New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Helm operator image not using newest ubi 8 image, possibly Dependabot bug #4868

Closed

bitscuit opened this issue May 4, 2021 · 1 comment

Labels

bitscuit commented May 4, 2021

Bug Report

What did you do?

Noticed the latest helm-operator image has 2 high security vulnerabilities https://quay.io/repository/operator-framework/helm-operator?tag=latest&tab=tags.

The latest ubi8 image is 8.3-298.1618432845 https://catalog.redhat.com/software/containers/ubi8/ubi-minimal/5c359a62bed8bd75a2c3fba8?gti-tabs=unauthenticated, but I do not think Dependabot is picking this up as the Dockerfile is still using 8.3-298 https://github.com/operator-framework/operator-sdk/blob/master/images/helm-operator/Dockerfile#L20

What did you expect to see?

Dockerfile to be using ubi8 image with tag 8.3-298.1618432845 since that fixes the vulnerabilities in 8.3-298

What did you see instead? Under which circumstances?

Dockerfile using 8.3-298 ubi8

Environment

Operator type:

/language helm

Kubernetes cluster type:

$ operator-sdk version

$ go version (if language is Go)

$ kubectl version

Possible Solution

Probably a Dependabot issue, but this could be fixed by manually opening PR to update base image for now

Additional context

The text was updated successfully, but these errors were encountered:

openshift-ci-robot added the language/helm label

Member

estroz commented May 5, 2021

Closed by #4873

estroz closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment