Skip to content

fix: Update argo-events v1.9.6 to fix GHSA-hmp7-x699-cvhq #14394 #14395

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
vkamlesh wants to merge 8 commits into from
Closed

fix: Update argo-events v1.9.6 to fix GHSA-hmp7-x699-cvhq #14394 #14395

vkamlesh wants to merge 8 commits into from

Conversation

@vkamlesh
Copy link

@vkamlesh vkamlesh commented Apr 15, 2025

Signed-off-by: Kamlesh Verma kamlesh.a.verma@hotmail.com

Fixes #14394

Motivation

The argo-event bump version to v1.9.6 to fix argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR.

Githun Advisory: GHSA-hmp7-x699-cvhq

Modifications

To fix I have made changes go lang version to 1.24.x and updated /pkg/api/*

Verification

The Workflow

Documentation

@vkamlesh vkamlesh force-pushed the update-argo-evetns-v1.9.6 branch from e0c6bf2 to 3b0f526 Compare April 15, 2025 18:19
jswxstw and others added 4 commits April 16, 2025 07:56
@jswxstw @vkamlesh
fix(test): change createdAfter to UTC time. Fixes argoproj#14346 (a…
ef73186 
…rgoproj#14347)

Signed-off-by: oninowang <oninowang@tencent.com>
Signed-off-by: Kamlesh Verma <kamlesh.a.verma@hotmail.com>
@vkamlesh
fix: Update argo-events v1.9.6 to fix GHSA-hmp7-x699-cvhq
163e916 
Signed-off-by: Kamlesh Verma <kamlesh.a.verma@hotmail.com>

Signed-off-by: kamlesh VERMA <ka.verma@f5.com>
Signed-off-by: Kamlesh Verma <kamlesh.a.verma@hotmail.com>
@vkamlesh
Updated go version 1.24.2
f096404 
Signed-off-by: Kamlesh Verma <kamlesh.a.verma@hotmail.com>
@vkamlesh
Dummy Update in Dockerfile
5d09ebf 
Signed-off-by: Kamlesh Verma <kamlesh.a.verma@hotmail.com>
@vkamlesh vkamlesh force-pushed the update-argo-evetns-v1.9.6 branch from 95416e2 to 5d09ebf Compare April 16, 2025 02:29
@Joibel Joibel self-assigned this Apr 16, 2025
@vkamlesh
Copy link
Author

vkamlesh commented Apr 16, 2025

@Joibel @sarabala1979
#14394

@blkperl blkperl added the type/security Security related label Apr 17, 2025
@Joibel
Copy link
Member

Joibel commented Apr 17, 2025

This is fixed in #14382

@vkamlesh
Merge branch 'main' into update-argo-evetns-v1.9.6
11a2556 
Signed-off-by: Kamlesh Verma <kamlesh.a.verma@hotmail.com>
@vkamlesh
Copy link
Author

vkamlesh commented Apr 21, 2025

@Joibel
Closing this request as changes are propagated to main branch under #14382

@vkamlesh vkamlesh closed this Apr 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Joibel Joibel Awaiting requested review from Joibel

@terrytangyuan terrytangyuan Awaiting requested review from terrytangyuan

@sarabala1979 sarabala1979 Awaiting requested review from sarabala1979

Assignees

@Joibel Joibel

Labels

type/security Security related

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

bump github.com/argoproj/argo-events from 1.9.1 to 1.9.6

4 participants

@vkamlesh @Joibel @blkperl @jswxstw