Fix Keystone CVE-2026-{42999,42998,43000,43001,44394} (Yoga)#2332
Fix Keystone CVE-2026-{42999,42998,43000,43001,44394} (Yoga)#2332seunghun1ee wants to merge 17 commits into
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Pins actions/checkout to v6.0.2 commit hash instead of the tag.
Pins actions/setup-python to v6.2.0 commit hash instead of the tag.
…fdaad77386f024f Updates actions/upload-artifact from v6 to v7.0.0 and pins to a specific commit hash instead of the tag.
…6d141179aa583294 Updates docker/build-push-action from v6 to v7.0.0 and pins to a specific commit hash instead of the tag.
…00b2ab88fb2 Updates docker/login-action from v3 to v4.0.0 and pins to a specific commit hash instead of the tag.
…a6bfe6a94e05cf Updates docker/metadata-action from v5 to v6.0.0 and pins to a specific commit hash instead of the tag.
…baf45bbb4f8b9deedd Updates docker/setup-buildx-action from v3 to v4.0.0 and pins to a specific commit hash instead of the tag.
…c25e6d187d Updates dorny/paths-filter from v3 to v4.0.1 and pins to a specific commit hash instead of the tag.
…8fb23f2ac83bb6c85 Updates hashicorp/setup-terraform from v3 to v4.0.0 and pins to a specific commit hash instead of the tag.
…162a307590698245be95 Updates slackapi/slack-github-action from v1.26.0 to v3.0.1 and pins to a specific commit hash instead of the tag.
Actions have been compromised a lot recently. All this action does is install packages, so it's not worth the risk. Just install the packages directly in the workflow.
Adds the `packages:write` permission to the Build Kayobe Image job in the workflow (required for `docker/build-push-action`) and ensures all other jobs don't have this permission.
seunghun1ee
force-pushed
the
yoga-keystone-bump
branch
from
4971772 to
4289486
Compare
Fixed CVE-2026-42998, CVE-2026-42999, CVE-2026-43000, CVE-2026-43001 and CVE-2026-44394 with updated Keystone images.
seunghun1ee
force-pushed
the
yoga-keystone-bump
branch
from
4289486 to
8b98f99
Compare
seunghun1ee
changed the title
Alex-Welsh
left a comment
Alex-Welsh
left a comment
There was a problem hiding this comment.
Missing kolla_sources for keystone fork?
Alex-Welsh
left a comment
Alex-Welsh
left a comment
There was a problem hiding this comment.
@seunghun1ee the keystone fork is up to date now, could you add it as a kolla build source please?
Alex-Welsh
added
the
waiting-author-response
|
Happy Friday @seunghun1ee, this is a friendly reminder that this PR is waiting for your changes or response. Please take a look when you have a moment! Note: Once your changes are ready, remove the |
1 similar comment
|
Happy Friday @seunghun1ee, this is a friendly reminder that this PR is waiting for your changes or response. Please take a look when you have a moment! Note: Once your changes are ready, remove the |
To ensure not to omit security fixes from commit 8b98f99
|
Happy Friday @seunghun1ee, this is a friendly reminder that this PR is waiting for your changes or response. Please take a look when you have a moment! Note: Once your changes are ready, remove the |
3 participants
No description provided.