Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update github.com/grafana/loki digest to dfc0013 [security] (release-2.9.x) #10821

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 9, 2023

Mend Renovate

This PR contains the following updates:

Package Type Update Change
github.com/grafana/loki require digest 4e4359e -> dfc0013
github.com/grafana/loki require digest 90888a0 -> dfc0013

GitHub Vulnerability Alerts

CVE-2021-36156

An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that location and include some of the contents in the error message.


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot requested review from periklis, xperimental and a team as code owners October 9, 2023 10:52
@renovate renovate bot added area/security dependencies Pull requests that update a dependency file labels Oct 9, 2023
@xperimental
Copy link
Collaborator

Same comment as on #10820

@renovate renovate bot changed the title fix(deps): update github.com/grafana/loki digest to b31ed05 [security] (release-2.9.x) Update github.com/grafana/loki digest to b31ed05 [SECURITY] (release-2.9.x) Oct 9, 2023
@renovate renovate bot changed the title Update github.com/grafana/loki digest to b31ed05 [SECURITY] (release-2.9.x) fix(deps): update github.com/grafana/loki digest to 7ccec83 [security] (release-2.9.x) Oct 9, 2023
@renovate renovate bot force-pushed the deps-update/release-2.9.x-go-github.com/grafana/loki-vulnerability branch from 5042be4 to ccb9cff Compare October 9, 2023 15:06
@renovate renovate bot changed the title fix(deps): update github.com/grafana/loki digest to 7ccec83 [security] (release-2.9.x) fix(deps): update github.com/grafana/loki digest to 7ccec83 [security] (release-2.9.x) - autoclosed Oct 9, 2023
@renovate renovate bot closed this Oct 9, 2023
@renovate renovate bot deleted the deps-update/release-2.9.x-go-github.com/grafana/loki-vulnerability branch October 9, 2023 22:50
@renovate renovate bot changed the title fix(deps): update github.com/grafana/loki digest to 7ccec83 [security] (release-2.9.x) - autoclosed fix(deps): update github.com/grafana/loki digest to 7ccec83 [security] (release-2.9.x) Oct 10, 2023
@renovate renovate bot reopened this Oct 10, 2023
@renovate renovate bot restored the deps-update/release-2.9.x-go-github.com/grafana/loki-vulnerability branch October 10, 2023 01:09
@renovate renovate bot force-pushed the deps-update/release-2.9.x-go-github.com/grafana/loki-vulnerability branch from ccb9cff to cec9d95 Compare October 10, 2023 01:15
@renovate renovate bot changed the title fix(deps): update github.com/grafana/loki digest to 7ccec83 [security] (release-2.9.x) fix(deps): update github.com/grafana/loki digest to 7ccec83 [security] (release-2.9.x) - autoclosed Oct 10, 2023
@renovate renovate bot closed this Oct 10, 2023
@renovate renovate bot deleted the deps-update/release-2.9.x-go-github.com/grafana/loki-vulnerability branch October 10, 2023 03:50
@renovate renovate bot changed the title fix(deps): update github.com/grafana/loki digest to 7ccec83 [security] (release-2.9.x) - autoclosed fix(deps): update github.com/grafana/loki digest to 7ccec83 [security] (release-2.9.x) Oct 10, 2023
@renovate renovate bot reopened this Oct 10, 2023
@renovate renovate bot restored the deps-update/release-2.9.x-go-github.com/grafana/loki-vulnerability branch October 10, 2023 05:08
@renovate renovate bot changed the title fix(deps): update github.com/grafana/loki digest to 7ccec83 [security] (release-2.9.x) fix(deps): update github.com/grafana/loki digest to 3aa09c5 [security] (release-2.9.x) Oct 10, 2023
@renovate renovate bot force-pushed the deps-update/release-2.9.x-go-github.com/grafana/loki-vulnerability branch from cec9d95 to e90b67a Compare October 10, 2023 05:16
@renovate renovate bot changed the title fix(deps): update github.com/grafana/loki digest to 3aa09c5 [security] (release-2.9.x) fix(deps): update github.com/grafana/loki digest to 3aa09c5 [security] (release-2.9.x) - autoclosed Oct 10, 2023
@renovate renovate bot closed this Oct 10, 2023
@renovate renovate bot deleted the deps-update/release-2.9.x-go-github.com/grafana/loki-vulnerability branch October 10, 2023 07:11
@renovate renovate bot changed the title fix(deps): update github.com/grafana/loki digest to 3aa09c5 [security] (release-2.9.x) - autoclosed fix(deps): update github.com/grafana/loki digest to 3aa09c5 [security] (release-2.9.x) Oct 10, 2023
@renovate renovate bot reopened this Nov 5, 2023
@renovate renovate bot restored the deps-update/release-2.9.x-go-github.com/grafana/loki-vulnerability branch November 5, 2023 13:41
