OCPBUGS-76613: [release-4.20] fix: update vulnerable dependencies

[openshift-cherrypick-robot]

This is an automated cherry-pick of #751

/assign jgbernalp

[openshift-ci-robot]

@openshift-cherrypick-robot: Jira Issue OCPBUGS-74909 has been cloned as Jira Issue OCPBUGS-76613. Will retitle bug to link to clone.
/retitle [release-4.20] OCPBUGS-76613: fix: update vulnerable dependencies

Details

In response to this:

This is an automated cherry-pick of #751

/assign jgbernalp

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@openshift-cherrypick-robot: This pull request references Jira Issue OCPBUGS-76613, which is invalid:

• expected dependent Jira Issue OCPBUGS-74909 to be in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but it is MODIFIED instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

This is an automated cherry-pick of #751

/assign jgbernalp

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[jgbernalp]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jgbernalp, openshift-cherrypick-robot

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [jgbernalp]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jgbernalp]

/test e2e-monitoring

[juzhao]

/label qe-approved

[openshift-ci-robot]

@openshift-cherrypick-robot: This pull request references Jira Issue OCPBUGS-76613, which is invalid:

• expected dependent Jira Issue OCPBUGS-74909 to be in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but it is ON_QA instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

This is an automated cherry-pick of #751

/assign jgbernalp

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[jgbernalp]

/test e2e-monitoring

[openshift-ci]

@openshift-cherrypick-robot: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-monitoring	e1773bb	link	false	/test e2e-monitoring

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[jgbernalp]

/override e2e-monitoring

[openshift-ci]

@jgbernalp: /override requires failed status contexts, check run or a prowjob name to operate on.
The following unknown contexts/checkruns were given:

• e2e-monitoring

Only the following failed contexts/checkruns were expected:

• ci/prow/e2e-aws-ovn
• ci/prow/e2e-monitoring
• ci/prow/images
• ci/prow/lint
• ci/prow/okd-scos-images
• ci/prow/translations
• ci/prow/verify-deps
• pull-ci-openshift-monitoring-plugin-main-e2e-aws-ovn
• pull-ci-openshift-monitoring-plugin-main-e2e-monitoring
• pull-ci-openshift-monitoring-plugin-main-images
• pull-ci-openshift-monitoring-plugin-main-lint
• pull-ci-openshift-monitoring-plugin-main-okd-scos-images
• pull-ci-openshift-monitoring-plugin-main-translations
• pull-ci-openshift-monitoring-plugin-main-verify-deps
• tide

If you are trying to override a checkrun that has a space in it, you must put a double quote on the context.

Details

In response to this:

/override e2e-monitoring

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[juzhao]

/override e2e-monitoring

the ci/prow/e2e-monitoring is not required job, the failure won't block PR merge

[PeterYurkovich]

@juzhao FYI I've moved the 4.21 story to verified based on your comment here to unblock this merge

[PeterYurkovich]

/jira refresh

[openshift-ci-robot]

@PeterYurkovich: This pull request references Jira Issue OCPBUGS-76613, which is valid.

7 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.20.z) matches configured target version for branch (4.20.z)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
• release note type set to "Release Note Not Required"
• dependent bug Jira Issue OCPBUGS-74909 is in the state Verified, which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
• dependent Jira Issue OCPBUGS-74909 targets the "4.21.z" version, which is one of the valid target versions: 4.21.0, 4.21.z
• bug has dependents

No GitHub users were found matching the public email listed for the QA contact in Jira (ocp-sustaining-admins@redhat.com), skipping review request.

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Important

Review skipped

Auto reviews are limited based on label configuration.

🚫 Review skipped — only excluded labels are configured. (1)

• do-not-merge/work-in-progress

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci-robot]

@openshift-cherrypick-robot: Jira Issue OCPBUGS-76613: All pull requests linked via external trackers have merged:

• openshift/monitoring-plugin#766

Jira Issue OCPBUGS-76613 has been moved to the MODIFIED state.

Details

In response to this:

This is an automated cherry-pick of #751

/assign jgbernalp

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[jgbernalp]

/cherry-pick release-4.19

[openshift-cherrypick-robot]

@jgbernalp: new pull request created: #773

Details

In response to this:

/cherry-pick release-4.19

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.