-
Notifications
You must be signed in to change notification settings - Fork 207
[Snyk] Security upgrade alpine from 3.7 to 3.19 #1630
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closed
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Maryam Tahhan <mtahhan@redhat.com>
Go 1.20 is end of support. Go 1.22 is not packaged in UBI tooling yet. Update to Go 1.21 instead. Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
Signed-off-by: Vimal Kumar <vimal78@gmail.com>
Signed-off-by: Kaiyi <kaiyiliu21@gmail.com>
use `$__rate_interval` in intel-pcm dashboard
Signed-off-by: Maryam Tahhan <mtahhan@redhat.com> Signed-off-by: Maryam Tahhan <mtahhan@redhat.com>
chore(bpfassets): Remove BCC
Signed-off-by: sustainable-computing-bot <bot@sustainable-computing.io>
Dockerfile: update libbpf-source linux version
Signed-off-by: sustainable-computing-bot <bot@sustainable-computing.io>
This commit: * Adds panels to highlight the degree of regression between dev and latest version. * Adds panel for visualizing more info related to Node and process like Core, Package, Dram, Other, CPU cycles, CPU miss and BPF CPU time. Signed-off-by: Vibhu Prashar <vibhu.sharma2929@gmail.com>
dashboard(dev-compose): improve dev dashboard
* fix(bpf): Fix issue introduced with bpf refactor This fixes a few issues identified with the bpf code format and refactor. 1. Zero initialize all variables 2. Use the bpf_perf_event_read_value helper exlusively In addition, add some logging around eBPF array resizing. Fixes: #1402 #1411 Signed-off-by: Dave Tucker <dave@dtucker.co.uk> * fix(bpf): Incorrect map size for processes and pid_time Signed-off-by: Dave Tucker <dave@dtucker.co.uk> --------- Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
For local development the instructions suggest running: ./_output/bin/linux_amd64/kepler This checks for the bytecode in /var/lib/kepler/bpfassets However, for local development this directory doesn't exist. The fallback was to look in ../../../bpfassets/libbpf/bpf.o Running the recommended command was causing kepler to look in strange locations (i.e /bpfassets) for bytecode. This PR fixes the lookup for local development to use a glob pattern starting at the current directory. This works well for local development, with the added bonus of making it easier to test kepler builds on remote systems since you can also copy the binary and bytecode files together, without having to place the bytecode in a special path. Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
Signed-off-by: Sunil Thaha <sthaha@redhat.com>
* chore: bump up go to 1.21 Signed-off-by: Sunil Thaha <sthaha@redhat.com> * chore: bump up libbpfgo to 0.6.0 Signed-off-by: Sunil Thaha <sthaha@redhat.com> * ci: bump up golangci-lint Signed-off-by: Sunil Thaha <sthaha@redhat.com> * fix: golangci-lint for str len check Signed-off-by: Sunil Thaha <sthaha@redhat.com> --------- Signed-off-by: Sunil Thaha <sthaha@redhat.com>
Signed-off-by: sustainable-computing-bot <bot@sustainable-computing.io>
Signed-off-by: Huamin Chen <hchen@redhat.com>
Signed-off-by: Huamin Chen <hchen@redhat.com>
Signed-off-by: Huamin Chen <hchen@redhat.com>
Signed-off-by: Huamin Chen <hchen@redhat.com>
Signed-off-by: Huamin Chen <hchen@redhat.com>
Signed-off-by: Huamin Chen <hchen@redhat.com>
Signed-off-by: Huamin Chen <hchen@redhat.com>
support Habana GPU
Signed-off-by: Sunil Thaha <sthaha@redhat.com>
Signed-off-by: Kaiyi <kaiyiliu21@gmail.com>
…ual queries Signed-off-by: Kaiyi <kaiyiliu21@gmail.com>
Signed-off-by: Kaiyi <kaiyiliu21@gmail.com>
This commit adds a more comprehensive eBPF test suite. Currently it tests the operation of a number of key functions within the eBPF code - for example the main sched_switch tracepoint that we run. In addition, it runs a number of micro benchmarks so we can track performance of these key pieces of code. Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
test(bpf): Add eBPF Test Suite
