Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of [NET-6741] make: Add target for updating dependencies across all modules into release/1.4.x #3673

Merged
merged 1 commit into from
Feb 21, 2024
Merged

Backport of [NET-6741] make: Add target for updating dependencies across all modules into release/1.4.x #3673

merged 1 commit into from
Feb 21, 2024

Conversation

hc-github-team-consul-core
Copy link
Collaborator

@hc-github-team-consul-core hc-github-team-consul-core commented Feb 21, 2024
edited by zalimeni
Loading

Backport

This PR is auto-generated from #3669 to be assessed for backporting due to the inclusion of the label backport/1.4.x.

The below text is copied from the body of the original PR.

To enable more consistent and error-proof dependency management, add a Make target that will set a dependency version across all submodules that require it.

Replicates hashicorp/consul#19785 in consul-k8s.

How I've tested this PR

Example run:

❯ make go-mod-get DEP_VERSION=helm.sh/helm/v3@v3.14.1
--> Running go get helm.sh/helm/v3@v3.14.1 (./acceptance)
go: upgraded go 1.20 => 1.21
go: added toolchain go1.21.6
go: upgraded github.com/cpuguy83/go-md2man/v2 v2.0.2 => v2.0.3
go: upgraded github.com/emicklei/go-restful/v3 v3.10.1 => v3.11.0
go: upgraded github.com/evanphx/json-patch v5.6.0+incompatible => v5.7.0+incompatible
go: upgraded github.com/go-logr/logr v1.2.4 => v1.3.0
go: upgraded github.com/go-openapi/jsonreference v0.20.1 => v0.20.2
go: upgraded github.com/google/go-cmp v0.5.9 => v0.6.0
go: upgraded github.com/prometheus/client_golang v1.14.0 => v1.16.0
go: upgraded github.com/prometheus/client_model v0.3.0 => v0.4.0
go: upgraded github.com/prometheus/common v0.37.0 => v0.44.0
go: upgraded github.com/prometheus/procfs v0.8.0 => v0.10.1
go: upgraded google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 => v0.0.0-20230822172742-b8732ec3820d
go: added helm.sh/helm/v3 v3.14.1
go: upgraded k8s.io/api v0.26.12 => v0.29.0
go: upgraded k8s.io/apimachinery v0.26.12 => v0.29.0
go: upgraded k8s.io/client-go v0.26.12 => v0.29.0
go: upgraded k8s.io/klog/v2 v2.100.1 => v2.110.1
go: upgraded k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f => v0.0.0-20231010175941-2dd684a91f00
go: upgraded k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 => v0.0.0-20230726121419-3b25d923346b
go: upgraded sigs.k8s.io/structured-merge-diff/v4 v4.2.3 => v4.4.1
--> Running go mod tidy (./acceptance)
--> Running go get helm.sh/helm/v3@v3.14.1 (./charts)
go: upgraded go 1.20 => 1.21
go: added toolchain go1.21.6
go: added helm.sh/helm/v3 v3.14.1
--> Running go mod tidy (./charts)
--> Running go get helm.sh/helm/v3@v3.14.1 (./cli)
go: upgraded go 1.20 => 1.21
go: added toolchain go1.21.6
go: upgraded github.com/BurntSushi/toml v1.2.1 => v1.3.2
go: upgraded github.com/Masterminds/semver/v3 v3.2.0 => v3.2.1
go: upgraded github.com/Masterminds/squirrel v1.5.3 => v1.5.4
go: upgraded github.com/emicklei/go-restful/v3 v3.10.1 => v3.11.0
go: upgraded github.com/evanphx/json-patch v5.6.0+incompatible => v5.7.0+incompatible
go: upgraded github.com/go-errors/errors v1.0.1 => v1.4.2
