Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update mholt/archiver to v3.5.1 #11584

Merged
merged 16 commits into from
Mar 16, 2022
Merged

Update mholt/archiver to v3.5.1 #11584

merged 16 commits into from
Mar 16, 2022

Conversation

stone-z
Copy link
Contributor

@stone-z stone-z commented May 11, 2021
edited
Loading

Fixes #11591

The current version of archiver has an issue which our dependency analyzer doesn't like and thus blocks our builds from time to time. This PR updates it to v3.5.0.

I've searched existing issues to see if there was a reason it hasn't been updated and didn't find anything, so it seems like it might have just been overlooked. It seems pretty straightforward to update, but I don't work with go mod vendor often so would appreciate a double check there.

Please let me know if you think this PR calls for a separate issue or changelog entry as well - I'd be happy to provide them.

@hashicorp-cla
Copy link

hashicorp-cla commented May 11, 2021
edited
Loading

CLA assistant check
All committers have signed the CLA.

@vercel vercel bot temporarily deployed to Preview – vault-storybook May 11, 2021 16:35 Inactive
@vercel vercel bot temporarily deployed to Preview – vault May 11, 2021 16:35 Inactive
@stone-z
Copy link
Contributor Author

stone-z commented May 11, 2021
edited
Loading

The CI failure seems to be related to timing out building ui, which I wouldn't imagine is related -- maybe a maintainer can retry the job?

#8 [3/3] RUN cd ui && yarn --verbose run build
...
#8 75.03 [BABEL] Note: The code generator has deoptimised the styling of /gopath/src/github.com/hashicorp/vault/ui/node_modules/swagger-ui-dist/swagger-ui-bundle.js as it exceeds the max of 500KB.
packages-oss.lock/layers/layers.mk:66: recipe for target '.buildcache/layers/06-build-ui-993e50cbb3d37120b1391442177827b615c77f82/58a8397e2df5270d582f27c9cfac2dd9cc14a476/image.marker' failed
make: *** [.buildcache/layers/06-build-ui-993e50cbb3d37120b1391442177827b615c77f82/58a8397e2df5270d582f27c9cfac2dd9cc14a476/image.marker] Terminated

Too long with no output (exceeded 10m0s): context deadline exceeded

@stone-z stone-z mentioned this pull request May 12, 2021
Closed
@stone-z
Copy link
Contributor Author

stone-z commented May 18, 2021

cc @calvn @briankassouf as you've been previously involved in debug / this dependency

@stone-z
Copy link
Contributor Author

stone-z commented May 27, 2021

Hi folks, am I missing anything here?

@calvn calvn added the dependencies Pull requests that update a dependency file label May 27, 2021
@calvn calvn added this to the 1.8 milestone May 27, 2021
@mladlow mladlow modified the milestones: 1.8, 1.9 Jul 13, 2021
@mladlow
Copy link
Collaborator

mladlow commented Jul 13, 2021
edited
Loading

@calvn I changed the milestone on this due to timing - would you mind taking a look and seeing if we could merge it to main?

@mladlow mladlow removed this from the 1.9 milestone Nov 1, 2021
@stone-z
Copy link
Contributor Author

stone-z commented Nov 17, 2021

@calvn @mladlow can I help here? Seems like an uncontroversial change and it would be really nice to clear the CVE findings from our CI scans

@vercel vercel bot temporarily deployed to Preview – vault November 17, 2021 12:37 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook November 17, 2021 12:37 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook November 17, 2021 12:39 Inactive
@vercel vercel bot temporarily deployed to Preview – vault November 17, 2021 12:39 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook November 17, 2021 12:41 Inactive
@vercel vercel bot temporarily deployed to Preview – vault November 17, 2021 12:41 Inactive
@stone-z stone-z changed the title Update mholt/archiver to v3.5.0 Update mholt/archiver to v3.5.1 Nov 17, 2021
@stone-z
Copy link
Contributor Author

stone-z commented Nov 17, 2021

Ok, so the new go version and default branch change threw me for a bit of a loop, but there's a newer version of archiver so I've updated this PR with the newer version. The failing test seems unrelated (?) so I think this is good to go now

@tsaarni
Copy link
Contributor

tsaarni commented Mar 8, 2022

Ping :) This PR will remove CVE-2019-10743 (mholt/archiver#169) which is now reported by scanners. It would be great to get this merged!

@calvn calvn added this to the 1.10 milestone Mar 14, 2022
@calvn
Copy link
Contributor

calvn commented Mar 14, 2022

@stone-z it looks like we have merge conflicts since we've recently updated a bunch of other dependencies. Are you able to resolve them and push an update here?

@stone-z
Copy link
Contributor Author

stone-z commented Mar 16, 2022

@calvn merge conflict has been fixed ✔️

fairclothjm
fairclothjm approved these changes Mar 16, 2022
View reviewed changes
Copy link
Contributor

@fairclothjm fairclothjm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks @stone-z for the contribution!

@fairclothjm fairclothjm merged commit 7d47386 into hashicorp:main Mar 16, 2022
This was referenced Mar 16, 2022
Closed
Closed
@stone-z stone-z deleted the update-mholt-archiver-350 branch March 16, 2022 15:11
fairclothjm pushed a commit that referenced this pull request Mar 16, 2022
@stone-z @fairclothjm
Update mholt/archiver to v3.5.1 (#11584)
a305827 
* Update mholt/archiver to v3.5.0

* Bump archiver to 3.5.1

* Vendor dependencies

* Use newer go

* go mod tidy

* Remove vendor

* Rm vendor

* Revert api and sdk sums

Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
@fairclothjm fairclothjm mentioned this pull request Mar 16, 2022
Merged
fairclothjm added a commit that referenced this pull request Mar 16, 2022
@fairclothjm @stone-z
Update mholt/archiver to v3.5.1 (#11584) (#14527)
dea0165 
* Update mholt/archiver to v3.5.0

* Bump archiver to 3.5.1

* Vendor dependencies

* Use newer go

* go mod tidy

* Remove vendor

* Rm vendor

* Revert api and sdk sums

Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>

Co-authored-by: Zach Stone <z.stone91@gmail.com>
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
@mickael-hc mickael-hc mentioned this pull request Mar 16, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fairclothjm fairclothjm fairclothjm approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file pr/no-changelog
Projects
None yet
Milestone
1.10
Development

Successfully merging this pull request may close these issues.

Update mholt/archiver to v3.5.1
7 participants
@stone-z @hashicorp-cla @mladlow @tsaarni @calvn @fairclothjm @kalafut