-
Notifications
You must be signed in to change notification settings - Fork 581
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump protobuf to v1.3.2 #606
Conversation
Pull Request Test Coverage Report for Build 578746776
💛 - Coveralls |
62cff04
to
015a5e2
Compare
Why the test failed??? Let me check it offline... |
go.mod
Outdated
github.com/containernetworking/plugins v0.8.2 | ||
github.com/gogo/protobuf v1.3.2 // indirect |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think with this only we won't cover indirect deps.
If you look at go.sum, there are still older version used. To always use 1.3.2 you need to use the replace directive
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, right. As far as I checked k8s repo, master or v1.21.0-alpha.3 only fixes the protobuf isssue.
That is what I know of, for now.
- Currently multus uses kubernetes v1.13.0 library (which contains kubelet/api/podresources/v1alpha1)
- To update protobuf we need to update v1.21.0-alpha.3 or later (or wait for bugfix version...)
- v1.21.0-alpha.3 does not have kubelet/api/podresources/v1alpha1, so multus build is failed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So we may need to stop support old sr-iov feature (kubelet)...
b819596
to
fe9f9c4
Compare
fe9f9c4
to
fe42962
Compare
Looks good to me, thanks! Please merge it! |
Update gogo/protobuf to v1.3.2 to fix https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3121. The related k8s fix is here: kubernetes/kubernetes#98477
Also bumps libcni to v0.8.1