CVE fixes of High priority #525
Conversation
| @@ -22,6 +22,10 @@ require ( | |||
|
|
|||
| replace sigs.k8s.io/custom-metrics-apiserver => sigs.k8s.io/custom-metrics-apiserver v1.25.1-0.20230306170449-63d8c93851f3 | |||
|
|
|||
| replace go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp => go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0 | |||
|
|
|||
| replace github.com/jackc/pgx/v4 => github.com/jackc/pgx/v5 v5.5.4 | |||
There was a problem hiding this comment.
Can this be change to v5.5.5?
There was a problem hiding this comment.
It is a strange one, I tried doing that but go doesn't like it. I.e.,
- With v5.5.4, a
go mod tidysuccessfully replaces the v4 module ingo.modandgo.sum. - With v5.5.5 a
go mod tidyfails.
I even performed a git reset --hard to previous commit to ensure a fresh state to test getting and replacing the module for v5.5.5, but still failed on go mod tidy.
[christianzaccaria@thinkpad codeflare-operator]$ go get github.com/jackc/pgx/[email protected]
go: github.com/jackc/pgx/[email protected] used for two different module paths (github.com/jackc/pgx/v4 and github.com/jackc/pgx/v5)
[christianzaccaria@thinkpad codeflare-operator]$ go mod tidy
[christianzaccaria@thinkpad codeflare-operator]$ go get github.com/jackc/pgx/[email protected]
go: github.com/jackc/pgx/[email protected] used for two different module paths (github.com/jackc/pgx/v4 and github.com/jackc/pgx/v5)
[christianzaccaria@thinkpad codeflare-operator]$ go mod tidy
go: finding module for package github.com/jackc/pgx/v5/pgxpool
go: finding module for package github.com/jackc/pgx/v5/pgconn
go: finding module for package github.com/jackc/pgx/v5/pgtype
go: finding module for package github.com/jackc/pgx/v5
go: found github.com/jackc/pgx/v5 in github.com/jackc/pgx/v5 v5.5.5
go: found github.com/jackc/pgx/v5/pgconn in github.com/jackc/pgx/v5 v5.5.5
go: found github.com/jackc/pgx/v5/pgtype in github.com/jackc/pgx/v5 v5.5.5
go: found github.com/jackc/pgx/v5/pgxpool in github.com/jackc/pgx/v5 v5.5.5
go: github.com/jackc/pgx/[email protected] used for two different module paths (github.com/jackc/pgx/v4 and github.com/jackc/pgx/v5)
@astefanutti For The other module |
|
@astefanutti upgrading k8s modules causes some issues in tests. Should I drop that commit for now? |
|
The test issues could be resolved by upgrading |
|
@sutaakar Thank you, that could work. I see that the latest go ubi8 image is |
|
it is fine for me |
ChristianZaccaria
force-pushed
the
cve-fixes-high-several
branch
2 times, most recently
from
fb13f1d to
0e32f36
Compare
|
When trying to create an image I got this error: |
|
I tried to create an image with |
|
@ChristianZaccaria could you give this a rebase please? |
ChristianZaccaria
force-pushed
the
cve-fixes-high-several
branch
from
0e32f36 to
37c54de
Compare
ChristianZaccaria
force-pushed
the
cve-fixes-high-several
branch
from
37c54de to
7f7a9a2
Compare
Rebased, thank you! |
|
/lgtm |
|
/approve |
1 similar comment
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: astefanutti, dimakis The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
…ocker digest to 94ed570 (project-codeflare#525) Signed-off-by: konflux-internal-p02 <170854209+konflux-internal-p02[bot]@users.noreply.github.com> Co-authored-by: konflux-internal-p02[bot] <170854209+konflux-internal-p02[bot]@users.noreply.github.com>
Issue link
Jira: https://issues.redhat.com/browse/RHOAIENG-5504
What changes have been made
Upgraded dependencies to fix a number of High CVEs.
Verification steps
e2e tests passing is sufficient.
Checks