Update k8s.io and sigs.k8s.io direct dependencies #187
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: thepetk <[email protected]>
thepetk
changed the title
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #187 +/- ##
==========================================
+ Coverage 60.84% 61.05% +0.20%
==========================================
Files 41 42 +1
Lines 5006 5017 +11
==========================================
+ Hits 3046 3063 +17
+ Misses 1767 1761 -6
Partials 193 193 ☔ View full report in Codecov by Sentry. |
kim-tsao
approved these changes
Nov 6, 2023
rm3l
approved these changes
Nov 7, 2023
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: kim-tsao, rm3l, thepetk The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?:
This PR help us mitigate the Rapid Reset CVE inside the devfile/library repo. It tries to update the following direct dependencies:
k8s.io/api:0.26.1=>0.26.10k8s.io/apimachinery:0.26.1=>0.26.10k8s.io/apimachinery:0.26.1=>0.26.10k8s.io/apiextensions-apiserver:0.26.1=>0.26.10k8s.io/client-go:0.26.1=>0.26.10k8s.io/pod-security-admission:0.26.1=>0.26.10sigs.k8s.io/controller-runtime:0.14.4=>0.14.7These updates will lead to an update of the indirect dependency
golang.org/x/netfromv0.3.1-0.20221206200815-1e63c2f08a10to0.17.0.Which issue(s) this PR fixes:
fixes devfile/api#1308
PR acceptance criteria:
Testing and documentation do not need to be complete in order for this PR to be approved. We just need to ensure tracking issues are opened and linked to this PR, if they are not in the PR scope due to various constraints.
Unit/Functional tests
QE Integration test
Documentation (READMEs, Product Docs, Blogs, Education Modules, etc.)
Client Impact
Gosec scans
How to test changes / Special notes to the reviewer: