Skip to content

Commit

Permalink
Merge pull request #15154 from wolfi-dev/cve-cortex-1d7b6920842271a47…
Browse files Browse the repository at this point in the history 
…5855056ecbed481

cortex/1.16.0-r2: cve remediation
  • Loading branch information
@dlorenc
dlorenc committed Mar 15, 2024
2 parents 9711540 + 19b290d commit 26d5a8d
Showing 1 changed file with 11 additions and 1 deletion.
12 changes: 11 additions & 1 deletion cortex.yaml
View file
@@ -1,7 +1,7 @@
package:
name: cortex
version: 1.16.0
epoch: 2
epoch: 3
description:
copyright:
- license: Apache-2.0
Expand All @@ -22,7 +22,17 @@ pipeline:
tag: v${{package.version}}
expected-commit: 279ed566d01228e4b95fd628a3d79dd3ca95c9d8

- uses: go/bump
with:
deps: golang.org/x/crypto@v0.17.0 google.golang.org/protobuf@v1.33.0

- runs: |
# CVE GHSA-qppj-fm5r-hxr3
go mod edit -dropreplace=google.golang.org/grpc
go mod edit -replace=google.golang.org/grpc=google.golang.org/grpc@v1.56.3
go mod tidy
go mod vendor
mkdir -p ${{targets.destdir}}/usr/bin
go build -ldflags \
"-s -w \
Expand Down

0 comments on commit 26d5a8d

Please sign in to comment.