go: upgraded github.com/go-logr/logr v1.2.4 => v1.3.0
go: upgraded github.com/go-openapi/jsonpointer v0.19.5 => v0.19.6
go: upgraded github.com/go-openapi/jsonreference v0.20.0 => v0.20.2
go: upgraded github.com/google/go-cmp v0.5.9 => v0.6.0
go: upgraded github.com/lib/pq v1.10.7 => v1.10.9
go: upgraded github.com/moby/term v0.0.0-20221205130635-1aeaba878587 => v0.5.0
go: upgraded github.com/onsi/ginkgo/v2 v2.6.0 => v2.13.0
go: upgraded github.com/onsi/gomega v1.24.1 => v1.29.0
go: upgraded github.com/prometheus/client_golang v1.14.0 => v1.16.0
go: upgraded github.com/prometheus/common v0.37.0 => v0.44.0
go: upgraded github.com/prometheus/procfs v0.8.0 => v0.10.1
go: upgraded github.com/rubenv/sql-migrate v1.3.1 => v1.5.2
go: upgraded github.com/xlab/treeprint v1.1.0 => v1.2.0
go: upgraded go.starlark.net v0.0.0-20230128213706-3f75dec8e403 => v0.0.0-20230525235612-a134d8f9ddca
go: upgraded google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98 => v0.0.0-20230803162519-f966b187b2e5
go: upgraded google.golang.org/genproto/googleapis/api v0.0.0-20230711160842-782d3b101e98 => v0.0.0-20230726155614-23370e0ffb3e
go: upgraded google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 => v0.0.0-20230822172742-b8732ec3820d
go: upgraded helm.sh/helm/v3 v3.11.3 => v3.14.1
go: upgraded k8s.io/api v0.26.12 => v0.29.0
go: upgraded k8s.io/apiextensions-apiserver v0.26.10 => v0.29.0
go: upgraded k8s.io/apimachinery v0.26.12 => v0.29.0
go: upgraded k8s.io/apiserver v0.26.10 => v0.29.0
go: upgraded k8s.io/cli-runtime v0.26.10 => v0.29.0
go: upgraded k8s.io/client-go v0.26.12 => v0.29.0
go: upgraded k8s.io/component-base v0.26.10 => v0.29.0
go: upgraded k8s.io/klog/v2 v2.90.1 => v2.110.1
go: upgraded k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 => v0.0.0-20231010175941-2dd684a91f00
go: upgraded k8s.io/kubectl v0.26.10 => v0.29.0
go: upgraded k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 => v0.0.0-20230726121419-3b25d923346b
go: upgraded sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 => v0.0.0-20221116044647-bc3834ca7abd
go: upgraded sigs.k8s.io/kustomize/api v0.12.1 => v0.13.5-0.20230601165947-6ce0bf390ce3
go: upgraded sigs.k8s.io/kustomize/kyaml v0.13.9 => v0.14.3-0.20230601165947-6ce0bf390ce3
go: upgraded sigs.k8s.io/structured-merge-diff/v4 v4.2.3 => v4.4.1
--> Running go mod tidy (./cli)
--> Running go get helm.sh/helm/v3@v3.14.1 (./control-plane)
go: upgraded go 1.20 => 1.21
go: added toolchain go1.21.6
go: upgraded github.com/emicklei/go-restful/v3 v3.10.1 => v3.11.0
go: upgraded github.com/evanphx/json-patch v5.6.0+incompatible => v5.7.0+incompatible
go: upgraded github.com/fsnotify/fsnotify v1.6.0 => v1.7.0
go: upgraded github.com/go-logr/logr v1.2.4 => v1.3.0
go: upgraded github.com/go-openapi/jsonreference v0.20.1 => v0.20.2
go: upgraded github.com/google/go-cmp v0.5.9 => v0.6.0
go: upgraded github.com/prometheus/client_golang v1.14.0 => v1.16.0
go: upgraded github.com/prometheus/client_model v0.3.0 => v0.4.0
go: upgraded github.com/prometheus/common v0.37.0 => v0.44.0
go: upgraded github.com/prometheus/procfs v0.8.0 => v0.10.1