This commit addresses and resolves various linting issues in the validator module Additionally, it includes the following improvements: - Add a new make target to run the linter. - Add `__init__.py` to the `tests/validator` directory to resolve the linting issue: implicit-namespace-package (INP001). - Suppress certain linting issues that are intentional or not applicable in our context. Signed-off-by: vprashar2929 <vprashar@redhat.com>
Refactor pkg/sensors/accelerator to use a more generic device abstractions that different devices can plug into. Signed-off-by: Maryam Tahhan <mtahhan@redhat.com>
Signed-off-by: Maryam Tahhan <mtahhan@redhat.com>
Refactor the gpu codebase
fix(validator): resolve linting issues
This commit allows grafana to be accessed without logging in as admin user. It also solves the nagging change password issue. Signed-off-by: Sunil Thaha <sthaha@redhat.com>
Signed-off-by: Maryam Tahhan <mtahhan@redhat.com>
chore: precommit add markdown + spellcheck
Bumps the go-dependencies group with 1 update: [github.com/prometheus/prometheus](https://github.com/prometheus/prometheus). Updates `github.com/prometheus/prometheus` from 0.53.0 to 0.53.1 - [Release notes](https://github.com/prometheus/prometheus/releases) - [Changelog](https://github.com/prometheus/prometheus/blob/main/CHANGELOG.md) - [Commits](prometheus/prometheus@v0.53.0...v0.53.1) --- updated-dependencies: - dependency-name: github.com/prometheus/prometheus dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
…modules/go-dependencies-d988561a6c build(deps): bump github.com/prometheus/prometheus from 0.53.0 to 0.53.1 in the go-dependencies group
chore(compose/grafana): allow anonymous login with admin role
This commit improves the README with detailed instructions on how to set up and run the Docker Compose for VM validations. Additionally, it updates the steps required to launch the validator tool Signed-off-by: vprashar2929 <vibhu.sharma2929@gmail.com>
docs(validator): update the documentation for running the validator
Signed-off-by: Vimal Kumar <vimal78@gmail.com>
Signed-off-by: Vimal Kumar <vimal78@gmail.com>
feat: Add mock-acpi validation to validator
Added image signing to workflow using cosign. Signs images with GitHub OIDC token, and permissions updated and restricted to reflect this. Signed-off-by: Arthur Savage <arthursavage47@gmail.com>
Bumps the go-dependencies group with 3 updates: [k8s.io/api](https://github.com/kubernetes/api), [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) and [k8s.io/client-go](https://github.com/kubernetes/client-go). Updates `k8s.io/api` from 0.29.6 to 0.29.7 - [Commits](kubernetes/api@v0.29.6...v0.29.7) Updates `k8s.io/apimachinery` from 0.29.6 to 0.29.7 - [Commits](kubernetes/apimachinery@v0.29.6...v0.29.7) Updates `k8s.io/client-go` from 0.29.6 to 0.29.7 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.29.6...v0.29.7) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
…modules/go-dependencies-08a97c52c3 build(deps): bump the go-dependencies group with 3 updates
ci: sign image builds (fixing security issue)
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE37-MUSL-458286 - https://snyk.io/vuln/SNYK-ALPINE37-MUSL-458286
🤖 SeineSailor I apologize, but since you've only provided a single changeset with no actual changes listed, I'm unable to generate a concise summary of the pull request changes. Please provide the complete list of changesets, and I'll be happy to assist you in summarizing the key modifications and their impact on the codebase. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix 1 vulnerabilities in the dockerfile dependencies of this project.
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Snyk changed the following file(s):
vendor/github.com/jaypipes/ghw/Dockerfile
We recommend upgrading to
alpine:3.19
, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.Vulnerabilities that will be fixed with an upgrade:
SNYK-ALPINE37-MUSL-458286
SNYK-ALPINE37-MUSL-458286
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.