chore: build with keda-tools:1.22.5 #5971
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I guess that we need to bump the user version too: I'd say that it's a good moment to bump go version, don't you think @zroubalik ? |
I tested locally for both Also, I think we should bump go version in the Devcontainer too, right? Line 6 in bb53516 |
Yeah, you can check all the places to change here: https://github.com/kedacore/keda/pull/5734/files |
pauldotyu
force-pushed
the
main
branch
3 times, most recently
from
c4cd459
to
f625518
Compare
|
Semgrep found 1 Avoid using sudo in Dockerfiles. Running processes as a non-root user can help reduce the potential impact of configuration errors and security vulnerabilities. Ignore this finding from no-sudo-in-dockerfile. |
pauldotyu
force-pushed
the
main
branch
2 times, most recently
from
56195f9
to
abd7e74
Compare
In the Devcontainer's Dockerfile, I had to change the way go modules were installed. Bumping to 1.22.5 gave me errors about running Also, after looking through the Devcontainer files, there seems to be a bit of code that could use some cleanup. For instance, in the Dockerfile I see that it configures a non-root user vscode but runs as root (probably for Docker CLI). Also, might be able to leverage devcontainer features in the devcontainer.json file to load some of the tooling instead of baking them all into the container. I can create an issue for this and work on cleaning this up if that's okay. |
Yeah, let's do it |
Sounds good! Anything else I need to do for this particular pull request? |
|
just solve merge conflicts please 🙏 |
|
Merge conflict has been resolved 😁 |
|
Semgrep found 1 Avoid using sudo in Dockerfiles. Running processes as a non-root user can help reduce the potential impact of configuration errors and security vulnerabilities. Ignore this finding from no-sudo-in-dockerfile. |
zroubalik
approved these changes
Jul 25, 2024
to resolve CVE-2024-24790, CVE-2024-24789, and CVE-2024-24791 bump github.com/Azure/azure-sdk-for-go/sdk/azidentity to resolve CVE-2024-35255 Signed-off-by: Paul Yu <[email protected]>
Signed-off-by: Paul Yu <[email protected]>
Signed-off-by: Paul Yu <[email protected]>
|
Semgrep found 1 Avoid using sudo in Dockerfiles. Running processes as a non-root user can help reduce the potential impact of configuration errors and security vulnerabilities. Ignore this finding from no-sudo-in-dockerfile. |
|
Hi @JorTurFer, Once this PR is merged, is it possible to cut a release for KEDA 2.14.1? |
|
We plan to ship v2.15 next week and I'd like to include the golang bump. Is it enough? We don't plan any other release for v2.14 |
|
/run-e2e internal |
Signed-off-by: Jorge Turrado <[email protected]>
|
/run-e2e azure |
|
Semgrep found 1 Avoid using sudo in Dockerfiles. Running processes as a non-root user can help reduce the potential impact of configuration errors and security vulnerabilities. Ignore this finding from no-sudo-in-dockerfile. |
1 similar comment
|
Semgrep found 1 Avoid using sudo in Dockerfiles. Running processes as a non-root user can help reduce the potential impact of configuration errors and security vulnerabilities. Ignore this finding from no-sudo-in-dockerfile. |
JorTurFer
added a commit
to JorTurFer/keda
that referenced
this pull request
Jul 30, 2024
* chore: build with keda-tools:1.22.5 to resolve CVE-2024-24790, CVE-2024-24789, and CVE-2024-24791 bump github.com/Azure/azure-sdk-for-go/sdk/azidentity to resolve CVE-2024-35255 Signed-off-by: Paul Yu <[email protected]> * chore: use go install instead of go get and replacing deprecated tools Signed-off-by: Paul Yu <[email protected]> * chore: vendor dependency cleanup Signed-off-by: Paul Yu <[email protected]> * Update missing references to 1.21 Signed-off-by: Jorge Turrado <[email protected]> --------- Signed-off-by: Paul Yu <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> Co-authored-by: Jorge Turrado Ferrero <[email protected]>
