Skip to content

Automated cherry pick of #1270: Update grpc to v1.79.3 to fix CVE-2026-33186 #1272: Fix Grype CVEs: update logrus and prometheus/prometheus#1273

Open
hakman wants to merge 8 commits intokubernetes:release-1.35from
hakman:automated-cherry-pick-of-#1270-#1272-upstream-release-1.35
Open

Automated cherry pick of #1270: Update grpc to v1.79.3 to fix CVE-2026-33186 #1272: Fix Grype CVEs: update logrus and prometheus/prometheus#1273
hakman wants to merge 8 commits intokubernetes:release-1.35from
hakman:automated-cherry-pick-of-#1270-#1272-upstream-release-1.35

Conversation

@hakman
Copy link
Copy Markdown
Member

@hakman hakman commented May 4, 2026

Cherry pick of #1270 #1272 on release-1.35.

#1270: Update grpc to v1.79.3 to fix CVE-2026-33186
#1272: Fix Grype CVEs: update logrus and prometheus/prometheus

For details on the cherry pick process, see the cherry pick requests page.

ajaysundark and others added 6 commits May 4, 2026 08:25
@ajaysundark @hakman
Update grpc to v1.79.3 to fix CVE-2026-33186
d412ea2
@ajaysundark @hakman
Run go mod tidy in test directory to fix e2e build
31ba719
@ajaysundark @hakman
Align otel dependency with k8s v1.41.0
6380879
@BrunoChauvet @hakman
Fix Grype CVEs: update logrus and prometheus/prometheus
ddfb2c4 
- Update github.com/sirupsen/logrus v1.9.0 -> v1.9.3 in test/go.mod
  to fix GHSA-4f99-4q7p-p3gh (High)
- Update github.com/prometheus/prometheus v0.35.0 -> v0.311.3
  to fix GHSA-vffh-x6r8-xx99 (Medium)
- Run go mod tidy and go mod vendor to update vendor directory
@BrunoChauvet @hakman
Update builder image to golang:1.25.9-bookworm
79bf92e
@hakman
Fix go.sum
419ed8d
@k8s-ci-robot k8s-ci-robot added this to the v1.35 milestone May 4, 2026
@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label May 4, 2026
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented May 4, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hakman

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels May 4, 2026
hakman added 2 commits May 4, 2026 08:41
@hakman
fix: pin actions to commit SHA
5729b40 
(cherry picked from commit a4e58f2)
@hakman
Update golangci-lint to v2.11.4
c0f8628 
(cherry picked from commit fc90eb0)
@hakman
Copy link
Copy Markdown
Member Author

hakman commented May 4, 2026

/cc @SergeyKanzhelev @wangzhen127 @ameukam @upodroid

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dchen1107 dchen1107 Awaiting requested review from dchen1107

@derekwaynecarr derekwaynecarr Awaiting requested review from derekwaynecarr

@ameukam ameukam Awaiting requested review from ameukam

@SergeyKanzhelev SergeyKanzhelev Awaiting requested review from SergeyKanzhelev

@upodroid upodroid Awaiting requested review from upodroid

@wangzhen127 wangzhen127 Awaiting requested review from wangzhen127

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Milestone

v1.35

Development

Successfully merging this pull request may close these issues.

4 participants

@hakman @k8s-ci-robot @ajaysundark @BrunoChauvet