PMM-14577 Fix CVEs by bump versions.#343
Conversation
|
@ademidoff @idoqo @svetasmirnova I don’t have permission to push to Percona PMM Dump, so I created a fork. It would be great if I could get the necessary permissions.
|
I don't have access to that namespace of Snyk either, the access is granted on a per-team basis. |
idoqo
left a comment
idoqo
left a comment
There was a problem hiding this comment.
@JiriCtvrtka i think PR should be against pmm-3.4.1 branch since:
- it's the branch on pmm-submodules.
- we haven't tested/updated pmm to use changes from main branch (e.g encryption).
| github.com/grafana/grafana v0.0.0-20240319182150-590c657828b5 | ||
| github.com/grafana/grafana-plugin-sdk-go v0.281.0 | ||
| github.com/hashicorp/go-version v1.7.0 | ||
| github.com/grafana/grafana v1.9.2-0.20240724181030-49c756d77483 |
There was a problem hiding this comment.
This is latest one I was able to find and it is working. One mentioned in CVE report: 1.9.2-0.20250521205822-0ba0b99665a9 is not existing for me. So I am going to check report if this one is fine.
go: github.com/grafana/grafana@1.9.2-20250521205822-0ba0b99665a9: invalid version: unknown revision 1.9.2-20250521205822-0ba0b99665a9
osr-mb-044:tools jiri.ctvrtka$ go get github.com/grafana/grafana@0.1.9.2-20250521205822-0ba0b99665a9
go: github.com/grafana/grafana@0.1.9.2-20250521205822-0ba0b99665a9: invalid version: unknown revision 0.1.9.2-20250521205822-0ba0b99665a9
@idoqo I see, ok let me fix it. |
JiriCtvrtka
force-pushed
the
PMM-14577-CVEs-fix
branch
from
a13cf89 to
dcc41fb
Compare
|
We agreed to merge this PR and then review the new vulnerability report. If needed, another iteration will be done. |
3 participants
I dont have permissions to push into Percona PMM Dump. So I created fork.
Ticket: https://perconadev.atlassian.net/browse/PMM-14577
PMM PR: percona/pmm#4848