Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency go modules for k8s v1.26.0 #172

Merged
merged 3 commits into from
Dec 15, 2022
Merged

Update dependency go modules for k8s v1.26.0 #172

merged 3 commits into from
Dec 15, 2022

Conversation

sunnylovestiramisu
Copy link
Contributor

Ran kubernetes-csi/csi-release-tools go-get-kubernetes.sh -p 1.26.0

@k8s-ci-robot k8s-ci-robot added do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Dec 12, 2022
@k8s-ci-robot k8s-ci-robot added the size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. label Dec 12, 2022
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Dec 12, 2022
@sunnylovestiramisu
Copy link
Contributor Author

/assign @xing-yang

@sunnylovestiramisu sunnylovestiramisu mentioned this pull request Dec 13, 2022
Closed
@msau42
Copy link
Collaborator

msau42 commented Dec 15, 2022

the trivy scanner I think needs to be updated for go1.19.

@msau42
Copy link
Collaborator

msau42 commented Dec 15, 2022

Also I think it's probably best we remove the trivy scanner until we can find way to run this out of band of PRs.

@sunnylovestiramisu
Copy link
Contributor Author

hmm also need to replace version of golang.org/x/net

│ golang.org/x/net │ CVE-2022-41717 │ MEDIUM   │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.4.0         │ An attacker can cause excessive memory growth in a Go server │

@andyzhangx
Copy link
Member

hmm also need to replace version of golang.org/x/net

│ golang.org/x/net │ CVE-2022-41717 │ MEDIUM   │ v0.3.1-0.20221206200815-1e63c2f08a10 │ 0.4.0         │ An attacker can cause excessive memory growth in a Go server │

@sunnylovestiramisu just wait a minute, let me fix it in a new PR. this trivy scan github action really catches some cve issue, it helps!

@andyzhangx
Copy link
Member

o, you already fixed in this PR, I just worked out a PR to fix the cve: #173
nvm, I will close my PR later. thanks.

@xing-yang
Copy link
Contributor

/release-note-none

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Dec 15, 2022
@xing-yang
Copy link
Contributor

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 15, 2022
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sunnylovestiramisu, xing-yang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 15, 2022
@k8s-ci-robot k8s-ci-robot merged commit b9363f2 into kubernetes-csi:master Dec 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andyzhangx andyzhangx Awaiting requested review from andyzhangx

@gnufied gnufied Awaiting requested review from gnufied

Assignees

@xing-yang xing-yang

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
No open projects
1.26 release
Status: PRs Approved
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@sunnylovestiramisu @msau42 @andyzhangx @xing-yang @k8s-ci-robot