PMM-14577 Fix CVEs. #4848

JiriCtvrtka · 2025-12-16T09:25:50Z

PMM Dump PR: percona/pmm-dump#343
Spec: Percona-Lab/spec#7

codecov · 2025-12-16T09:27:20Z

Codecov Report

❌ Patch coverage is 50.57471% with 86 lines in your changes missing coverage. Please review.
✅ Project coverage is 46.00%. Comparing base (ad6cac4) to head (db10f7e).
⚠️ Report is 1 commits behind head on v3.

Files with missing lines	Patch %	Lines
managed/utils/interceptors/go-grpc-prometheus.go	50.87%	78 Missing and 6 partials ⚠️
managed/cmd/pmm-managed/main.go	0.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##               v3    #4848      +/-   ##
==========================================
+ Coverage   45.95%   46.00%   +0.05%     
==========================================
  Files         365      366       +1     
  Lines       38223    38394     +171     
==========================================
+ Hits        17564    17665     +101     
- Misses      18969    19034      +65     
- Partials     1690     1695       +5

Flag	Coverage Δ
admin	`17.82% <ø> (ø)`
agent	`53.54% <ø> (+0.16%)`	⬆️
managed	`46.67% <50.57%> (+0.02%)`	⬆️
vmproxy	`72.09% <ø> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

go.mod

This reverts commit d0409e1.

JiriCtvrtka · 2025-12-23T14:23:01Z

go.mod

+replace github.com/go-openapi/spec => github.com/JiriCtvrtka/spec v0.0.0-20251222101011-485c12f10ee3

-replace github.com/go-openapi/spec => github.com/Percona-Lab/spec v0.21.0-percona
+replace github.com/alecthomas/kingpin/v2 => github.com/Percona-Lab/kingpin/v2 v2.0.0-20251219125400-95ff74a47c0a

-replace github.com/alecthomas/kingpin/v2 => github.com/Percona-Lab/kingpin/v2 v2.4.0-percona
-
-replace golang.org/x/crypto => github.com/percona-lab/crypto v0.0.0-20231108144114-756dfb24eaf2
+replace golang.org/x/crypto => github.com/percona-lab/crypto v0.0.0-20251219125031-82d8ba2cda22


Before merge of PR all will be replaced with proper commit (after those are merged).

qan-api2/main.go

.golangci.yml

JiriCtvrtka · 2025-12-29T10:05:04Z

go.mod

 // go get -v github.com/percona/saas@latest

-replace github.com/grpc-ecosystem/go-grpc-prometheus => github.com/Percona-Lab/go-grpc-prometheus v0.0.0-20230116133345-3487748d4592
+replace github.com/go-openapi/spec => github.com/JiriCtvrtka/spec v0.0.0-20251222101011-485c12f10ee3


I dont have permissions to this repo. This is only for now. Once finished it will be replaced with proper commit in Percona spec repo.

I believe we have a new version now.

idoqo · 2025-12-29T11:33:38Z

managed/utils/interceptors/go-grpc-prometheus.go

@@ -0,0 +1,389 @@
+// Copyright (C) 2023 Percona LLC


if this is copied - should we keep their license?

This file contains mainly code from Percona fork itself. It is bare minimum to make PMM work with upstream one. So I think it this case it is fine.

PMM-14577 Fix CVEs

ba0b3e5

JiriCtvrtka commented Dec 16, 2025

View reviewed changes

go.mod Show resolved Hide resolved

JiriCtvrtka mentioned this pull request Dec 16, 2025

PMM-14577 Fix CVEs by bump versions. percona/pmm-dump#343

Merged

JiriCtvrtka added 2 commits December 17, 2025 12:39

Merge branch 'v3' into PMM-14577-CVEs-fix

c5386a3

Merge branch 'v3' into PMM-14577-CVEs-fix

fc26b21

JiriCtvrtka mentioned this pull request Dec 21, 2025

PMM-14577 Fix CVEs. Percona-Lab/pmm-submodules#4168

Closed

JiriCtvrtka force-pushed the PMM-14577-CVEs-fix branch from 8ea33e0 to fc26b21 Compare December 22, 2025 12:39

JiriCtvrtka added 16 commits December 22, 2025 13:40

Merge branch 'v3' into PMM-14577-CVEs-fix

a20fc08

PMM-14577 Replace for testing.

