Skip to content

prometheus-operator/0.84.1-r0: cve remediation #62441

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kbsteere merged 4 commits into from
Aug 11, 2025
Merged

prometheus-operator/0.84.1-r0: cve remediation #62441

kbsteere merged 4 commits into from
Aug 11, 2025

Conversation

@octo-sts
Copy link
Contributor

@octo-sts octo-sts bot commented Aug 10, 2025

prometheus-operator/0.84.1-r0: fix CVE-2025-47907

Advisory data: https://github.com/wolfi-dev/advisories/blob/main/prometheus-operator.advisories.yaml

"Breadcrumbs" for this automated service

@octo-sts octo-sts bot added P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. automated pr CVE-2025-47907 go/bump prometheus-operator request-cve-remediation labels Aug 10, 2025
@octo-sts
Copy link
Contributor Author

octo-sts bot commented Aug 10, 2025
edited
Loading

📡 Build Failed: Network

curl: (22) The requested URL returned error: 404

Build Details

Category Details
Build System melange
Failure Point auth/github step in prometheus-operator-iamguarded-compat subpackage

Root Cause Analysis 🔍

Failed to authenticate with GitHub API during OctoSTS token exchange. The curl request to get a GitHub token returned HTTP 404, indicating either the endpoint is incorrect, the service is unavailable, or the authentication credentials are invalid. This prevents the build from accessing private GitHub repositories needed for the iamguarded-compat subpackage.

Was this comment helpful? Please use 👍 or 👎 reactions on this comment.

@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Aug 10, 2025
@octo-sts octo-sts bot added the bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. label Aug 11, 2025
@kbsteere kbsteere enabled auto-merge (squash) August 11, 2025 18:44
@kbsteere kbsteere merged commit c140466 into main Aug 11, 2025
18 checks passed
@kbsteere kbsteere deleted the cve-prometheus-operator-0.84.1-r0-ddccc65b382490843a136ed694270b15 branch August 11, 2025 18:44
This was referenced Oct 16, 2025
Closed
Merged
Merged
This was referenced Oct 28, 2025
Merged
Merged
Closed
This was referenced Jan 6, 2026
Closed
Open
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kbsteere kbsteere kbsteere approved these changes

Assignees

No one assigned

Labels

ai/skip-comment Stop AI from commenting on PR automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. CVE-2025-47907 go/bump P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. prometheus-operator request-cve-remediation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kbsteere @Dentrax