Skip to content

chore(deps): refresh rpm lockfiles [SECURITY] #2848

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
red-hat-konflux wants to merge 3 commits into
base: release-3.23
Choose a base branch
from
Open

chore(deps): refresh rpm lockfiles [SECURITY] #2848

red-hat-konflux wants to merge 3 commits into from
+100 −100

Conversation

@red-hat-konflux
Copy link
Contributor

@red-hat-konflux red-hat-konflux bot commented Feb 2, 2026
edited
Loading

This PR contains the following updates:

File rpms.in.yaml:

Package Change
kernel-headers 4.18.0-553.100.1.el8_10 -> 4.18.0-553.104.1.el8_10
platform-python 3.6.8-72.el8_10 -> 3.6.8-73.el8_10
python3-libs 3.6.8-72.el8_10 -> 3.6.8-73.el8_10

cpython: wsgiref.headers.Headers allows header newline injection in Python

CVE-2026-0865

More information

Details

User-controlled header names and values containing newlines can allow injecting HTTP headers.

Severity

Moderate

References

cpython: POP3 command injection in user-controlled commands

CVE-2025-15367

More information

Details

A flaw was found in the poplib module in the Python standard library. The poplib module does not reject control characters, such as newlines, in user-controlled input passed to POP3 commands. This issue allows an attacker to inject additional commands to be executed in the POP3 server.

Severity

Moderate

References

cpython: email header injection due to unquoted newlines

CVE-2026-1299

More information

Details

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules, allowing an attacker to inject email headers and potentially modify message recipients or the email body, and spoof sender information.

Severity

Moderate

References

cpython: IMAP command injection in user-controlled commands

CVE-2025-15366

More information

Details

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server.

Severity

Moderate

References

🔧 This Pull Request updates lock files to use the latest dependency versions.

Configuration

📅 Schedule: Branch creation - "" in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@red-hat-konflux red-hat-konflux bot requested review from a team and rhacs-bot as code owners February 2, 2026 05:08
rhacs-bot
rhacs-bot approved these changes Feb 2, 2026
View reviewed changes
Copy link
Contributor

@rhacs-bot rhacs-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved by automation.

rhacs-bot
rhacs-bot approved these changes Feb 2, 2026
View reviewed changes
Copy link
Contributor

@rhacs-bot rhacs-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved by automation.

@codecov-commenter
Copy link

codecov-commenter commented Feb 2, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 27.61%. Comparing base (9192062) to head (ad4227d).
⚠️ Report is 1 commits behind head on release-3.23.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@              Coverage Diff              @@
##           release-3.23    #2848   +/-   ##
=============================================
  Coverage         27.61%   27.61%           
=============================================
  Files                96       96           
  Lines              5424     5424           
  Branches           2523     2523           
=============================================
  Hits               1498     1498           
  Misses             3214     3214           
  Partials            712      712
Flag Coverage Δ
collector-unit-tests 27.61% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/release-3.23/lock-file-maintenance-vulnerability branch 4 times, most recently from 125cbae to 6039385 Compare February 5, 2026 21:01
@github-actions
Copy link

github-actions bot commented Feb 5, 2026

/retest collector-on-push

1 similar comment
@github-actions
Copy link

github-actions bot commented Feb 5, 2026

/retest collector-on-push

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/release-3.23/lock-file-maintenance-vulnerability branch 2 times, most recently from 0ea6005 to 7b8a30c Compare February 8, 2026 09:01
@red-hat-konflux
chore(deps): refresh rpm lockfiles [SECURITY]
365c699 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/release-3.23/lock-file-maintenance-vulnerability branch from 7b8a30c to 365c699 Compare February 9, 2026 05:16
@github-actions
Copy link

github-actions bot commented Feb 9, 2026

/retest collector-on-push

@red-hat-konflux
Copy link
Contributor Author

red-hat-konflux bot commented Feb 9, 2026

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rhacs-bot rhacs-bot rhacs-bot approved these changes

Assignees

No one assigned

Labels

auto-approve build-builder-image rebuild-test-container Rebuild the collector-tests container.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@codecov-commenter @rhacs-bot