3e3e2a6

PMM-14577 Test if this will be double register bug.

ed75fe6

PMM-14577 Test.

a404867

PMM-14577 Removing replace - all diff in PMM repo - test

00f1e8e

Merge branch 'v3' into PMM-14577-CVEs-fix

a387acf

PMM-14577 tidy.

b19a95c

PMM-14577 Format.

189dac1

PMM-14577 Fix channels test after remove replace for go-grpc.

19c5960

PMM-14577 Lint.

a12355a

PMM-14577 Lint.

d0409e1

Revert "PMM-14577 Lint."

e80d20c

This reverts commit d0409e1.

PMM-14577 Fix, comments.

fae4faf

PMM-14577 Rename to more meaningful method name.

39dc201

PMM-14577 Lint.

2d4cad8

PMM-14577 Remove replace.

c8f614f

percona deleted a comment from percona-robot Dec 23, 2025

PMM-14577 Lint.

418db88

JiriCtvrtka commented Dec 23, 2025

View reviewed changes

JiriCtvrtka and others added 5 commits December 23, 2025 15:24

PMM-14577 Update hashicorp.

21f44f0

PMM-14577 Separe go-grpc-prometheus code into new file.

f355d1b

PMM-14577 Lint.

ea0da7b

PMM-14577 Missing package.

344f26a

Merge branch 'v3' into PMM-14577-CVEs-fix

d533bc5

JiriCtvrtka requested a review from ademidoff December 23, 2025 15:23

PMM-14577 Typo.

97657f9

ademidoff reviewed Dec 23, 2025

View reviewed changes

qan-api2/main.go Show resolved Hide resolved

ademidoff reviewed Dec 23, 2025

View reviewed changes

.golangci.yml Show resolved Hide resolved

JiriCtvrtka requested a review from ademidoff December 29, 2025 08:10

Merge branch 'v3' into PMM-14577-CVEs-fix

4136744

JiriCtvrtka commented Dec 29, 2025

View reviewed changes

Merge branch 'v3' into PMM-14577-CVEs-fix

b7513a9

idoqo approved these changes Dec 29, 2025

View reviewed changes

JiriCtvrtka marked this pull request as ready for review December 29, 2025 12:15

JiriCtvrtka requested a review from a team December 29, 2025 12:15

JiriCtvrtka requested a review from a team as a code owner December 29, 2025 12:15

JiriCtvrtka requested review from BupycHuk and maxkondr and removed request for a team December 29, 2025 12:15

Merge branch 'v3' into PMM-14577-CVEs-fix

bbaf475

ademidoff approved these changes Jan 7, 2026

View reviewed changes

JiriCtvrtka added 3 commits January 7, 2026 15:48

PMM-14577 Update replace.

18d9d7a

PMM-14577 Correct timestamp in replace.

df2fb0d

PMM-14577 Tidy.

db10f7e

JiriCtvrtka merged commit 9f748ec into v3 Jan 7, 2026
29 checks passed

JiriCtvrtka deleted the PMM-14577-CVEs-fix branch January 7, 2026 15:25

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

PMM-14577 Fix CVEs. #4848

PMM-14577 Fix CVEs. #4848

Uh oh!

JiriCtvrtka commented Dec 16, 2025 •

edited

Loading

Uh oh!

codecov bot commented Dec 16, 2025 •

edited

Loading

Uh oh!

Uh oh!

JiriCtvrtka Dec 23, 2025

Uh oh!

Uh oh!

Uh oh!

JiriCtvrtka Dec 29, 2025

Uh oh!

ademidoff Jan 7, 2026

Uh oh!

idoqo Dec 29, 2025

Uh oh!

JiriCtvrtka Dec 29, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

PMM-14577 Fix CVEs. #4848

PMM-14577 Fix CVEs. #4848

Uh oh!

Conversation

JiriCtvrtka commented Dec 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

codecov bot commented Dec 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Uh oh!

JiriCtvrtka Dec 23, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

JiriCtvrtka Dec 29, 2025

Choose a reason for hiding this comment

Uh oh!

ademidoff Jan 7, 2026

Choose a reason for hiding this comment

Uh oh!

idoqo Dec 29, 2025

Choose a reason for hiding this comment

Uh oh!

JiriCtvrtka Dec 29, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

JiriCtvrtka commented Dec 16, 2025 •

edited

Loading

codecov bot commented Dec 16, 2025 •

edited

Loading