go: upgraded go.uber.org/atomic v1.9.0 => v1.10.0
go: upgraded go.uber.org/multierr v1.6.0 => v1.11.0
go: upgraded google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 => v0.0.0-20230822172742-b8732ec3820d
go: added helm.sh/helm/v3 v3.14.1
go: upgraded k8s.io/api v0.26.12 => v0.29.0
go: upgraded k8s.io/apiextensions-apiserver v0.26.10 => v0.29.0
go: upgraded k8s.io/apimachinery v0.26.12 => v0.29.0
go: upgraded k8s.io/client-go v0.26.12 => v0.29.0
go: upgraded k8s.io/component-base v0.26.10 => v0.29.0
go: upgraded k8s.io/klog/v2 v2.100.1 => v2.110.1
go: upgraded k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f => v0.0.0-20231010175941-2dd684a91f00
go: upgraded k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 => v0.0.0-20230726121419-3b25d923346b
go: upgraded sigs.k8s.io/structured-merge-diff/v4 v4.2.3 => v4.4.1
--> Running go mod tidy (./control-plane)
--> Running go get helm.sh/helm/v3@v3.14.1 (./control-plane/cni)
go: upgraded go 1.20 => 1.21
go: added toolchain go1.21.6
go: upgraded github.com/emicklei/go-restful/v3 v3.10.1 => v3.11.0
go: upgraded github.com/evanphx/json-patch v5.6.0+incompatible => v5.7.0+incompatible
go: upgraded github.com/go-logr/logr v1.2.4 => v1.3.0
go: upgraded github.com/go-openapi/jsonpointer v0.19.5 => v0.19.6
go: upgraded github.com/go-openapi/jsonreference v0.20.0 => v0.20.2
go: upgraded github.com/go-openapi/swag v0.19.14 => v0.22.3
go: upgraded github.com/google/go-cmp v0.5.9 => v0.6.0
go: upgraded github.com/mailru/easyjson v0.7.6 => v0.7.7
go: upgraded github.com/onsi/ginkgo/v2 v2.6.1 => v2.13.0
go: added helm.sh/helm/v3 v3.14.1
go: upgraded k8s.io/api v0.26.12 => v0.29.0
go: upgraded k8s.io/apimachinery v0.26.12 => v0.29.0
go: upgraded k8s.io/client-go v0.26.12 => v0.29.0
go: upgraded k8s.io/klog/v2 v2.90.1 => v2.110.1
go: upgraded k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 => v0.0.0-20231010175941-2dd684a91f00
go: upgraded k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 => v0.0.0-20230726121419-3b25d923346b
go: upgraded sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 => v0.0.0-20221116044647-bc3834ca7abd
go: upgraded sigs.k8s.io/structured-merge-diff/v4 v4.2.3 => v4.4.1
--> Running go mod tidy (./control-plane/cni)
--> Running go get helm.sh/helm/v3@v3.14.1 (./hack/aws-acceptance-test-cleanup)
go: upgraded go 1.20 => 1.21
go: added toolchain go1.21.6
go: added helm.sh/helm/v3 v3.14.1
--> Running go mod tidy (./hack/aws-acceptance-test-cleanup)
--> Running go get helm.sh/helm/v3@v3.14.1 (./hack/camel-crds)
go: upgraded go 1.20 => 1.21
go: added toolchain go1.21.6
go: added helm.sh/helm/v3 v3.14.1
--> Running go mod tidy (./hack/camel-crds)
--> Running go get helm.sh/helm/v3@v3.14.1 (./hack/copy-crds-to-chart)
go: upgraded go 1.20 => 1.21
go: added toolchain go1.21.6
go: added helm.sh/helm/v3 v3.14.1
--> Running go mod tidy (./hack/copy-crds-to-chart)
--> Running go get helm.sh/helm/v3@v3.14.1 (./hack/helm-reference-gen)
go: upgraded go 1.20 => 1.21
go: added toolchain go1.21.6
go: added helm.sh/helm/v3 v3.14.1
--> Running go mod tidy (./hack/helm-reference-gen)

