Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: bump golang.org/x/net to v0.23.0 #3388

Merged
merged 1 commit into from
Apr 5, 2024
Merged

deps: bump golang.org/x/net to v0.23.0 #3388

merged 1 commit into from
Apr 5, 2024

Conversation

odubajDT
Copy link
Contributor

@odubajDT odubajDT commented Apr 4, 2024
edited
Loading

Fixes go vulnerability: https://pkg.go.dev/vuln/GO-2024-2687

security scan https://github.com/keptn/lifecycle-toolkit/actions/runs/8555467155/job/23442929687

The security scan fails, reason: net/http is part of go standard lib -> it's used by opentelemetry.io, which uses go version 1.20 (does not contain the fix yet)

@odubajDT
deps: bump golang.org/x/net to v0.23.0
b3f1d91 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Apr 4, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@codecov Codecov
Copy link

codecov bot commented Apr 4, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 85.33%. Comparing base (e4f1a6a) to head (b3f1d91).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3388      +/-   ##
==========================================
- Coverage   85.36%   85.33%   -0.03%     
==========================================
  Files         167      167              
  Lines        7412     7412              
==========================================
- Hits         6327     6325       -2     
- Misses        798      799       +1     
- Partials      287      288       +1

see 1 file with indirect coverage changes

Flag Coverage Δ
certificate-operator 69.23% <ø> (ø)
component-tests 58.04% <ø> (-0.74%) ⬇️
lifecycle-operator 83.46% <ø> (ø)
metrics-operator 88.32% <ø> (ø)
scheduler 34.74% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@odubajDT odubajDT marked this pull request as ready for review April 4, 2024 13:29
@odubajDT odubajDT requested a review from a team as a code owner April 4, 2024 13:29
@odubajDT odubajDT merged commit e9c1dda into main Apr 5, 2024
52 of 56 checks passed
@odubajDT odubajDT deleted the fix/security-net branch April 5, 2024 08:02
This was referenced Apr 5, 2024
Merged
Merged
Merged
Merged
Vickysomtee pushed a commit to Vickysomtee/keptn-lifecycle-toolkit that referenced this pull request Apr 23, 2024
@odubajDT @Vickysomtee
deps: bump golang.org/x/net to v0.23.0 (keptn#3388)
27eedc0 
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
Signed-off-by: vickysomtee <vickysomtee@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RealAnna RealAnna RealAnna approved these changes

@bacherfl bacherfl bacherfl approved these changes

Assignees
No one assigned
Labels
cert-manager lifecycle-operator metrics-operator scheduler
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@odubajDT @bacherfl @RealAnna