Skip to content

chore: bump buildkit version to v0.12.5#4221

Merged
nitrocode merged 3 commits intorunatlantis:mainfrom
ivanaguilario:main
Feb 28, 2024
Merged

chore: bump buildkit version to v0.12.5#4221
nitrocode merged 3 commits intorunatlantis:mainfrom
ivanaguilario:main

Conversation

@ivanaguilario
Copy link
Contributor

@ivanaguilario ivanaguilario commented Feb 8, 2024
edited by nitrocode
Loading

what

There are 2 CVEs in the current 0.27.1 image. These relate to buildkit and are fixed in buildkit 0.12.5.

CVE-2024-23652
CVE-2024-23653

why

Security vulnerabilities.

tests

Ran atlantis-image workflow to verify image builds correctly.

references

@ivanaguilario ivanaguilario requested review from a team as code owners February 8, 2024 15:50
@ivanaguilario ivanaguilario requested review from jamengual, lukemassa and nitrocode and removed request for a team February 8, 2024 15:50
@ivanaguilario ivanaguilario marked this pull request as draft February 8, 2024 15:51
@chenrui333 chenrui333 mentioned this pull request Feb 8, 2024
Merged
nitrocode
nitrocode previously approved these changes Feb 28, 2024
View reviewed changes
@nitrocode nitrocode marked this pull request as ready for review February 28, 2024 05:58
@github-actions github-actions bot added the build Relating to how we build Atlantis label Feb 28, 2024
@nitrocode nitrocode closed this Feb 28, 2024
@nitrocode nitrocode reopened this Feb 28, 2024
@nitrocode nitrocode enabled auto-merge (squash) February 28, 2024 06:01
@nitrocode nitrocode merged commit e13f752 into runatlantis:main Feb 28, 2024
@krzysztof-magosa
Copy link

krzysztof-magosa commented Mar 5, 2024

Hi. Any idea when new release with above fixes could be rolled out? Thanks.

@GenPage
Copy link
Member

GenPage commented Mar 8, 2024

/cherry-pick release-0.27

@gcp-cherry-pick-bot
Copy link

gcp-cherry-pick-bot bot commented Mar 8, 2024

Cherry-pick failed with Merge error e13f7527f264fa8e716aef144497616ae0185d8c into temp-cherry-pick-b858c0-release-0.27

GenPage pushed a commit that referenced this pull request Mar 8, 2024
@ivanaguilario @nitrocode @GenPage
chore: bump buildkit version to v0.12.5 (#4221)
2991920 
* chore: bump buildkit version to v0.12.5

* chore: bumped CONFTEST version to 0.49.1

---------

Co-authored-by: nitrocode <7775707+nitrocode@users.noreply.github.com>
@BrewTestBot BrewTestBot mentioned this pull request Mar 9, 2024
Merged
@BrewTestBot BrewTestBot mentioned this pull request May 22, 2024
Merged
1 task
kvanzuijlen pushed a commit to kvanzuijlen/atlantis that referenced this pull request Jan 4, 2025
@ivanaguilario @nitrocode @kvanzuijlen
chore: bump buildkit version to v0.12.5 (runatlantis#4221)
ee580bd 
* chore: bump buildkit version to v0.12.5

* chore: bumped CONFTEST version to 0.49.1

---------

Co-authored-by: nitrocode <7775707+nitrocode@users.noreply.github.com>
Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nitrocode nitrocode nitrocode approved these changes

@jamengual jamengual Awaiting requested review from jamengual jamengual was automatically assigned from runatlantis/maintainers

@lukemassa lukemassa Awaiting requested review from lukemassa lukemassa was automatically assigned from runatlantis/core-contributors

Assignees

No one assigned

Labels

build Relating to how we build Atlantis github-actions security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ivanaguilario @krzysztof-magosa @GenPage @nitrocode