Skip to content

CVE-2026-33186: Bump google.golang.org/grpc to 1.79.3#572

Open
mowangdk wants to merge 1 commit intokubernetes-csi:masterfrom
mowangdk:cve/fix_bug
Open

CVE-2026-33186: Bump google.golang.org/grpc to 1.79.3#572
mowangdk wants to merge 1 commit intokubernetes-csi:masterfrom
mowangdk:cve/fix_bug

Conversation

@mowangdk
Copy link
Copy Markdown
Contributor

@mowangdk mowangdk commented Apr 8, 2026
edited by xing-yang
Loading

What type of PR is this?

Uncomment only one /kind <> line, hit enter to put that in a new line, and remove leading whitespaces from that line:

/kind api-change
/kind bug
/kind cleanup
/kind design
/kind documentation
/kind failing-test
/kind feature
/kind flake

/kind cleanup
What this PR does / why we need it:
Bump google.golang.org/grpc to 1.79.3
Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

@k8s-ci-robot k8s-ci-robot added the kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. label Apr 8, 2026
@k8s-ci-robot k8s-ci-robot added the do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. label Apr 8, 2026
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Apr 8, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: mowangdk
Once this PR has been reviewed and has the lgtm label, please assign msau42 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Apr 8, 2026
@Anto74
Copy link
Copy Markdown

Anto74 commented Apr 21, 2026

Hi there,

sorry to push for priority. We urge to have the new and safe grpc-go dependency in external resizer sidecar.

Do we have any plan for final review and delivery of the fix?

Best regards,
Antonio Vitiello

@xing-yang
Copy link
Copy Markdown
Contributor

xing-yang commented Apr 21, 2026

/release-note-none

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Apr 21, 2026
@mowangdk
Copy link
Copy Markdown
Contributor Author

mowangdk commented Apr 22, 2026

@sunnylovestiramisu @mauriciopoppe PTAL~

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mauriciopoppe mauriciopoppe Awaiting requested review from mauriciopoppe

@sunnylovestiramisu sunnylovestiramisu Awaiting requested review from sunnylovestiramisu

Assignees

No one assigned

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. release-note-none Denotes a PR that doesn't merit a release note. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mowangdk @k8s-ci-robot @Anto74 @xing-yang