-
Notifications
You must be signed in to change notification settings - Fork 173
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update cni plugins #2024
Update cni plugins #2024
Conversation
Skipping CI for Draft Pull Request. |
Locally, had run into this exact issue safchain/ethtool#57 |
testing two different solutions out on 1.22 and 1.23. I think 1.23 is correct, but I want to make sure |
The 1.23 approach, which also updated vendor, was correct. The failure was due to checksums. Updating all in next commit |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Need to bump golang/x/text to 0.3.8 in the patch to fix CVE-2021-38561
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
P.S upstream updated to golang/x/text to 0.5.0 in 1.2.0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kschumy does the patch need to have go 1.18 instead of go1.17?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So we should be good not handling that other CVE, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kschumy it's not the CVE, the project is generated with golang version 1.18 but in the go.mod it is 1.17
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we have that for several projects
[APPROVALNOTIFIER] This PR is APPROVED Approval requirements bypassed by manually added approval. This pull-request has been approved by: The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/lgtm |
* Bumped cni plugins to 1.2.0 for all versions * added WIP patch * Fixed patches(???) * fix go sum again * Added vendor to 1.23 only to test vs 1.22, which does not have vendor * Added correct version of patch to all versions * checksums * missed a checksum
Issue #, if available:
Description of changes:
For some reason, go mod tidy is generating an error. Will work on resolving thisBy submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.