Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: upgrade to go 1.23.2 #7298

Merged
merged 1 commit into from
Oct 31, 2024
Merged

chore: upgrade to go 1.23.2 #7298

merged 1 commit into from
Oct 31, 2024

Conversation

andrewjamesbrown
Copy link
Contributor

@andrewjamesbrown andrewjamesbrown commented Oct 28, 2024

Fixes #N/A

Description
Pick up latest minor 1.23 release to address security vulnerabilities
https://go.dev/doc/devel/release#go1.23.

Specifically it addresses these:

% grype public.ecr.aws/karpenter/controller:1.0.6@sha256:25ec56d5bc718b213a648c0c64360a3be7fbe885b79905c73b77f68295352e9b
 ✔ Vulnerability DB                [no update available]
 ✔ Parsed image                                                                                     sha256:8a609f695a1dd5db4c85aab9e85fe97ac55b062f639643404c9cd67f04c6592a
 ✔ Cataloged contents                                                                                      ce005ceecbcc8627c0ecc91d767ea177b38db057a34fcbe2bc520e2881278308
   ├── ✔ Packages                        [99 packages]
   ├── ✔ File digests                    [1,128 files]
   ├── ✔ File metadata                   [1,128 locations]
   └── ✔ Executables                     [1 executables]
 ✔ Scanned for vulnerabilities     [3 vulnerability matches]
   ├── by severity: 0 critical, 2 high, 0 medium, 0 low, 0 negligible (1 unknown)
   └── by status:   3 fixed, 0 not-fixed, 0 ignored
NAME    INSTALLED  FIXED-IN        TYPE       VULNERABILITY   SEVERITY
stdlib  go1.22.5   1.22.7, 1.23.1  go-module  CVE-2024-34158  High
stdlib  go1.22.5   1.22.7, 1.23.1  go-module  CVE-2024-34156  High
stdlib  go1.22.5   1.22.7, 1.23.1  go-module  CVE-2024-34155  Unknown

How was this change tested?

Does this change impact docs?

  • Yes, PR includes docs updates
  • Yes, issue opened: #
  • No

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@andrewjamesbrown andrewjamesbrown requested a review from a team as a code owner October 28, 2024 23:21
Copy link

netlify bot commented Oct 28, 2024

Deploy Preview for karpenter-docs-prod canceled.

Name Link
🔨 Latest commit 5547387
🔍 Latest deploy log https://app.netlify.com/sites/karpenter-docs-prod/deploys/6723f87d09609100085adedb

jonathan-innis
jonathan-innis previously approved these changes Oct 30, 2024
Copy link
Contributor

@jonathan-innis jonathan-innis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀

@jonathan-innis jonathan-innis enabled auto-merge (squash) October 30, 2024 19:23
@coveralls
Copy link

coveralls commented Oct 30, 2024

Pull Request Test Coverage Report for Build 11620276284

Warning: This coverage report may be inaccurate.

This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 82.873%

Totals Coverage Status
Change from base Build 11620063652: 0.0%
Covered Lines: 5642
Relevant Lines: 6808

💛 - Coveralls

@jonathan-innis
Copy link
Contributor

@andrewjamesbrown Looks like CI is breaking now

@jonathan-innis
Copy link
Contributor

Maybe you also want to update the go.mod so it's referencing the sigs.k8s.io/karpenter version that's also using this same go version

auto-merge was automatically disabled October 31, 2024 11:17

Head branch was pushed to by a user without write access

@andrewjamesbrown
Copy link
Contributor Author

@jonathan-innis I checked in the two files that were modified as part of make ci-non-test; looks like CI was failing on these. Do I need to do something special to pick up the latest release from kubernetes-sigs/karpenter#1784 ?

@jonathan-innis
Copy link
Contributor

No, you don't strictly need to. Change looks fine as-is!

Copy link
Contributor

@jonathan-innis jonathan-innis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀

@jonathan-innis jonathan-innis enabled auto-merge (squash) October 31, 2024 23:45
@jonathan-innis jonathan-innis merged commit 0113ebe into aws:main Oct 31, 2024
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants