Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[submodule] Update submodule HEAD for sonic-mgmt-framework and sonic-telemetry #13112

Merged
merged 3 commits into from
Feb 7, 2023
Merged

[submodule] Update submodule HEAD for sonic-mgmt-framework and sonic-telemetry #13112

merged 3 commits into from
Feb 7, 2023

Conversation

liushilongbuaa
Copy link
Contributor

@liushilongbuaa liushilongbuaa commented Dec 20, 2022
edited
Loading

Why I did it

golang lib xmlquery v1.2.1 has critical security issue. MS Component Governance created an alert.
Update submodule HEAD to fix CG alert about CVE-2020-25614

How I did it

sonic-mgmt-framework

a72d9ee Fix CG alert CVE-2020-25614 about xmlquery v1.2.1 (#91)

sonic-telemetrey

727aefd Fix CG alert CVE-2020-25614 about xmlquery v1.2.1 (#107)

How to verify it

Which release branch to backport (provide reason below if selected)

  • 201811
  • 201911
  • 202006
  • 202012
  • 202106
  • 202111
  • 202205
  • 202211

Description for the changelog

Ensure to add label/tag for the feature raised. example - PR#2174 under sonic-utilities repo. where, Generic Config and Update feature has been labelled as GCU.

Link to config_db schema for YANG module changes

A picture of a cute animal (not mandatory but encouraged)

@liushilongbuaa
Copy link
Contributor Author

/azpw run Azure.sonic-buildimage

@mssonicbld
Copy link
Collaborator

/AzurePipelines run Azure.sonic-buildimage

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@xumia
Copy link
Collaborator

xumia commented Dec 21, 2022

/azp run Azure.sonic-buildimage

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@lguohan
Copy link
Collaborator

lguohan commented Jan 3, 2023

@qiluo-msft , this is submodule update, can you check and approve?

@liushilongbuaa liushilongbuaa force-pushed the update-202205-submodule branch from 11db6ca to da86902 Compare February 1, 2023 08:41
yxieca
yxieca reviewed Feb 1, 2023
View reviewed changes
yxieca
yxieca previously requested changes Feb 1, 2023
View reviewed changes
Copy link
Contributor

@yxieca yxieca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are you linking telmetry to gnmi?

@yxieca yxieca requested a review from qiluo-msft February 1, 2023 16:06
qiluo-msft
qiluo-msft reviewed Feb 1, 2023
View reviewed changes
qiluo-msft
qiluo-msft reviewed Feb 1, 2023
View reviewed changes
@yxieca yxieca self-requested a review February 2, 2023 18:31
@qiluo-msft qiluo-msft dismissed yxieca’s stale review February 2, 2023 18:37

Offline discussed, and Ying will not request changes.

@liushilongbuaa liushilongbuaa requested a review from xumia as a code owner February 3, 2023 02:43
@yxieca yxieca merged commit 37922d5 into sonic-net:202205 Feb 7, 2023
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@qiluo-msft qiluo-msft qiluo-msft approved these changes

@lguohan lguohan Awaiting requested review from lguohan lguohan is a code owner

@ganglyu ganglyu Awaiting requested review from ganglyu

@yxieca yxieca Awaiting requested review from yxieca

@xumia xumia Awaiting requested review from xumia

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@liushilongbuaa @mssonicbld @xumia @lguohan @qiluo-msft @yxieca @ganglyu