Dependencies updated or ignored for CVE vulnerabilities

etc/kayobe/kolla-image-tags.yml

@@ -6,12 +6,16 @@ kolla_image_tags:
   openstack:
     rocky-9: 2025.1-rocky-9-20260205T152450
     ubuntu-noble: 2025.1-ubuntu-noble-20260205T152450
+  etcd:
+    rocky-9: 2025.1-rocky-9-20260303T104901
   grafana:
-    rocky-9: 2025.1-rocky-9-20260223T134735
+    rocky-9: 2025.1-rocky-9-20260303T104901
     ubuntu-noble: 2025.1-ubuntu-noble-20260223T134735
   nova:
     rocky-9: 2025.1-rocky-9-20260226T161930
     ubuntu-noble: 2025.1-ubuntu-noble-20260220T102812
   octavia:
     rocky-9: 2025.1-rocky-9-20260226T091552
     ubuntu-noble: 2025.1-ubuntu-noble-20260226T091552
+  prometheus_cadvisor:
+    rocky-9: 2025.1-rocky-9-20260303T104901

etc/kayobe/kolla/kolla-build.conf

@@ -19,8 +19,8 @@ location = https://github.com/stackhpc/requirements
 reference = stackhpc/{{ openstack_release }}
 
 [etcd]
-version = 3.5.21
-sha256 = amd64:adddda4b06718e68671ffabff2f8cee48488ba61ad82900e639d108f2148501c,arm64:95bf6918623a097c0385b96f139d90248614485e781ec9bee4768dbb6c79c53f
+version = 3.5.27
+sha256 = amd64:0aad9a9e4e0817a021e933f9806a2b2960a62f949ad5a3d6436d8886945cb1bc,arm64:1277309f540c5a0329c428f95455c9f76d24f768c8d28fd2753e891c379053fa
 
 [letsencrypt-lego]
 version = v4.23.1
@@ -32,5 +32,5 @@ sha256 = amd64:c5deada86fe609deefdf40e9cbbe3da2f8cf3f6a4551a0ebe7886dc8fcf98bce,
 
 # TODO: move to kolla_sources in kolla.yml once https://review.opendev.org/c/openstack/kayobe/+/970268 is available
 [prometheus-cadvisor]
-version = 0.54.1
-sha256 = amd64:21be8d2797433048474e676d37c215c28fb171509448ef9b1c4648a564e39595,arm64:21f7bac786f6c53a8091964b4d3ff2486a0c460e5a410000b59a9a565b4183a9
+version = 0.56.2
+sha256 = amd64:ad92930f16a2f9da15190675e09eeaceb8fd38637d07a686bb0dd68695f692af,arm64:b7a707379496fd7a7b5d2768c5c494427112f534ba5069f889af28ffe6ad11bb

etc/kayobe/pulp-repo-versions.yml

@@ -25,7 +25,7 @@ stackhpc_pulp_repo_elrepo_9_aarch64_version: 20250408T030629
 stackhpc_pulp_repo_elrepo_9_version: 20260127T212055
 stackhpc_pulp_repo_epel_9_aarch64_version: 20260204T223146
 stackhpc_pulp_repo_epel_9_version: 20260204T220346
-stackhpc_pulp_repo_grafana_version: 20260204T212232
+stackhpc_pulp_repo_grafana_version: 20260214T213531
 stackhpc_pulp_repo_opensearch_2_x_version: 20251106T202313
 stackhpc_pulp_repo_opensearch_dashboards_2_x_version: 20251106T202313
 stackhpc_pulp_repo_rhel9_rabbitmq_erlang_26_aarch64_version: 20260112T224827

etc/kayobe/trivy/allowed-vulnerabilities.yml

@@ -16,33 +16,80 @@ fluentd_allowed_vulnerabilities:
   - CVE-2024-27280
 grafana_allowed_vulnerabilities:
   - CVE-2024-8986
+  - CVE-2025-68121  # the opensearch datasource plugin is still vulnerable
 influxdb_allowed_vulnerabilities:
   - CVE-2024-45337
+  - CVE-2025-68121
+ironic_neutron_agent_allowed_vulnerabilities:
+  - CVE-2025-68121
+letsencrypt_lego_allowed_vulnerabilities:
+  - CVE-2025-68121
 magnum_conductor_allowed_vulnerabilities:
   - CVE-2024-45337
+  - CVE-2025-68121
+neutron_base_allowed_vulnerabilities:
+  - CVE-2025-68121
+neutron_bgp_dragent_allowed_vulnerabilities:
+  - CVE-2025-68121
+neutron_dhcp_agent_allowed_vulnerabilities:
+  - CVE-2025-68121
+neutron_l3_agent_allowed_vulnerabilities:
+  - CVE-2025-68121
+neutron_linuxbridge_agent_allowed_vulnerabilities:
+  - CVE-2025-68121
+neutron_metadata_agent_allowed_vulnerabilities:
+  - CVE-2025-68121
+neutron_mlnx_agent_allowed_vulnerabilities:
+  - CVE-2025-68121
+neutron_openvswitch_agent_allowed_vulnerabilities:
+  - CVE-2025-68121
+neutron_ovn_agent_allowed_vulnerabilities:
+  - CVE-2025-68121
+neutron_server_allowed_vulnerabilities:
+  - CVE-2025-68121
+neutron_sriov_agent_allowed_vulnerabilities:
+  - CVE-2025-68121
 opensearch_dashboards_allowed_vulnerabilities:
   - CVE-2025-68428
+  - CVE-2026-27699
+prometheus_alertmanager_allowed_vulnerabilities:
+  - CVE-2025-68121
 prometheus_blackbox_exporter_allowed_vulnerabilities:
   - CVE-2024-24790
   - CVE-2024-45337
+  - CVE-2025-68121
 prometheus_memcached_exporter_allowed_vulnerabilities:
   - CVE-2024-45337
+  - CVE-2025-68121
 prometheus_mysqld_exporter_allowed_vulnerabilities:
   - CVE-2024-45337
+  - CVE-2025-68121
 prometheus_elasticsearch_exporter_allowed_vulnerabilities:
   - CVE-2024-45337
+  - CVE-2025-68121
 prometheus_node_exporter_allowed_vulnerabilities:
   - CVE-2024-45337
+  - CVE-2025-68121
 prometheus_openstack_exporter_allowed_vulnerabilities:
   - CVE-2024-24790
   - CVE-2024-45337
+  - CVE-2025-68121
 prometheus_ovn_exporter_allowed_vulnerabilities:
   - CVE-2024-24790
+  - CVE-2025-68121
 prometheus_libvirt_exporter_allowed_vulnerabilities:
   - CVE-2024-45337
+  - CVE-2025-68121
 prometheus_cadvisor_allowed_vulnerabilities:
   - CVE-2024-41110
   - CVE-2024-45337
+  - CVE-2025-68121
+prometheus_mtail_allowed_vulnerabilities:
+  - CVE-2024-24790
+  - CVE-2025-68121
+prometheus_server_allowed_vulnerabilities:
+  - CVE-2024-45337
+  - CVE-2025-68121
 
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.