[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade jx to 3.10.182 to fix CVE-2023-39325 and CVE-2023-44487 - branch 3.0-dev (#12502)

CBL-Mariner-Bot · web-flow · commit 1fa2c57faaac · 2025-02-25T11:45:47.000-05:00
diff --git a/SPECS/jx/CVE-2023-45288.patch b/SPECS/jx/CVE-2023-45288.patch
diff --git a/SPECS/jx/jx.signatures.json b/SPECS/jx/jx.signatures.json
@@ -1,6 +1,6 @@
 {
   "Signatures": {
-    "jx-3.10.116-vendor.tar.gz": "9e0cc830222cc289a928b684201c6cd3793f60637a4e47a7cbde00076792c94d",
-    "jx-3.10.116.tar.gz": "55b14b4f4189f91f481387f8ad9617c37deb859d824c246e817040b740de7d76"
+    "jx-3.10.182-vendor.tar.gz": "47bcb18176e44be2c7ffb3666b04d6e5cbaeea93bc3fe6c5fcb974086abe00b4",
+    "jx-3.10.182.tar.gz": "2abfc9432773007e7c17f78c44ad03aa5b9a6bf8a0118d44bf97a230c1ebd1fb"
   }
 }
diff --git a/SPECS/jx/jx.spec b/SPECS/jx/jx.spec
@@ -1,7 +1,7 @@
 Summary:        Command line tool for working with Jenkins X.
 Name:           jx
-Version:        3.10.116
-Release:        2%{?dist}
+Version:        3.10.182
+Release:        1%{?dist}
 License:        Apache-2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -27,7 +27,6 @@ Source0:        https://github.com/jenkins-x/jx/archive/v%{version}.tar.gz#/%{na
 #         See: https://reproducible-builds.org/docs/archives/
 #       - For the value of "--mtime" use the date "2021-04-26 00:00Z" to simplify future updates.
 Source1:        %{name}-%{version}-vendor.tar.gz
-Patch0:         CVE-2023-45288.patch
 
 BuildRequires:  golang >= 1.17.1
 %global debug_package %{nil}
@@ -63,6 +62,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} ./build/jx
 %{_bindir}/jx
 
 %changelog
+* Thu Feb 13 2025 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 3.10.182-1
+- Auto-upgrade to 3.10.182 - Fix CVE-2023-39325 and CVE-2023-44487 in jx
+
 * Thu Aug 22 2024 Sumedh Sharma <sumsharma@microsoft.com> - 3.10.116-2
 - Add patch to resolve CVE-2023-45288
 
diff --git a/cgmanifest.json b/cgmanifest.json
@@ -8091,8 +8091,8 @@
         "type": "other",
         "other": {
           "name": "jx",
-          "version": "3.10.116",
-          "downloadUrl": "https://github.com/jenkins-x/jx/archive/v3.10.116.tar.gz"
+          "version": "3.10.182",
+          "downloadUrl": "https://github.com/jenkins-x/jx/archive/v3.10.182.tar.gz"
         }
       }
     },

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"Signatures": {`
`3`		`- "jx-3.10.116-vendor.tar.gz": "9e0cc830222cc289a928b684201c6cd3793f60637a4e47a7cbde00076792c94d",`
`4`		`- "jx-3.10.116.tar.gz": "55b14b4f4189f91f481387f8ad9617c37deb859d824c246e817040b740de7d76"`
	`3`	`+ "jx-3.10.182-vendor.tar.gz": "47bcb18176e44be2c7ffb3666b04d6e5cbaeea93bc3fe6c5fcb974086abe00b4",`
	`4`	`+ "jx-3.10.182.tar.gz": "2abfc9432773007e7c17f78c44ad03aa5b9a6bf8a0118d44bf97a230c1ebd1fb"`
`5`	`5`	`}`
`6`	`6`	`}`
Original file line number	Diff line number	Diff line change
`@@ -8091,8 +8091,8 @@`
`8091`	`8091`	`"type": "other",`
`8092`	`8092`	`"other": {`
`8093`	`8093`	`"name": "jx",`
`8094`		`- "version": "3.10.116",`
`8095`		`- "downloadUrl": "https://github.com/jenkins-x/jx/archive/v3.10.116.tar.gz"`
	`8094`	`+ "version": "3.10.182",`
	`8095`	`+ "downloadUrl": "https://github.com/jenkins-x/jx/archive/v3.10.182.tar.gz"`
`8096`	`8096`	`}`
`8097`	`8097`	`}`
`8098`	`8098`	`},`