Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: update third_party dependencies #2245

Merged
merged 1 commit into from
Oct 18, 2022
Merged

feat: update third_party dependencies #2245

merged 1 commit into from
Oct 18, 2022

Conversation

jomach
Copy link
Contributor

@jomach jomach commented Oct 13, 2022

We use argo events with security scans. Our security scans shows that golang version is to old on the current version from nats container.

@jomach
feat: update third_party dependency due to go security issue on curre…
a7c29b4 
…nt version

Signed-off-by: Jorge Machado <4804546+jomach@users.noreply.github.com>

feat: update third_party dependency due to go security issue on current version
Signed-off-by: Jorge Machado 4804546+jomach@users.noreply.github.com
@jomach jomach force-pushed the feature/patchSecurityIssues branch from 18e6b25 to a7c29b4 Compare October 13, 2022 11:02
whynowy
whynowy approved these changes Oct 14, 2022
View reviewed changes
third_party/nats-streaming-docker/README.md
@@ -5,4 +5,4 @@ This is a partial copy of
current
[nats-streaming-server](https://github.com/nats-io/nats-streaming-server)
version is
[v0.22.1](https://github.com/nats-io/nats-streaming-server/tree/v0.22.1).
[v0.25.2](https://github.com/nats-io/nats-streaming-server/releases/tag/v0.25.2).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for updating this, also please be aware these 3rd party related docs and Dockerfile are just references, in the real installation, the nats stream image is controlled by the controller configmap, where you can specify the image version.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, you are right. I saw that after creating the pr. Actually we could drop this third-party part right ? I saw in the helm chart we can pass in a nats container version. We are actually doing that and using now the latest version of nats-streaming-server

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's right.

Dockerfile
ARG ARCH
RUN apk update && apk upgrade && \
apk add ca-certificates && \
apk --no-cache add tzdata

ENV ARGO_VERSION=v3.4.0
ENV ARGO_VERSION=v3.4.1
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@whynowy
Copy link
Member

whynowy commented Oct 14, 2022

@jomach - I'm also curious, what eventbus are you using? The new JetStream or legacy stan (Nats Streaming)?

@jomach
Copy link
Contributor Author

jomach commented Oct 14, 2022

JetStream

No idea to be honest. We have the newest chart 0.20. and we are using:
natsStreamingImage: /docker-registry/nats-streaming:0.25.2

@whynowy
Copy link
Member

whynowy commented Oct 14, 2022

JetStream

No idea to be honest. We have the newest chart 0.20. and we are using: natsStreamingImage: /docker-registry/nats-streaming:0.25.2

Be aware Nat Streaming will be EoL by 2023, so we have a new EventBus implemented with JetStream, check https://github.com/argoproj/argo-events/blob/master/docs/eventbus/jetstream.md.

@whynowy whynowy merged commit 9c8f72b into argoproj:master Oct 18, 2022
@jomach jomach deleted the feature/patchSecurityIssues branch October 19, 2022 05:26
@jomach
Copy link
Contributor Author

jomach commented Oct 19, 2022

@whynowy The Build failed.

@whynowy
Copy link
Member

whynowy commented Oct 19, 2022

@whynowy The Build failed.

Transient network issue.

whynowy pushed a commit that referenced this pull request Dec 12, 2022
@jomach @whynowy
feat: update third_party dependencies (#2245)
c12f81b 
Signed-off-by: Jorge Machado 4804546+jomach@users.noreply.github.com
bilalba pushed a commit to intuit-data-os/argo-events that referenced this pull request Jan 9, 2023
@jomach @bilalba
feat: update third_party dependencies (argoproj#2245)
898fd33 
Signed-off-by: Jorge Machado 4804546+jomach@users.noreply.github.com
Signed-off-by: Bilal Bakht Ahmad <tringingly@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@whynowy whynowy whynowy approved these changes

@Wheedman Wheedman Wheedman approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jomach @whynowy @Wheedman