@renovate renovate bot force-pushed the deps-update/release-2.9.x-go-github.com/grafana/loki-vulnerability branch from a78a42e to 37fa7cf Compare November 5, 2023 13:45
@renovate renovate bot changed the title fix(deps): update github.com/grafana/loki digest to cb4e800 [security] (release-2.9.x) fix(deps): update github.com/grafana/loki digest to 3086a3b [security] (release-2.9.x) Nov 6, 2023
@renovate renovate bot force-pushed the deps-update/release-2.9.x-go-github.com/grafana/loki-vulnerability branch from 37fa7cf to 8b1d66b Compare November 6, 2023 09:37
@renovate renovate bot changed the title fix(deps): update github.com/grafana/loki digest to 3086a3b [security] (release-2.9.x) Update github.com/grafana/loki digest to 3086a3b [SECURITY] (release-2.9.x) Nov 6, 2023
@renovate renovate bot changed the title Update github.com/grafana/loki digest to 3086a3b [SECURITY] (release-2.9.x) Update github.com/grafana/loki digest to 3086a3b [SECURITY] (release-2.9.x) - autoclosed Nov 6, 2023
@renovate renovate bot closed this Nov 6, 2023
@renovate renovate bot deleted the deps-update/release-2.9.x-go-github.com/grafana/loki-vulnerability branch November 6, 2023 12:34
@renovate renovate bot changed the title Update github.com/grafana/loki digest to 3086a3b [SECURITY] (release-2.9.x) - autoclosed Update github.com/grafana/loki digest to 3086a3b [SECURITY] (release-2.9.x) Nov 6, 2023
@renovate renovate bot reopened this Nov 6, 2023
@renovate renovate bot restored the deps-update/release-2.9.x-go-github.com/grafana/loki-vulnerability branch November 6, 2023 13:46
@renovate renovate bot changed the title Update github.com/grafana/loki digest to 3086a3b [SECURITY] (release-2.9.x) fix(deps): update github.com/grafana/loki digest to 6385b19 [security] (release-2.9.x) Nov 6, 2023
@renovate renovate bot force-pushed the deps-update/release-2.9.x-go-github.com/grafana/loki-vulnerability branch from 8b1d66b to 96e473d Compare November 6, 2023 13:52
@renovate renovate bot changed the title fix(deps): update github.com/grafana/loki digest to 6385b19 [security] (release-2.9.x) Update github.com/grafana/loki digest to 6385b19 [SECURITY] (release-2.9.x) Nov 6, 2023
@renovate renovate bot changed the title Update github.com/grafana/loki digest to 6385b19 [SECURITY] (release-2.9.x) fix(deps): update github.com/grafana/loki digest to dfc0013 [security] (release-2.9.x) Nov 6, 2023
@renovate renovate bot force-pushed the deps-update/release-2.9.x-go-github.com/grafana/loki-vulnerability branch from 96e473d to 7b5ce11 Compare November 6, 2023 21:28
@renovate renovate bot changed the title fix(deps): update github.com/grafana/loki digest to dfc0013 [security] (release-2.9.x) Update github.com/grafana/loki digest to dfc0013 [SECURITY] (release-2.9.x) Nov 6, 2023
@renovate renovate bot changed the title Update github.com/grafana/loki digest to dfc0013 [SECURITY] (release-2.9.x) Update github.com/grafana/loki digest to dfc0013 [SECURITY] (release-2.9.x) - autoclosed Nov 7, 2023
@renovate renovate bot closed this Nov 7, 2023
@renovate renovate bot deleted the deps-update/release-2.9.x-go-github.com/grafana/loki-vulnerability branch November 7, 2023 04:53
@renovate renovate bot changed the title Update github.com/grafana/loki digest to dfc0013 [SECURITY] (release-2.9.x) - autoclosed Update github.com/grafana/loki digest to dfc0013 [SECURITY] (release-2.9.x) Nov 7, 2023
@renovate renovate bot reopened this Nov 7, 2023
@renovate renovate bot restored the deps-update/release-2.9.x-go-github.com/grafana/loki-vulnerability branch November 7, 2023 07:18
@renovate renovate bot force-pushed the deps-update/release-2.9.x-go-github.com/grafana/loki-vulnerability branch from 7b5ce11 to abee189 Compare November 7, 2023 07:21
@renovate renovate bot changed the title Update github.com/grafana/loki digest to dfc0013 [SECURITY] (release-2.9.x) fix(deps): update github.com/grafana/loki digest to dfc0013 [security] (release-2.9.x) Nov 7, 2023
@periklis periklis closed this Nov 7, 2023
Copy link
Contributor Author

renovate bot commented Nov 7, 2023

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for the github.com/grafana/loki dfc0013 update again.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

@renovate renovate bot deleted the deps-update/release-2.9.x-go-github.com/grafana/loki-vulnerability branch November 7, 2023 12:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/security dependencies Pull requests that update a dependency file sig/operator size/XXL
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants