OCPBUGS-16482: Update dependencies to remove goproxy dependency #701
Conversation
openshift-ci-robot
added
jira/valid-reference
|
@rwsu: This pull request references Jira Issue OCPBUGS-16482, which is valid. The bug has been moved to the POST state. 3 validation(s) were run on this bug
Requesting review from QA contact: The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci
bot
added
the
size/XXL
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## master #701 +/- ##
==========================================
+ Coverage 55.59% 55.70% +0.10%
==========================================
Files 14 14
Lines 3119 3129 +10
==========================================
+ Hits 1734 1743 +9
- Misses 1224 1226 +2
+ Partials 161 160 -1
|
|
@rwsu: This pull request references Jira Issue OCPBUGS-16482, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
lgtm, just need to pass lint... |
openshift-ci
bot
added
the
downstream-change-needed
Cannot update golangci-lint in the same PR as one exhibiting issues because the CI still uses the previous version. Updating k8s.io/apimachinery module to a newer version causes the old linter to throw nil pointer error. Example openshift#701
Cannot update golangci-lint in the same PR as one exhibiting issues because the CI still uses the previous version. Updating k8s.io/apimachinery module to a newer version causes the old linter to throw nil pointer error. Example openshift#701
Cannot update golangci-lint in the same PR as one exhibiting issues because the CI still uses the previous version. Updating k8s.io/apimachinery module to a newer version causes the old linter to throw nil pointer error. Example #701
|
/retest-required |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: osherdp, rwsu The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
@osherdp Can the |
In this case, yes |
openshift-ci
bot
removed
the
downstream-change-needed
openshift-ci-robot
added
jira/invalid-bug
|
@rwsu: This pull request references Jira Issue OCPBUGS-16482, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
A Denial of service (DoS) via unspecified vectors issue was found in goproxy. This module is pulled in by k8s.io/apimachinery which in turn is pulled in by machine-config-operator. goproxy is no longer used by k8s.io/apimachinery starting with v0.27.0. We can remove this potential issue by moving to newer versions. Updated dependencies to newer versions to remove the goproxy dep. * go get -u github.com/openshift/api@release-4.13 * go get -u github.com/openshift/machine-config-operator@release-4.13 * go get -u k8s.io/client-go@v0.28.0 * Remove replace for api in go.mod * go get -u sigs.k8s.io/controller-runtime@v0.15.1 * go get -u github.com/openshift/machine-api-operator@release-4.13 * replace imports of "github.com/openshift/machine-api-operator/pkg/apis/machine/v1beta1" with "github.com/openshift/api/machine/v1beta1" as it moved to the openshift/api repo. * update replace baremetal-operator/apis and baremetal-operator/pkg/hardwareutils to v0.0.0-20230531194024-8dde0991ffdd in go.mod to match the other version changes
|
/jira refresh |
openshift-ci-robot
added
jira/valid-bug
|
@rwsu: This pull request references Jira Issue OCPBUGS-16482, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/lgtm |
|
Known issue with edge-e2e-metal-assisted, let's wait for it to be fixed |
|
/test edge-e2e-metal-assisted |
|
@rwsu: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
@rwsu: Jira Issue OCPBUGS-16482: All pull requests linked via external trackers have merged:
Jira Issue OCPBUGS-16482 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Fix included in accepted release 4.15.0-0.nightly-2023-10-24-230302 |
A Denial of service (DoS) via unspecified vectors issue was found in goproxy (CVE-2023-37788). This module is pulled in by k8s.io/apimachinery which in turn is pulled in by machine-config-operator.
goproxy is no longer used by k8s.io/apimachinery starting with v0.27.0. We can remove this potential issue by moving to newer versions.
Updated dependencies to newer versions to remove the goproxy dep.