Update container builds from go 1.21.5 to 1.21.latest #5097
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dosubot
bot
added
size:S
- go 1.21.5 was released on 12-5-2023 and go 1.21.8 was released on 3-5-2024. During that time a number of high and critical vulns have been addressed - This PR changes the build process to float with the latest go release to automatically pick up remediated vulnerabilities rather than pin to a specific go release - Ideally there would be a renovate or dependabot process that automatically puts up PRs to this repo to update the pinning, which is safer from a build / test perspective. Without that process in place, it's probably better to float with the latest patch release of go 1.21 Signed-off-by: ddl-ebrown <ethan.brown@dominodatalab.com>
ddl-ebrown
force-pushed
the
update-go-1.21-latest
branch
from
c5b8d17
to
64e9f38
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #5097 +/- ##
==========================================
- Coverage 58.99% 58.99% -0.01%
==========================================
Files 645 645
Lines 55648 55648
==========================================
- Hits 32831 32830 -1
- Misses 20222 20223 +1
Partials 2595 2595
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
ddl-ebrown
changed the title
pingsutw
approved these changes
Mar 26, 2024
eapolinario
approved these changes
Mar 26, 2024
This is a great suggestion. I'm going to investigate how to enable that in dependabot. |
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Tracking issue
https://github.com/flyteorg/flyte/issues/
Why are the changes needed?
The container images include a number of critical and high CVEs that should be addressed.
What changes were proposed in this pull request?
go 1.21.5 was released on 12-5-2023 and go 1.21.8 was released on 3-5-2024. During that time a number of high and critical vulns have been addressed
This PR changes the build process to float with the latest go release to automatically pick up remediated vulnerabilities rather than pin to a specific go release
Ideally there would be a renovate or dependabot process that automatically puts up PRs to this repo to update the pinning, which is safer from a build / test perspective. Without that process in place, it's probably better to float with the latest patch release of go 1.21
How was this patch tested?
Setup process
Screenshots
Check all the applicable boxes
Related PRs
Docs link