Bump to Kubernetes 1.30 #262
Conversation
edd89ad Merge pull request kubernetes-csi#251 from jsafrane/add-logcheck 043fd09 Add test-logcheck target d7535ae Merge pull request kubernetes-csi#250 from jsafrane/go-1.22 b52e7ad Update go to 1.22.2 14fdb6f Merge pull request kubernetes-csi#247 from msau42/prow 9b4352e Update release playbook c7bb972 Fix release notes script to use fixed tags 463a0e9 Add script to update specific go modules git-subtree-dir: release-tools git-subtree-split: edd89ad58509b16d1a1fbdfe1d2d935beb36c67a
k8s-ci-robot
added
release-note
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jsafrane The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
cncf-cla: yes
|
@jsafrane Would you mind reviewing this PR? This PR bumps the Go version to 1.22.3 due to vulnerabilities in Go 1.22.2 identified by the Trivy vulnerability scanner. |
release-tools/prow.sh
Outdated
| @@ -86,7 +86,7 @@ configvar CSI_PROW_BUILD_PLATFORMS "linux amd64 amd64; linux ppc64le ppc64le -pp | |||
| # which is disabled with GOFLAGS=-mod=vendor). | |||
| configvar GOFLAGS_VENDOR "$( [ -d vendor ] && echo '-mod=vendor' )" "Go flags for using the vendor directory" | |||
|
|
|||
| configvar CSI_PROW_GO_VERSION_BUILD "1.21.5" "Go version for building the component" # depends on component's source code | |||
| configvar CSI_PROW_GO_VERSION_BUILD "1.22.2" "Go version for building the component" # depends on component's source code | |||
There was a problem hiding this comment.
Go 1.22.3 was released on 5/7 [1]. Is it possible to include that update in this release?
Note: updating should resolve the Trivy gate failure, too.
[1] https://groups.google.com/g/golang-announce/c/wkkO4P9stm0
There was a problem hiding this comment.
Regarding this matter, I believe it will be necessary to update the csi-release-tools submodule in this repository after merging the following PR:
kubernetes-csi/csi-release-tools#252
|
@jsafrane Would you please update the csi-release-tools again, as the PR mentioned below has been merged? |
adb3af9d Merge pull request kubernetes-csi#252 from bells17/update-go-version b82ee388 Merge pull request kubernetes-csi#253 from bells17/fix-typo c3174562 Fix typo 0a785056 Bump to Go 1.22.3 git-subtree-dir: release-tools git-subtree-split: adb3af9dfa3ed4d1a922cd839bb48e0b73918617
Add ctx to the Connect call.
|
@bells17 Thanks for the go bump in release-tools repo. I included it in this PR. |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
What type of PR is this?
/kind feature
What this PR does / why we need it:
Update to go 1.22.3, Kubernetes 1.20, csi-lib-utils 0.18 and the latest release-tools.
Fixes CVE-2024-24788.
Does this PR introduce a user-facing change?: