Skip to content

bump google.golang.org/grpc [CVE-2026-33186]#150

Merged
kcp-ci-bot merged 1 commit intokcp-dev:mainfrom
xrstf:bump-grpc
Apr 8, 2026
Merged

bump google.golang.org/grpc [CVE-2026-33186]#150
kcp-ci-bot merged 1 commit intokcp-dev:mainfrom
xrstf:bump-grpc

Conversation

@xrstf
Copy link
Copy Markdown
Contributor

@xrstf xrstf commented Apr 1, 2026

Summary

This bumps grpc to fix the reported security vulnerability.

What Type of PR Is This?

/kind chore

Release Notes

Bump google.golang.org/grpc [CVE-2026-33186]

@kcp-ci-bot kcp-ci-bot added kind/chore Categorizes issue or PR as related to maintenance and other usually non-code changes. release-note Denotes a PR that will be considered when it comes time to generate release notes. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. labels Apr 1, 2026
@kcp-ci-bot
Copy link
Copy Markdown
Contributor

kcp-ci-bot commented Apr 1, 2026

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@kcp-ci-bot kcp-ci-bot added the dco-signoff: yes Indicates the PR's author has signed the DCO. label Apr 1, 2026
@xrstf xrstf marked this pull request as ready for review April 1, 2026 09:43
@kcp-ci-bot kcp-ci-bot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. labels Apr 1, 2026
@xrstf
Copy link
Copy Markdown
Contributor Author

xrstf commented Apr 1, 2026

/retest

2 similar comments
@xrstf
Copy link
Copy Markdown
Contributor Author

xrstf commented Apr 1, 2026

/retest

@xrstf
Copy link
Copy Markdown
Contributor Author

xrstf commented Apr 1, 2026

/retest

embik
embik approved these changes Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@embik embik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@kcp-ci-bot kcp-ci-bot added the lgtm Indicates that a PR is ready to be merged. label Apr 8, 2026
@kcp-ci-bot
Copy link
Copy Markdown
Contributor

kcp-ci-bot commented Apr 8, 2026

LGTM label has been added.

DetailsGit tree hash: 50a26089c297448beff5cdbdab65e768c30149a3

@kcp-ci-bot
Copy link
Copy Markdown
Contributor

kcp-ci-bot commented Apr 8, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: embik

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kcp-ci-bot kcp-ci-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 8, 2026
@kcp-ci-bot kcp-ci-bot merged commit 6d8fd96 into kcp-dev:main Apr 8, 2026
11 checks passed
@xrstf
Copy link
Copy Markdown
Contributor Author

xrstf commented Apr 8, 2026

/cherrypick release-0.5

@xrstf
Copy link
Copy Markdown
Contributor Author

xrstf commented Apr 8, 2026

/cherrypick release-0.4

@xrstf xrstf deleted the bump-grpc branch April 8, 2026 13:21
@kcp-ci-bot
Copy link
Copy Markdown
Contributor

kcp-ci-bot commented Apr 8, 2026

@xrstf: new pull request created: #151

Details

In response to this:

/cherrypick release-0.5

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@kcp-ci-bot kcp-ci-bot mentioned this pull request Apr 8, 2026
Merged
@kcp-ci-bot
Copy link
Copy Markdown
Contributor

kcp-ci-bot commented Apr 8, 2026

@xrstf: #150 failed to apply on top of branch "release-0.4":

Applying: bump google.golang.org/grpc [CVE-2026-33186]
Using index info to reconstruct a base tree...
M	go.mod
M	go.sum
Falling back to patching base and 3-way merge...
Auto-merging go.sum
CONFLICT (content): Merge conflict in go.sum
Auto-merging go.mod
CONFLICT (content): Merge conflict in go.mod
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config set advice.mergeConflict false"
Patch failed at 0001 bump google.golang.org/grpc [CVE-2026-33186]
Details

In response to this:

/cherrypick release-0.4

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

xrstf added a commit to xrstf/kcp-api-syncagent that referenced this pull request Apr 8, 2026
@xrstf
[release-0.4] bump google.golang.org/grpc [CVE-2026-33186] (kcp-dev#150)
b767587 
On-behalf-of: @SAP christoph.mewes@sap.com
@xrstf xrstf mentioned this pull request Apr 8, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@embik embik embik approved these changes

Assignees

@embik embik

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates the PR's author has signed the DCO. kind/chore Categorizes issue or PR as related to maintenance and other usually non-code changes. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@xrstf @kcp-ci-bot @embik