Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix(pkg/promtail) CVE-2020-11022 JQuery vulnerability #3224

Merged
merged 2 commits into from
Jan 26, 2021
Merged

Fix(pkg/promtail) CVE-2020-11022 JQuery vulnerability #3224

merged 2 commits into from
Jan 26, 2021

Conversation

veltmanj
Copy link
Contributor

What this PR does / why we need it:
Lifecycle management \ Security considerations

Which issue(s) this PR fixes:
#3185

Special notes for your reviewer:
updated generated files

Checklist

  • Documentation added
  • Tests updated

@veltmanj
Fix CVE-2020-11022: Upgraded to jquery to 3.5.1 from 3.3.1
11d6cf0 
Backup jquery(3.3.1) to jquery.min.js, added jquery-3.5.1.js, updated reference in base template
@veltmanj
Fix CVE-2020-11022: changes in assets_vfsdata.go
d370abc 
 executed make check-generated-files
@codecov-io
Copy link

Codecov Report

Merging #3224 (d370abc) into master (0208071) will increase coverage by 0.05%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #3224      +/-   ##
==========================================
+ Coverage   63.20%   63.26%   +0.05%     
==========================================
  Files         197      197              
  Lines       16685    16685              
==========================================
+ Hits        10546    10555       +9     
+ Misses       5184     5172      -12     
- Partials      955      958       +3
Impacted Files Coverage Δ
pkg/logql/evaluator.go 89.87% <0.00%> (-0.36%) ⬇️
pkg/promtail/positions/positions.go 58.51% <0.00%> (+11.70%) ⬆️

@veltmanj veltmanj changed the title Fix(pkg/promtail) cve 2020 11022 Fix(pkg/promtail) CVE-2020-11022 JQuery vulnerability Jan 25, 2021
cyriltovena
cyriltovena approved these changes Jan 26, 2021
View reviewed changes
Copy link
Contributor

@cyriltovena cyriltovena left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cyriltovena
Copy link
Contributor

❤️

@cyriltovena cyriltovena merged commit 5d6343c into grafana:master Jan 26, 2021
@veltmanj veltmanj deleted the fix(pkg/promtail)--CVE-2020-11022 branch January 26, 2021 10:10
@veltmanj
Copy link
Contributor Author

👍

cyriltovena pushed a commit to cyriltovena/loki that referenced this pull request Jun 11, 2021
@pracucci
Clarify that schema config is used only by the chunks storage (grafan…
6f1287f 
…a#3224)

Signed-off-by: Marco Pracucci <marco@pracucci.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cyriltovena cyriltovena cyriltovena approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@veltmanj @codecov-io @cyriltovena