider merging this small security patch and then issue a new 1.3.2 release if the release-1.3 branch is still maintained. Thanks!

@artem-panchenko artem-panchenko requested a review from a user April 3, 2025 10:15
@FeynmanZhou
Copy link
Member

FeynmanZhou commented Apr 4, 2025
edited
Loading

Hi @artem-panchenko , thanks for your contribution! Would you mind sign off your git commit? See the details at https://github.com/notaryproject/notation/pull/1249/checks?check_run_id=39909230540.

We will discuss about the release of a security patch in the next community meeting.

If you have any questions, feel free to join the slack channel to connect with the community.

@artem-panchenko artem-panchenko force-pushed the apanchenko/address-cves branch from 8096a5e to 9692326 Compare April 4, 2025 09:09
ghost
ghost approved these changes Apr 8, 2025
View reviewed changes
Copy link

@ghost ghost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@codecov
Copy link

codecov bot commented Apr 8, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 70.65%. Comparing base (394fd06) to head (d8636f3).
Report is 1 commits behind head on release-1.3.

Additional details and impacted files 
@@             Coverage Diff              @@
##           release-1.3    #1249   +/-   ##
============================================
  Coverage        70.65%   70.65%           
============================================
  Files               48       48           
  Lines             2944     2944           
============================================
  Hits              2080     2080           
  Misses             671      671           
  Partials           193      193

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

JeyJeyGao
JeyJeyGao approved these changes Apr 8, 2025
View reviewed changes
Copy link
Contributor

@JeyJeyGao JeyJeyGao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@JeyJeyGao
Copy link
Contributor

JeyJeyGao commented Apr 8, 2025

Hi @artem-panchenko , the merge is blocked due to a missing commit signature. Could you please sign your commit? Thanks!

@artem-panchenko artem-panchenko force-pushed the apanchenko/address-cves branch from 9692326 to 24e424b Compare April 8, 2025 12:29
@artem-panchenko
CVE-2025-30204: update golang-jwt
d8636f3 
Signed-off-by: Artem Panchenko <artem.panchenko@datarobot.com>
@artem-panchenko artem-panchenko force-pushed the apanchenko/address-cves branch from 24e424b to d8636f3 Compare April 8, 2025 12:30
@artem-panchenko
Copy link
Author

artem-panchenko commented Apr 8, 2025

@JeyJeyGao Done. Thanks!

@ghost ghost merged commit f78736e into notaryproject:release-1.3 Apr 9, 2025
7 checks passed
@ghost ghost mentioned this pull request Apr 24, 2025
Merged
@BrewTestBot BrewTestBot mentioned this pull request Apr 27, 2025
Merged
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gokarnm gokarnm Awaiting requested review from gokarnm gokarnm is a code owner

@NiazFK NiazFK Awaiting requested review from NiazFK NiazFK is a code owner

@priteshbandi priteshbandi Awaiting requested review from priteshbandi priteshbandi is a code owner

@rgnote rgnote Awaiting requested review from rgnote rgnote is a code owner

@shizhMSFT shizhMSFT Awaiting requested review from shizhMSFT shizhMSFT is a code owner

@toddysm toddysm Awaiting requested review from toddysm toddysm is a code owner

@vaninrao10 vaninrao10 Awaiting requested review from vaninrao10 vaninrao10 is a code owner

@yizha1 yizha1 Awaiting requested review from yizha1 yizha1 is a code owner

2 more reviewers

@JeyJeyGao JeyJeyGao JeyJeyGao approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@artem-panchenko @FeynmanZhou @JeyJeyGao