-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update go version to 1.20 and resolve CVEs #613
Conversation
@@ -10,7 +10,7 @@ jobs: | |||
- uses: actions/checkout@v2 | |||
- uses: actions/setup-go@v2 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
since we're editting these files i think we should converge on the same action version. (ie functests and unittests are using actions/setup-go@v4
, but image-check is v2 and kind-integration is v1)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure what these action versions signify tbh. What version should we converge on? And should it be the same version across all actions? As in, could it be different for specific actions - say checkout set to v2 and setup set to v4, or should we have just one version?
25f14b9
to
4c80a15
Compare
13766b7
to
7b74a29
Compare
Change to PR detected. A new PR build was completed. |
Change to PR detected. A new PR build was completed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code changes look fine to me! I will leave the lgtm tag for the next person who verifies the same.
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: amadhusu, gmfrasca The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
The issue resolved by this Pull Request:
Resolves https://issues.redhat.com/browse/RHOAIENG-2260
Description of your changes:
Bumped go version to 1.20.
Updated K8s package versions to eliminate high level snyk CVE. Verified that the package versions are compatible with each other: https://github.com/kubernetes-sigs/controller-runtime/blob/v0.15.0/go.mod#L20-L27
Also updated the DSPO controller go code to fix all breaking changes introduced by upgrading the
sigs.k8s.io/controller-runtime
package to 0.15.0.Testing instructions
Imported my fork in synk and made sure the relevant CVEs were fixed with this update.
Updated package versions locally based on what versions are compatible with each other and ran
go mod tidy
.Ran
go build
locally to make sure no errors were introduced due to any breaking changes arising from package version upgrades.Pushed changes to my fork and ensured the CVEs were resolved.
Checklist