❯ git status
On branch zalimeni/net-6741-add-make-target-dependency-update-modules
Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
	modified:   acceptance/go.mod
	modified:   acceptance/go.sum
	modified:   charts/go.mod
	modified:   cli/go.mod
	modified:   cli/go.sum
	modified:   control-plane/cni/go.mod
	modified:   control-plane/cni/go.sum
	modified:   control-plane/go.mod
	modified:   control-plane/go.sum
	modified:   hack/aws-acceptance-test-cleanup/go.mod
	modified:   hack/camel-crds/go.mod
	modified:   hack/copy-crds-to-chart/go.mod
	modified:   hack/helm-reference-gen/go.mod

How I expect reviewers to test this PR

👀

Checklist

Overview of commits

@hc-github-team-consul-core hc-github-team-consul-core force-pushed the backport/zalimeni/net-6741-add-make-target-dependency-update-modules/mostly-noted-frog branch from 8742f0e to a267cbf Compare February 21, 2024 16:51
@hc-github-team-consul-core hc-github-team-consul-core merged commit 2df3639 into release/1.4.x Feb 21, 2024
24 of 49 checks passed
@hc-github-team-consul-core hc-github-team-consul-core deleted the backport/zalimeni/net-6741-add-make-target-dependency-update-modules/mostly-noted-frog branch February 21, 2024 17:19
zalimeni added a commit that referenced this pull request Feb 28, 2024
@zalimeni @hc-github-team-consul-core
@dekimsey @david-yu @NicoletaPopoviciu
Sync release/1.4.x and release/1.4.0 for 1.4.0 GA release (#3694)
573bb90 
* Backport of [NET-5932] chore: remove comment from closed ticket into release/1.4.x (#3637)

backport of commit a95e951

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>

* Backport of build: Create arm64 packages as well into release/1.4.x (#3647)

backport of commit affc631

Co-authored-by: Daniel Kimsey <90741+dekimsey@users.noreply.github.com>

* Backport of [NET-2420] security: Upgrade helm containerd and several other dependencies into release/1.4.x (#3641)

* security: upgrade helm/v3 to 3.11.3

Addresses multiple CVEs:
- CVE-2023-25165
- CVE-2022-23524
- CVE-2022-23526
- CVE-2022-23525

* chore: upgrade k8s dependencies to match controller-runtime

* security: upgrade containerd to latest

Addresses GHSA-7ww5-4wqc-m92c (GO-2023-2412)

* security: upgrade docker/docker to latest

Addresses GHSA-jq35-85cj-fj4p

* security: upgrade docker/distribution to latest

Addresses CVE-2023-2253

* security: upgrade filepath-securejoin to latest patch

Addresses GHSA-6xv5-86q9-7xr8 (GO-2023-2048)

* chore: upgrade oras-go to fix docker incompatibility

* Add changelog

---------

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>

* Backport of values.yaml - tlsServerName docs into release/1.4.x (#3667)

* backport of commit 1598b40

* backport of commit 41dabc4

---------

Co-authored-by: David Yu <dyu@hashicorp.com>

* Backport of [NET-2420] security: re-enable security scan release block into release/1.4.x (#3651)

* security: re-enable security scan release block

This was previously disabled due to an unresolved false-positive CVE.
Re-enabling both secrets and OSV + Go Modules scanning, which per our
current scan results should not be a blocker to future releases.

Also add security scans on PR and merge to protected branches to allow
proactive triage going forward.

See hashicorp/consul#19978 for similar change in that repo, adapted
here.

* security: add scan triage for CVE-2024-25620 (helm/v3)

Triage this scan result as `consul-k8s` should not be directly
impacted and it is medium severity. Follow-up ticket filed for
remediation.

Also improve formatting of scan config since this change will be
backported.

---------

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>

* Backport of [NET-6741] make: Add target for updating dependencies across all modules into release/1.4.x (#3673)

backport of commit 44583d3

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>

* Backport of build.yml: Add ECR images back into release/1.4.x (#3679)

* backport of commit 8fba327

* backport of commit 9a73765

* backport of commit dd2222f

---------

Co-authored-by: David Yu <dyu@hashicorp.com>

* Backport of build.yml: typo on tags into release/1.4.x (#3684)

backport of commit cf8dcbe

Co-authored-by: David Yu <dyu@hashicorp.com>

* Backport of [NET-8174] security: add scan triage for CVE-2024-26147 (helm/v3) into release/1.4.x (#3692)

backport of commit 4b8bc71

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>

* Backport of bump kind to v0.22.0 and update k8s support into release/1.4.x (#3687)

* backport of commit 9f495e0

* backport of commit df8edec

* backport of commit ca89a82

---------

Co-authored-by: NicoletaPopoviciu <nicoleta@hashicorp.com>

---------

Co-authored-by: hc-github-team-consul-core <github-team-consul-core@hashicorp.com>
Co-authored-by: Daniel Kimsey <90741+dekimsey@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: NicoletaPopoviciu <nicoleta@hashicorp.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zalimeni zalimeni zalimeni approved these changes

Assignees

@zalimeni zalimeni

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@hc-github-team-consul-core @zalimeni