Skip to content

PCP-5293 Upgrade controller-runtime version to v0.20.4 #981

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
snehala27 merged 1 commit into from
Oct 16, 2025
Merged

PCP-5293 Upgrade controller-runtime version to v0.20.4 #981

snehala27 merged 1 commit into from
Oct 16, 2025

Conversation

@vishu2498
Copy link

@vishu2498 vishu2498 commented Oct 8, 2025

No description provided.

bulwark-spectrocloud[bot]
bulwark-spectrocloud bot requested changes Oct 8, 2025
View reviewed changes
Copy link

@bulwark-spectrocloud bulwark-spectrocloud bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ GoVulnCheck scan found vulnerabilities:

  1. GO-2025-3754
    • Module: github.com/cloudflare/circl
    • Found in: v1.3.7
    • Fixed in: v1.6.1
    • Example Traces:
      1. test/helpers/kubernetesversions/template.go:37:2: kubernetesversions.init calls framework.init, which eventually calls ecc.init
      2. test/helpers/kubernetesversions/template.go:37:2: kubernetesversions.init calls framework.init, which eventually calls ed25519.init
      3. test/helpers/kubernetesversions/template.go:37:2: kubernetesversions.init calls framework.init, which eventually calls ed25519.init
      4. test/helpers/kubernetesversions/template.go:37:2: kubernetesversions.init calls framework.init, which eventually calls ed448.init
      5. test/helpers/kubernetesversions/template.go:37:2: kubernetesversions.init calls framework.init, which eventually calls ecc.init
  2. GO-2025-3787
    • Module: github.com/go-viper/mapstructure/v2
    • Found in: v2.2.1
    • Fixed in: v2.3.0
    • Example Traces:
      1. test/helpers/kubernetesversions/template.go:37:2: kubernetesversions.init calls framework.init, which eventually calls viper.init
      2. test/helpers/kubernetesversions/template.go:37:2: kubernetesversions.init calls framework.init, which eventually calls v2.init
  3. GO-2025-3595
    • Module: golang.org/x/net
    • Found in: v0.37.0
    • Fixed in: v0.38.0
    • Example Traces:
      1. pkg/rosa/externalauthproviders.go:52:35: rosa.UpdateExternalAuth calls v1.Send, which eventually calls bluemonday.sanitize
  4. GO-2025-3553
    • Module: github.com/golang-jwt/jwt/v4
    • Found in: v4.5.1
    • Fixed in: v4.5.2
    • Example Traces:
      1. pkg/rosa/client.go:51:70: rosa.NewOCMClient calls ocm.Build, which eventually calls authentication.Build

Please review these findings and fix the issues before merging.

bulwark-spectrocloud[bot]
bulwark-spectrocloud bot previously requested changes Oct 8, 2025
View reviewed changes
Copy link

@bulwark-spectrocloud bulwark-spectrocloud bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ GoSec scan found code issues:

  1. G401: Use of weak cryptographic primitive, Severity: MEDIUM
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/pkg/cloud/services/eks/iam/iam.go:532:13
  2. G505: Blocklisted import crypto/sha1: weak cryptographic primitive, Severity: MEDIUM
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/pkg/cloud/services/eks/iam/iam.go:22:2

Please review these findings and fix the issues before merging.

@vishu2498 vishu2498 dismissed bulwark-spectrocloud[bot]’s stale review October 9, 2025 10:50

Vulnerability fixes won't be covered in this PR

bulwark-spectrocloud[bot]
bulwark-spectrocloud bot requested changes Oct 13, 2025
View reviewed changes
Copy link

@bulwark-spectrocloud bulwark-spectrocloud bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ GoVulnCheck scan found vulnerabilities:

  1. GO-2025-3553
    • Module: github.com/golang-jwt/jwt/v4
    • Found in: v4.5.1
    • Fixed in: v4.5.2
    • Example Traces:
      1. pkg/rosa/client.go:51:70: rosa.NewOCMClient calls ocm.Build, which eventually calls authentication.Build

Please review these findings and fix the issues before merging.

bulwark-spectrocloud[bot]
bulwark-spectrocloud bot requested changes Oct 13, 2025
View reviewed changes
Copy link

@bulwark-spectrocloud bulwark-spectrocloud bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ GoSec scan found code issues:

  1. G401: Use of weak cryptographic primitive, Severity: MEDIUM
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/pkg/cloud/services/eks/iam/iam.go:532:13
  2. G505: Blocklisted import crypto/sha1: weak cryptographic primitive, Severity: MEDIUM
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/pkg/cloud/services/eks/iam/iam.go:22:2

Please review these findings and fix the issues before merging.

bulwark-spectrocloud[bot]
bulwark-spectrocloud bot requested changes Oct 16, 2025
View reviewed changes
Copy link

@bulwark-spectrocloud bulwark-spectrocloud bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ GoVulnCheck scan found vulnerabilities:

  1. GO-2025-3553
    • Module: github.com/golang-jwt/jwt/v4
    • Found in: v4.5.1
    • Fixed in: v4.5.2
    • Example Traces:
      1. pkg/rosa/client.go:51:70: rosa.NewOCMClient calls ocm.Build, which eventually calls authentication.Build

Please review these findings and fix the issues before merging.

bulwark-spectrocloud[bot]
bulwark-spectrocloud bot requested changes Oct 16, 2025
View reviewed changes
Copy link

@bulwark-spectrocloud bulwark-spectrocloud bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ GoSec scan found code issues:

  1. G401: Use of weak cryptographic primitive, Severity: MEDIUM
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/pkg/cloud/services/eks/iam/iam.go:532:13
  2. G505: Blocklisted import crypto/sha1: weak cryptographic primitive, Severity: MEDIUM
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/pkg/cloud/services/eks/iam/iam.go:22:2

Please review these findings and fix the issues before merging.

@spectro-prow
Copy link

spectro-prow commented Oct 16, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: snehala27, vishu2498
To complete the pull request process, please assign after the PR has been reviewed.
You can assign the PR to them by writing /assign in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@snehala27 snehala27 merged commit 362cd55 into spectro-master Oct 16, 2025
3 of 7 checks passed
vishu2498 added a commit that referenced this pull request Oct 16, 2025
@vishu2498
PCP-5293 Upgrade controller-runtime version to v0.20.4 (#981)
047fd8f
snehala27 pushed a commit that referenced this pull request Oct 16, 2025
@vishu2498
PCP-5293 Upgrade controller-runtime version to v0.20.4 (#981) (#984)
053b94e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bulwark-spectrocloud bulwark-spectrocloud[bot] bulwark-spectrocloud[bot] requested changes

@snehala27 snehala27 snehala27 approved these changes

@cPu1 cPu1 Awaiting requested review from cPu1

@AmitSahastra AmitSahastra Awaiting requested review from AmitSahastra

Assignees

No one assigned

Labels

auto-backport backport-spectro-release-4.7 size/XL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vishu2498 @spectro-prow @snehala27