Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

go.mod - bump to github.com/lestrrat-go/jwx/v2 v2.0.21 #38346

Merged
merged 4 commits into from
Mar 19, 2024
Merged

go.mod - bump to github.com/lestrrat-go/jwx/v2 v2.0.21 #38346

merged 4 commits into from
Mar 19, 2024

Conversation

andrewkroh
Copy link
Member

@andrewkroh andrewkroh commented Mar 14, 2024
edited
Loading

Proposed commit message

Bump to github.com/lestrrat-go/jwx/v2 v2.0.21.

Filebeat is unaffected by CVE-2024-28122 which affected prior versions of github.com/lestrrat-go/jwx/v2, it does not use the affected github.com/lestrrat-go/jwx/v2/jwe package nor does process any JWE tokens.

@andrewkroh andrewkroh requested a review from a team as a code owner March 14, 2024 22:10
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Mar 14, 2024
@andrewkroh andrewkroh added the Team:Security-Service Integrations Security Service Integrations Team label Mar 14, 2024
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Mar 14, 2024
@andrewkroh andrewkroh added the backport-v8.13.0 Automated backport with mergify label Mar 14, 2024
@mergify Mergify
Copy link
Contributor

mergify bot commented Mar 14, 2024

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @andrewkroh? 🙏.
For such, you'll need to label your PR with:

  • The upcoming major version of the Elastic Stack
  • The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

@andrewkroh andrewkroh enabled auto-merge (squash) March 14, 2024 22:21
efd6
efd6 approved these changes Mar 14, 2024
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They're not doing well are they.

cmacknz
cmacknz approved these changes Mar 15, 2024
View reviewed changes
Copy link
Member

@cmacknz cmacknz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, dupe of #38341

@andrewkroh
Copy link
Member Author

/test

@elasticmachine
Copy link
Collaborator

elasticmachine commented Mar 15, 2024
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2024-03-19T19:10:38.522+0000

  • Duration: 171 min 29 sec

Test stats 🧪

Test Results
Failed 0
Passed 29193
Skipped 2050
Total 31243

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@andrewkroh andrewkroh mentioned this pull request Mar 19, 2024
Merged
6 tasks
@andrewkroh
Copy link
Member Author

andrewkroh commented Mar 19, 2024
edited
Loading

The update to testify uncovered a bad assertion in Metricbeat code. I have opened #38436 to fix it. Until that is merged, this is blocked.

@andrewkroh andrewkroh force-pushed the feature/jwx-v2-0-21 branch from db6fb37 to d291972 Compare March 19, 2024 19:10
@elasticmachine
Copy link
Collaborator

elasticmachine commented Mar 19, 2024
edited
Loading

💔 Build Failed

Failed CI Steps

History

cc @andrewkroh

@elasticmachine
Copy link
Collaborator

elasticmachine commented Mar 19, 2024
edited
Loading

💔 Build Failed

Failed CI Steps

History

cc @andrewkroh

@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

History

cc @andrewkroh

@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

History

cc @andrewkroh

@elasticmachine
Copy link
Collaborator

elasticmachine commented Mar 19, 2024
edited
Loading

💔 Build Failed

Failed CI Steps

History

cc @andrewkroh

@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

History

cc @andrewkroh

@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

History

cc @andrewkroh

@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

History

cc @andrewkroh

@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

History

cc @andrewkroh

@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

History

cc @andrewkroh

@andrewkroh andrewkroh merged commit d64ce48 into elastic:main Mar 19, 2024
134 of 137 checks passed
mergify bot pushed a commit that referenced this pull request Mar 19, 2024
@andrewkroh @mergify
go.mod - bump to github.com/lestrrat-go/jwx/v2 v2.0.21 (#38346)
9342ad6 
Bump to github.com/lestrrat-go/jwx/v2 v2.0.21.

Filebeat is unaffected by CVE-2024-28122 which affected prior versions of github.com/lestrrat-go/jwx/v2, it does not use the affected github.com/lestrrat-go/jwx/v2/jwe package nor does process any JWE tokens.

(cherry picked from commit d64ce48)
@mergify mergify bot mentioned this pull request Mar 19, 2024
Merged
andrewkroh added a commit that referenced this pull request Mar 20, 2024
@mergify @andrewkroh
go.mod - bump to github.com/lestrrat-go/jwx/v2 v2.0.21 (#38346) (#38445)
5d98ccf 
Bump to github.com/lestrrat-go/jwx/v2 v2.0.21.

Filebeat is unaffected by CVE-2024-28122 which affected prior versions of github.com/lestrrat-go/jwx/v2, it does not use the affected github.com/lestrrat-go/jwx/v2/jwe package nor does process any JWE tokens.

(cherry picked from commit d64ce48)

Co-authored-by: Andrew Kroh <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cmacknz cmacknz cmacknz approved these changes

@efd6 efd6 efd6 approved these changes

Assignees

@andrewkroh andrewkroh

Labels
backport-v8.13.0 Automated backport with mergify Team:Security-Service Integrations Security Service Integrations Team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@andrewkroh @elasticmachine @cmacknz @efd6