Skip to content

fix(deps): upgrade to operator-framework v1.39.2 and fix vulnerabilities #63

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
akosveres merged 3 commits into from
May 23, 2025
Merged

fix(deps): upgrade to operator-framework v1.39.2 and fix vulnerabilities #63

akosveres merged 3 commits into from
May 23, 2025

Conversation

@akosveres
Copy link
Collaborator

@akosveres akosveres commented May 21, 2025
edited
Loading

Followed upgrade instructions on https://sdk.operatorframework.io/docs/upgrading-sdk-version/ from v1.37.0 to v1.39.2

Some notes:

  • The new operator introduces TLS endpoint for metrics endpoints, this is disable for now so we can spend time later on coming up with the right examples for our users on how to do this
  • Upgrade of kustomize was fixes with kustomize edit fix --vars command
  • Upgrade to go v1.23 was needed to fix vulnerabilities in x/net package

Tested locally successfully.

akosveres added 3 commits May 21, 2025 17:38
@akosveres
fix(deps): update vulnerable packages
68b51bb
@akosveres
fix(deps): upgrade to operator-framework v1.39.2
fc54623 
Followed upgrade instructions on
https://sdk.operatorframework.io/docs/upgrading-sdk-version/ from
v1.37.0 to v1.39.2

Some notes:
* The new operator introduces TLS endpoint for metrics endpoints, this
  is disable for now so we can spend time later on coming up with the
right examples for our users on how to do this
* Upgrade of kustomize was fixes with `kustomize edit fix --vars`
  command
* Upgrade to go v1.23 was needed to fix vulnerabilities in x/net package

Tested locally successfully.
@akosveres
chore(readme): update tested k8s version
f30e718
@akosveres akosveres changed the title fix(deps): update vulnerable packages fix(deps): upgrade to operator-framework v1.39.2 and fix vulnerabilities May 21, 2025
@akosveres akosveres mentioned this pull request May 22, 2025
Merged
sorccu
sorccu approved these changes May 23, 2025
View reviewed changes
Copy link
Member

@sorccu sorccu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me, though as I have mentioned before I lack a deeper understanding of k8s.

@akosveres akosveres merged commit a63b957 into main May 23, 2025
2 checks passed
@akosveres akosveres deleted the fix/vulns branch May 23, 2025 08:24
@github-actions
Copy link

github-actions bot commented May 23, 2025

🎉 This PR is included in version 1.7.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sorccu sorccu sorccu approved these changes

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@akosveres @sorccu