JorTurFer
added a commit
to JorTurFer/keda
that referenced
this pull request
Jul 30, 2024
* chore: build with keda-tools:1.22.5 to resolve CVE-2024-24790, CVE-2024-24789, and CVE-2024-24791 bump github.com/Azure/azure-sdk-for-go/sdk/azidentity to resolve CVE-2024-35255 Signed-off-by: Paul Yu <[email protected]> * chore: use go install instead of go get and replacing deprecated tools Signed-off-by: Paul Yu <[email protected]> * chore: vendor dependency cleanup Signed-off-by: Paul Yu <[email protected]> * Update missing references to 1.21 Signed-off-by: Jorge Turrado <[email protected]> --------- Signed-off-by: Paul Yu <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> Co-authored-by: Jorge Turrado Ferrero <[email protected]> Signed-off-by: Jorge Turrado <[email protected]>
JorTurFer
added a commit
that referenced
this pull request
Jul 31, 2024
* bump golang Signed-off-by: Jorge Turrado <[email protected]> * chore: build with keda-tools:1.22.5 (#5971) * chore: build with keda-tools:1.22.5 to resolve CVE-2024-24790, CVE-2024-24789, and CVE-2024-24791 bump github.com/Azure/azure-sdk-for-go/sdk/azidentity to resolve CVE-2024-35255 Signed-off-by: Paul Yu <[email protected]> * chore: use go install instead of go get and replacing deprecated tools Signed-off-by: Paul Yu <[email protected]> * chore: vendor dependency cleanup Signed-off-by: Paul Yu <[email protected]> * Update missing references to 1.21 Signed-off-by: Jorge Turrado <[email protected]> --------- Signed-off-by: Paul Yu <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> Co-authored-by: Jorge Turrado Ferrero <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> * [BUG-5922] Report failing ScaledJob triggers in status (#5916) Signed-off-by: Josef Karasek <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> * [BUG-5656] Annotate Jobs with parent ScaledJob generation (#5876) * Annotate Jobs with parent ScaledJob generation Signed-off-by: Josef Karasek <[email protected]> * fix tests Signed-off-by: Josef Karasek <[email protected]> * fix lint Signed-off-by: Josef Karasek <[email protected]> * fix log message Signed-off-by: Josef Karasek <[email protected]> * update changelog Signed-off-by: Josef Karasek <[email protected]> * update changelog Signed-off-by: Josef Karasek <[email protected]> * update changelog Signed-off-by: Josef Karasek <[email protected]> --------- Signed-off-by: Josef Karasek <[email protected]> Signed-off-by: Zbynek Roubalik <[email protected]> Co-authored-by: Zbynek Roubalik <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> * fix: `+srv` mongodb url scheme parsing bug (#5773) This commit fixs issue #5760. where OP was facing problem with +srv schema Signed-off-by: Rishikesh Betigeri <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> * fix: issue when GitHub organization contains more than 30 repos (#5746) Signed-off-by: Simon Kobler <[email protected]> Signed-off-by: Simon Kobler <[email protected]> Co-authored-by: Jorge Turrado Ferrero <[email protected]> Co-authored-by: Simon Kobler <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> * Fix scaler leak during cache refresh (#5807) Signed-off-by: Guillaume Jacquet <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> * Prepare release v2.14.1 Signed-off-by: Jorge Turrado <[email protected]> * add missing change Signed-off-by: Jorge Turrado <[email protected]> * update changelog Signed-off-by: Jorge Turrado <[email protected]> * fix: e2e test regex check tag (#5831) Signed-off-by: Jan Wozniak <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> * Validate regex before building image for e2e test (#5783) * added regex pre check before building image Signed-off-by: Yaxhveer <[email protected]> * updated changelog Signed-off-by: Yaxhveer <[email protected]> * refactored Signed-off-by: Yaxhveer <[email protected]> * corrected Signed-off-by: Yaxhveer <[email protected]> * corrected changelog Signed-off-by: Yaxhveer <[email protected]> * updated the workflow Signed-off-by: Yaxhveer <[email protected]> * updated the workflow Signed-off-by: Yaxhveer <[email protected]> --------- Signed-off-by: Yaxhveer <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> * fix some pending tasks Signed-off-by: Jorge Turrado <[email protected]> * use AAD-Pod-Identity always Signed-off-by: Jorge Turrado <[email protected]> * use AAD-Pod-Identity always Signed-off-by: Jorge Turrado <[email protected]> --------- Signed-off-by: Jorge Turrado <[email protected]> Signed-off-by: Paul Yu <[email protected]> Signed-off-by: Josef Karasek <[email protected]> Signed-off-by: Zbynek Roubalik <[email protected]> Signed-off-by: Rishikesh Betigeri <[email protected]> Signed-off-by: Simon Kobler <[email protected]> Signed-off-by: Simon Kobler <[email protected]> Signed-off-by: Guillaume Jacquet <[email protected]> Signed-off-by: Jan Wozniak <[email protected]> Signed-off-by: Yaxhveer <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> Co-authored-by: Paul Yu <[email protected]> Co-authored-by: Josef Karasek <[email protected]> Co-authored-by: Zbynek Roubalik <[email protected]> Co-authored-by: Rishikesh <[email protected]> Co-authored-by: Simon Kobler <[email protected]> Co-authored-by: Simon Kobler <[email protected]> Co-authored-by: Guillaume Jacquet <[email protected]> Co-authored-by: Jan Wozniak <[email protected]> Co-authored-by: Yashveer <[email protected]>
jkyros
pushed a commit
to jkyros/keda
that referenced
this pull request
Aug 2, 2024
* bump golang Signed-off-by: Jorge Turrado <[email protected]> * chore: build with keda-tools:1.22.5 (kedacore#5971) * chore: build with keda-tools:1.22.5 to resolve CVE-2024-24790, CVE-2024-24789, and CVE-2024-24791 bump github.com/Azure/azure-sdk-for-go/sdk/azidentity to resolve CVE-2024-35255 Signed-off-by: Paul Yu <[email protected]> * chore: use go install instead of go get and replacing deprecated tools Signed-off-by: Paul Yu <[email protected]> * chore: vendor dependency cleanup Signed-off-by: Paul Yu <[email protected]> * Update missing references to 1.21 Signed-off-by: Jorge Turrado <[email protected]> --------- Signed-off-by: Paul Yu <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> Co-authored-by: Jorge Turrado Ferrero <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> * [BUG-5922] Report failing ScaledJob triggers in status (kedacore#5916) Signed-off-by: Josef Karasek <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> * [BUG-5656] Annotate Jobs with parent ScaledJob generation (kedacore#5876) * Annotate Jobs with parent ScaledJob generation Signed-off-by: Josef Karasek <[email protected]> * fix tests Signed-off-by: Josef Karasek <[email protected]> * fix lint Signed-off-by: Josef Karasek <[email protected]> * fix log message Signed-off-by: Josef Karasek <[email protected]> * update changelog Signed-off-by: Josef Karasek <[email protected]> * update changelog Signed-off-by: Josef Karasek <[email protected]> * update changelog Signed-off-by: Josef Karasek <[email protected]> --------- Signed-off-by: Josef Karasek <[email protected]> Signed-off-by: Zbynek Roubalik <[email protected]> Co-authored-by: Zbynek Roubalik <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> * fix: `+srv` mongodb url scheme parsing bug (kedacore#5773) This commit fixs issue kedacore#5760. where OP was facing problem with +srv schema Signed-off-by: Rishikesh Betigeri <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> * fix: