misc: Dependabot changes to fix vulnerabilities #282

Merged

prkhrkat merged 23 commits into

Jun 5, 2025

prkhrkat commented May 28, 2025 •

edited

Loading

Contributor

fix - https://github.com/devtron-labs/sprint-tasks/issues/2317

prkhrkat added 2 commits

May 28, 2025 12:36


          common lib dependabot

2cc255a


          common lib dependabot

aca3894

prkhrkat requested review from nishant-d, prakarsh-dt, vikramdevtron and vivek-devtron as code owners

May 28, 2025 07:07

github-actions Bot added the PR:Issue-verification-failed label

prkhrkat added 3 commits

May 28, 2025 12:49


          chart-sync dependabot

4e97e59


          git-sen, lesn, common-lib dependabot

0bcc13c


          git-sen, lesn, common-lib dependabot

07ed523

gitguardian Bot commented May 28, 2025 •

edited

Loading

⚠️ GitGuardian has uncovered 2 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request

GitGuardian id	GitGuardian status	Secret	Commit	Filename
2303650	Triggered	Generic High Entropy Secret	`0bcc13c`	ci-runner/vendor/github.com/go-resty/resty/v2/request.go	View secret
9416345	Triggered	Company Email Password	`0bcc13c`	ci-runner/vendor/github.com/go-resty/resty/v2/request.go	View secret

🛠 Guidelines to remediate hardcoded secrets

Understand the implications of revoking this secret by investigating where it is used in your code.
Replace and store your secrets safely. Learn here the best practices.
Revoke and rotate these secrets.
If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

following these best practices for managing and storing secrets including API keys and other credentials
install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.

^{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}

prkhrkat and others added 14 commits

May 29, 2025 16:35


          gomod

0c504ad


          gomod

a0c5c08


          gomod

71d7d0a


          gomod

b80fd7f


          gomod

29fe298


          gomod

006e39c


          gomod

1be52e6


          gomod

894a2f2


          Merge branch 'develop' into dependa-fix

d91484a


          gomod

d50031f


          gomod

1c78974


          gomod

a8fc94e


          Merge remote-tracking branch 'origin/dependa-fix' into dependa-fix

dbe51fa


          dependabot fixes

1b082db

prkhrkat force-pushed the dependa-fix branch from 5ea6974 to 1b082db Compare

June 1, 2025 15:43

github-actions Bot commented Jun 4, 2025

Some linked issues are invalid. Please update the issue links:\nIssue # in is not found or invalid (HTTP 404).\n

prkhrkat force-pushed the dependa-fix branch from 95a64e1 to 1b082db Compare

June 4, 2025 12:29


          Merge branch 'develop' into dependa-fix

118e74f

# Conflicts:
#	chart-sync/go.mod
#	chart-sync/go.sum
#	chart-sync/vendor/modules.txt
#	ci-runner/go.mod
#	ci-runner/go.sum
#	ci-runner/vendor/modules.txt
#	git-sensor/go.mod
#	git-sensor/go.sum
#	git-sensor/vendor/modules.txt
#	image-scanner/go.mod
#	image-scanner/go.sum
#	image-scanner/vendor/modules.txt
#	kubelink/go.mod
#	kubelink/go.sum
#	kubelink/vendor/modules.txt
#	kubewatch/go.mod
#	kubewatch/go.sum
#	kubewatch/vendor/modules.txt
#	lens/go.mod
#	lens/go.sum
#	lens/vendor/modules.txt

github-actions Bot commented Jun 4, 2025

Some linked issues are invalid. Please update the issue links:\nIssue # in is not found or invalid (HTTP 404).\n


          dev sync

github-actions Bot commented Jun 4, 2025

Some linked issues are invalid. Please update the issue links:\nIssue # in is not found or invalid (HTTP 404).\n


          ci-runner

4a5df0d

github-actions Bot commented Jun 5, 2025

Some linked issues are invalid. Please update the issue links:\nIssue # in is not found or invalid (HTTP 404).\n

prakash100198 approved these changes

View reviewed changes

vikramdevtron approved these changes

View reviewed changes


          Merge branch 'develop' into dependa-fix

90a61d0

prkhrkat changed the title ~~fix: Dependa fix~~ fix: Dependabot changes to fix vulnerabilities

github-actions Bot commented Jun 5, 2025

Some linked issues are invalid. Please update the issue links:\nIssue # in is not found or invalid (HTTP 404).\n

1 similar comment

github-actions Bot commented Jun 5, 2025

Some linked issues are invalid. Please update the issue links:\nIssue # in is not found or invalid (HTTP 404).\n

prkhrkat changed the title ~~fix: Dependabot changes to fix vulnerabilities~~ misc: Dependabot changes to fix vulnerabilities

github-actions Bot added PR:Ready-to-Review and removed PR:Issue-verification-failed labels

prkhrkat merged commit 3c18cce into develop

3 of 5 checks passed

prkhrkat deleted the dependa-fix branch

June 5, 2025 11:50

vikramdevtron added a commit that referenced this pull request


          sync: Release candidate v0.38.0 (#299)

8e8e182

* SecretFieldClusterId to CmFieldClusterId

* replace secret informer with field selector to configmap informer with label selector

* CreateConfigMapObject

* ClusterModifyEventSecretTypeKey

* DeleteConfigMap k8s util func

* correct label selector

* add extra validation in add , update and delete func
if labelValue, exists := cmObject.Labels["type"]; !exists || labelValue != informerBean.ClusterModifyEventSecretType {
						return
					}

* cm informer instead of secret informer for cluster

* bump common lib

* bump common lib

* bump common lib

* bump common lib

* fix

* bump common lib

* bump common lib

* r

* ClusterModifyEventCmLabelValue  = "cluster-request-modify"

* ClusterModifyEventCmLabelValue  = "type=cluster-request-modify"

* import label selector from commonb lib

* import label selector from commonb lib

* ClusterModifyEventCmLabelKeyValue and ClusterModifyEventCmLabelValue

* small fix

* small fix

* add logger for ignoring cluster change event in case label not found

* fix

* logger

* refactoring of CreateConfigMapObject

* fix

* bump common lib

* bump common lib

* remove WithCmName and make cmname as func signature

* code review incorporation

* bump common lib

* make

* bump common lib

* Merge pull request #282 from devtron-labs/dependa-fix

misc: Dependabot changes to fix vulnerabilities

* chore: http shutdown timeout configurable (#291) (#293)

* feat: add server shutdown timeout configuration and improve logging

* feat: add SERVER_SHUTDOWN_TIMEOUT to configuration

Co-authored-by: Shivam Nagar <124123645+Shivam-nagar23@users.noreply.github.com>

* restored mod changes for kubelink and kubewatch (#294)

* vendor update on rc 38 (#295)

* chore: port forward tls client server name (#296)

* chore-port-forward-debug

* review comments resolved

---------

Co-authored-by: Prakash Kumar <prakash.kumar@devtron.ai>
Co-authored-by: kartik-579 <84493919+kartik-579@users.noreply.github.com>
Co-authored-by: prakhar katiyar <39842461+prkhrkat@users.noreply.github.com>
Co-authored-by: Shivam Nagar <124123645+Shivam-nagar23@users.noreply.github.com>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

prakash100198 prakash100198 approved these changes

vikramdevtron vikramdevtron approved these changes

nishant-d Awaiting requested review from nishant-d

prakarsh-dt Awaiting requested review from prakarsh-dt prakarsh-dt is a code owner

vivek-devtron Awaiting requested review from vivek-devtron vivek-devtron is a code owner

Labels

PR:Ready-to-Review