-
Notifications
You must be signed in to change notification settings - Fork 262
Conversation
Signed-off-by: Kingdon Barrett <yebyen@gmail.com>
Signed-off-by: Daniel Holbach <daniel@weave.works>
update youtube playlist
There is It has a much better Snyk score outcome than if you compare against the last release:
I've also upgraded several dependencies including Helm, to address CVE reports that we received through Dependabot. (Thanks GitHub) |
f6b9a0e
to
df3e893
Compare
Pushing another force commit here to update CHANGELOG for publication. I think this is ready, but still have to see an E2E pass. |
df3e893
to
ea02898
Compare
Signed-off-by: Kingdon Barrett <yebyen@gmail.com>
Signed-off-by: Kingdon Barrett <yebyen@gmail.com>
Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.5.4 to 3.6.3. - [Release notes](https://github.com/helm/helm/releases) - [Commits](helm/helm@v3.5.4...v3.6.3) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production ... Mitigate GHSA-5j5w-g665-5m35 Mitigate GHSA-77vh-xpmg-72qh Mitigate several other CVEs according to Dependabot We cannot upgrade past this point in Helm history due to memory issues in later versions of Helm, (in a dependency of a dependency) Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Kingdon Barrett <yebyen@gmail.com> Signed-off-by: Kingdon Barrett <kingdon@weave.works>
Signed-off-by: Kingdon Barrett <yebyen@gmail.com>
Signed-off-by: Kingdon Barrett <yebyen@gmail.com>
ea02898
to
02f934c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The version in https://github.com/fluxcd/helm-operator/blob/cb2962c1ad5d3327d46925b2312c5c4ff45cc304/docker/helm3.version needs to be bumped as well.
Signed-off-by: Kingdon Barrett <kingdon@weave.works>
I don't see what failed in https://app.circleci.com/pipelines/github/fluxcd/helm-operator/1613/workflows/c7353826-1ce0-45c2-9e84-77dd93635c5e/jobs/1839/parallel-runs/0/steps/0-110 Just going to let it run again and see what happens this time 👍 |
Signed-off-by: Kingdon Barrett <kingdon@weave.works>
Signed-off-by: Kingdon Barrett <kingdon@weave.works> Signed-off-by: Kingdon Barrett <yebyen@gmail.com>
d3cbbf3
to
9b4638b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CI is passing now, 👍 LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Patches LGTM, thank you @kingdonb 🙇
I think this might need to be a new MINOR version based on some dependency updates that are also MINOR, but as I had intended for this to be a CVE-patching only release, I had initially opened it up as a PATCH release.
Before I try to fix any of that, I'd like to open this one up and let it run for e2e just to be sure if other changes are needed before this can be merged, as a MINOR or PATCH release, or whatever it turns out to be.