issue when GitHub organization contains more than 30 repos (kedacore#5746) Signed-off-by: Simon Kobler <[email protected]> Signed-off-by: Simon Kobler <[email protected]> Co-authored-by: Jorge Turrado Ferrero <[email protected]> Co-authored-by: Simon Kobler <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> * Fix scaler leak during cache refresh (kedacore#5807) Signed-off-by: Guillaume Jacquet <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> * Prepare release v2.14.1 Signed-off-by: Jorge Turrado <[email protected]> * add missing change Signed-off-by: Jorge Turrado <[email protected]> * update changelog Signed-off-by: Jorge Turrado <[email protected]> * fix: e2e test regex check tag (kedacore#5831) Signed-off-by: Jan Wozniak <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> * Validate regex before building image for e2e test (kedacore#5783) * added regex pre check before building image Signed-off-by: Yaxhveer <[email protected]> * updated changelog Signed-off-by: Yaxhveer <[email protected]> * refactored Signed-off-by: Yaxhveer <[email protected]> * corrected Signed-off-by: Yaxhveer <[email protected]> * corrected changelog Signed-off-by: Yaxhveer <[email protected]> * updated the workflow Signed-off-by: Yaxhveer <[email protected]> * updated the workflow Signed-off-by: Yaxhveer <[email protected]> --------- Signed-off-by: Yaxhveer <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> * fix some pending tasks Signed-off-by: Jorge Turrado <[email protected]> * use AAD-Pod-Identity always Signed-off-by: Jorge Turrado <[email protected]> * use AAD-Pod-Identity always Signed-off-by: Jorge Turrado <[email protected]> --------- Signed-off-by: Jorge Turrado <[email protected]> Signed-off-by: Paul Yu <[email protected]> Signed-off-by: Josef Karasek <[email protected]> Signed-off-by: Zbynek Roubalik <[email protected]> Signed-off-by: Rishikesh Betigeri <[email protected]> Signed-off-by: Simon Kobler <[email protected]> Signed-off-by: Simon Kobler <[email protected]> Signed-off-by: Guillaume Jacquet <[email protected]> Signed-off-by: Jan Wozniak <[email protected]> Signed-off-by: Yaxhveer <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> Co-authored-by: Paul Yu <[email protected]> Co-authored-by: Josef Karasek <[email protected]> Co-authored-by: Zbynek Roubalik <[email protected]> Co-authored-by: Rishikesh <[email protected]> Co-authored-by: Simon Kobler <[email protected]> Co-authored-by: Simon Kobler <[email protected]> Co-authored-by: Guillaume Jacquet <[email protected]> Co-authored-by: Jan Wozniak <[email protected]> Co-authored-by: Yashveer <[email protected]>
JorTurFer
added a commit
to JorTurFer/keda
that referenced
this pull request
Oct 7, 2024
* chore: build with keda-tools:1.22.5 to resolve CVE-2024-24790, CVE-2024-24789, and CVE-2024-24791 bump github.com/Azure/azure-sdk-for-go/sdk/azidentity to resolve CVE-2024-35255 Signed-off-by: Paul Yu <[email protected]> * chore: use go install instead of go get and replacing deprecated tools Signed-off-by: Paul Yu <[email protected]> * chore: vendor dependency cleanup Signed-off-by: Paul Yu <[email protected]> * Update missing references to 1.21 Signed-off-by: Jorge Turrado <[email protected]> --------- Signed-off-by: Paul Yu <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> Co-authored-by: Jorge Turrado Ferrero <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Provide a description of what has been changed
This PR is to build keda container images with an updated version of keda-tools with latest version of Go to resolve CVE-2024-24790, CVE-2024-24789, and CVE-2024-24791. Related PR: kedacore/test-tools#169
Also bumping github.com/Azure/azure-sdk-for-go/sdk/azidentity to resolve CVE-2024-35255.
Checklist
Fixes #
Relates to #
kedacore/test-tools#169