Skip to content

update jwt and redis packages (#33984) #33987

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 23, 2025
Merged

update jwt and redis packages (#33984) #33987

merged 1 commit into from
Mar 23, 2025

Conversation

TheFox0x7
Copy link
Contributor

Backport #33984

fixes CVE-2025-30204 for jwt and CVE-2025-29923 for go-redis

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Mar 23, 2025
@GiteaBot GiteaBot added this to the 1.23.6 milestone Mar 23, 2025
@TheFox0x7
Copy link
Contributor Author

btw shouldn't backporting instructions have --version parameter?

go run ./contrib/backport --version v1.23 33984
...  // fix git conflicts if any
go run ./contrib/backport --continue

I was really confused for a minute when it tried backporting to v1.18

@wxiaoguang
Copy link
Contributor

I never used that tool. I only use GUI to cherry-pick 😄

wxiaoguang
wxiaoguang approved these changes Mar 23, 2025
View reviewed changes
Copy link
Contributor

@wxiaoguang wxiaoguang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using go get and make tidy command seems easier than a real "backport"

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Mar 23, 2025
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Mar 23, 2025
@techknowlogick techknowlogick enabled auto-merge (squash) March 23, 2025 15:24
@techknowlogick techknowlogick merged commit 347101f into go-gitea:release/v1.23 Mar 23, 2025
26 checks passed
@TheFox0x7 TheFox0x7 deleted the backport-33984-v1.23 branch March 29, 2025 13:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@techknowlogick techknowlogick techknowlogick approved these changes

@wxiaoguang wxiaoguang wxiaoguang approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/dependencies
Projects
None yet
Milestone
1.23.6
Development

Successfully merging this pull request may close these issues.
4 participants
@TheFox0x7 @wxiaoguang @techknowlogick @GiteaBot