[release-ocm-2.16] ACM-36105: CVE-2026-39835 Bump golang.org/x/crypto to v0.52.0 through indirect dependency conversion (client module)#10624
Conversation
|
Pipeline controller notification For optional jobs, comment This repository is configured in: LGTM mode |
|
@shay23bra: This pull request references ACM-36105 which is a valid jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Repository: openshift/coderabbit/.coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
/retest |
|
/retest-required |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## release-ocm-2.16 #10624 +/- ##
====================================================
- Coverage 44.02% 44.01% -0.01%
====================================================
Files 417 417
Lines 72164 72164
====================================================
- Hits 31768 31762 -6
- Misses 37509 37513 +4
- Partials 2887 2889 +2 🚀 New features to boost your workflow:
|
|
/override ci/prow/e2e-ai-operator-ztp-3masters |
|
/approve |
|
Scheduling required tests: |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: gamli75, shay23bra The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@gamli75: Overrode contexts on behalf of gamli75: ci/prow/e2e-ai-operator-ztp-3masters DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
… indirect dependency conversion
a35b1bc to
2b72eb8
Compare
|
/override ci/prow/e2e-ai-operator-ztp-3masters |
|
/lgtm |
|
Scheduling required tests: |
|
@gamli75: Overrode contexts on behalf of gamli75: ci/prow/e2e-ai-operator-ztp-3masters DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/test verify-generated-code |
|
/test verify-generated-code |
|
New changes are detected. LGTM label has been removed. |
|
@shay23bra: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Bump
golang.org/x/cryptotov0.52.0to fixCVE-2026-39835through indirect dependency conversionStrategy Selection
Strategies Not Applicable
Direct dependency version bump
Not applicable: dependency is indirect. Direct version bumps only work for explicitly required modules.
Direct dependency major version upgrade
Not applicable: dependency is indirect. Major version upgrades only apply to direct dependencies.
Indirect dependency fix via parent update
Exception: unhandled errors in a TaskGroup (2 sub-exceptions)
✓ Successful Strategy: Indirect to direct dependency conversion
Converted indirect dependency to direct requirement. Necessary because parent modules don't provide a fixed version.
https://redhat.atlassian.net/browse/ACM-36105
This PR was automatically generated by the CVE Automation tool.
For questions or issues, reach out in #cve-automation.