Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add dependency to forked quic-go library #1149

Merged
merged 2 commits into from
Sep 30, 2024
Merged

Add dependency to forked quic-go library #1149

merged 2 commits into from
Sep 30, 2024

Conversation

AaronH88
Copy link
Contributor

This fork contains a cherry pick of the fix for CVE-2024-22189 quic-go: memory exhaustion attack against QUIC's connection ID

AaronH88
AaronH88 commented Sep 26, 2024
View reviewed changes
go.mod Outdated
@@ -93,3 +93,5 @@ require (
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
)

replace github.com/quic-go/quic-go v0.40.1 => github.com/AaronH88/quic-go v0.0.0-20240925173611-8b838692e0f5
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Leaving this here as a reminder to remove it in November with the release of RHEL 9.5

@codecov Codecov
Copy link

codecov bot commented Sep 26, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 43.64%. Comparing base (32ab948) to head (bfb856a).
Report is 2 commits behind head on devel.

@@            Coverage Diff             @@
##            devel    #1149      +/-   ##
==========================================
+ Coverage   43.14%   43.64%   +0.49%     
==========================================
  Files          33       36       +3     
  Lines        6612     7192     +580     
==========================================
+ Hits         2853     3139     +286     
- Misses       3526     3819     +293     
- Partials      233      234       +1

see 5 files with indirect coverage changes

Components Coverage Δ
Go 43.14% <ø> (ø)
Receptorctl 49.31% <ø> (∅)

@AaronH88 AaronH88 force-pushed the connectionid branch 2 times, most recently from eca755b to 150a648 Compare September 27, 2024 08:20
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Sep 27, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

matoval
matoval approved these changes Sep 27, 2024
View reviewed changes
Copy link
Collaborator

@matoval matoval left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@AaronH88 AaronH88 merged commit 6f7154d into ansible:devel Sep 30, 2024
24 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matoval matoval matoval approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AaronH88 @matoval