chore: update oauth2 to v0.27.0 in notebook-controller#806
Conversation
google-oss-prow
bot
added
the
area/controller
henschwartz
force-pushed
the
security-update-golang-x-oauth2-v0_27_0
branch
from
f9d7d99 to
e0b92b8
Compare
|
/ok-to-test |
andyatmiami
left a comment
andyatmiami
left a comment
There was a problem hiding this comment.
@henschwartz - thanks for your patience and sorry its taken so long for me to turn attention back to this PR!
I realize this is a wildly trivial change - but just to be safe/proper - can you rebase this PR on the latest of notebooks-v1 branch so I can test it in conjunction with other dependency updates that have been merged
This is the next (and i think last!) notebook-controller PR I am focusing on - so I DO NOT expect to need to ask you for any further rebases.
ℹ️ Please make sure to rebase this PR (not pull in merge commits, etc). Ideally there should just be a single commit with your changes on this branch
THANKS
Fixes CVE-2025-22868 This PR updates golang.org/x/oauth2 from v0.0.0-20210819190943-2bc19b11175f to v0.27.0 to address security vulnerabilities identified in the v1.11 release scan. Changes: - Updated golang.org/x/oauth2 to v0.27.0 - Updated github.com/google/go-cmp to v0.5.9 (dependency of oauth2) - Removed google.golang.org/appengine (no longer required) - Ran go mod tidy to update dependencies - Verified build succeeds with go build Related: kubeflow#780 (PR 3) Signed-off-by: Hen Schwartz <hschwart@hschwart-thinkpadp1gen7.raanaii.csb>
henschwartz
force-pushed
the
security-update-golang-x-oauth2-v0_27_0
branch
from
97847a5 to
3c1530d
Compare
|
hi @andyatmiami please review the current PR |
andyatmiami
left a comment
andyatmiami
left a comment
There was a problem hiding this comment.
/lgtm
thanks @henschwartz for this contribution.
i independently confirmed the verification checks performed by the PR author are reproducible and valid.
furthermore, in analyzing the changes introduced across the significant version bump of the upgraded dependencies, I am comfortable with them being safe for our usage.
x/oauth2: majority of dependency updates. functional changes from 0.2.0 to 0.27.0 are not anticipated to affect our usage.
Worth noting a similar PR was already merged for tensorboard-controller as well.
thesuperzapper
changed the title
thesuperzapper
changed the title
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: thesuperzapper The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
github-project-automation
bot
moved this from Needs Triage
to Done
in Kubeflow Notebooks
3 participants
Fixes CVE-2025-22868
This PR updates golang.org/x/oauth2 from v0.0.0-20210819190943-2bc19b11175f
to v0.27.0 to address security vulnerabilities identified in the v1.11 release scan.
Changes:
Related: #780