Skip to content
This repository has been archived by the owner on Nov 1, 2022. It is now read-only.

Release 1.4.1 #639

Merged
merged 14 commits into from
Nov 26, 2021
Merged

Release 1.4.1 #639

merged 14 commits into from
Nov 26, 2021

Conversation

kingdonb
Copy link
Member

I think this might need to be a new MINOR version based on some dependency updates that are also MINOR, but as I had intended for this to be a CVE-patching only release, I had initially opened it up as a PATCH release.

Before I try to fix any of that, I'd like to open this one up and let it run for e2e just to be sure if other changes are needed before this can be merged, as a MINOR or PATCH release, or whatever it turns out to be.

yebyen and others added 4 commits July 6, 2021 17:16
@yebyen
Update Chart.yaml for 1.4.0 release
12cbb5a 
Signed-off-by: Kingdon Barrett <yebyen@gmail.com>
Merge branch 'chart-bump-1.4.0'
59d4046
update youtube playlist
57defbb 
Signed-off-by: Daniel Holbach <daniel@weave.works>
@hiddeco
Merge pull request #632 from dholbach/update-youtube
72cd899 
update youtube playlist
@kingdonb
Copy link
Member Author

There is docker.io/kingdonb/helm-operator:release-141-f3a9c907 which has built successfully on my local machine, I'm running Snyk to assess any CVE reports or vulnerabilities present in the base image.

It has a much better Snyk score outcome than if you compare against the last release:

$ docker scan docker.io/kingdonb/helm-operator:release-141-f3a9c907

Testing docker.io/kingdonb/helm-operator:release-141-f3a9c907...

Organization:      kingdonb
Package manager:   apk
Project name:      docker-image|docker.io/kingdonb/helm-operator
Docker image:      docker.io/kingdonb/helm-operator:release-141-f3a9c907
Platform:          linux/amd64
Base image:        alpine:3.13.7
Licenses:          enabled

✓ Tested 31 dependencies for known issues, no vulnerable paths found.

According to our scan, you are currently using the most secure version of the selected base image

I've also upgraded several dependencies including Helm, to address CVE reports that we received through Dependabot. (Thanks GitHub)

@kingdonb
Copy link
Member Author

Pushing another force commit here to update CHANGELOG for publication. I think this is ready, but still have to see an E2E pass.

yebyen and others added 7 commits November 26, 2021 14:09
@yebyen
Merge remote-tracking branch 'origin/master' into release/1.4.1
d0e3000
@yebyen
Bump versions for 1.4.1
48a88c6 
Signed-off-by: Kingdon Barrett <yebyen@gmail.com>
@yebyen
make generate
3f2408b 
Signed-off-by: Kingdon Barrett <yebyen@gmail.com>
@dependabot @yebyen
Bump helm.sh/helm/v3 from 3.5.4 to 3.6.3
c6bb5e5 
Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.5.4 to 3.6.3.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](helm/helm@v3.5.4...v3.6.3)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
...

Mitigate GHSA-5j5w-g665-5m35
Mitigate GHSA-77vh-xpmg-72qh

Mitigate several other CVEs according to Dependabot

We cannot upgrade past this point in Helm history due to memory issues
in later versions of Helm, (in a dependency of a dependency)

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Kingdon Barrett <yebyen@gmail.com>
Signed-off-by: Kingdon Barrett <kingdon@weave.works>
@yebyen
Update GitHub host keys
a988f8e 
Signed-off-by: Kingdon Barrett <yebyen@gmail.com>
@yebyen
Update helm download URL
5afe9fa 
Signed-off-by: Kingdon Barrett <yebyen@gmail.com>
@yebyen
CHANGELOG
02f934c 
Signed-off-by: Kingdon Barrett <yebyen@gmail.com>
hiddeco
hiddeco suggested changes Nov 26, 2021
View reviewed changes
Copy link
Member

@hiddeco hiddeco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version in https://github.com/fluxcd/helm-operator/blob/cb2962c1ad5d3327d46925b2312c5c4ff45cc304/docker/helm3.version needs to be bumped as well.

update docker/helm3.version to helm 3.6.3
a940004 
Signed-off-by: Kingdon Barrett <kingdon@weave.works>
@kingdonb
Copy link
Member Author

I don't see what failed in https://app.circleci.com/pipelines/github/fluxcd/helm-operator/1613/workflows/c7353826-1ce0-45c2-9e84-77dd93635c5e/jobs/1839/parallel-runs/0/steps/0-110

Just going to let it run again and see what happens this time 👍

Kingdon Barrett and others added 2 commits November 26, 2021 15:06
Mitigating a few more dependency issues
d5df76a 
Signed-off-by: Kingdon Barrett <kingdon@weave.works>
@yebyen
go mod download && go mod tidy
9b4638b 
Signed-off-by: Kingdon Barrett <kingdon@weave.works>
Signed-off-by: Kingdon Barrett <yebyen@gmail.com>
kingdonb
kingdonb commented Nov 26, 2021
View reviewed changes
Copy link
Member Author

@kingdonb kingdonb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CI is passing now, 👍 LGTM

chart/helm-operator/Chart.yaml Show resolved Hide resolved
hiddeco
hiddeco approved these changes Nov 26, 2021
View reviewed changes
Copy link
Member

@hiddeco hiddeco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Patches LGTM, thank you @kingdonb 🙇

@kingdonb kingdonb merged commit f6fd8f3 into release/1.4.x Nov 26, 2021
@kingdonb kingdonb mentioned this pull request Nov 26, 2021
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@hiddeco hiddeco hiddeco approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kingdonb @hiddeco @yebyen