search

flyteorg / flyte

Scalable and flexible workflow orchestration platform that seamlessly unifies data, ML and analytics stacks.
https://flyte.org
Apache License 2.0
5.75k stars 654 forks source link

[Housekeeping] Release new version of flytectl #5638

Closed bcvanmeurs closed 3 months ago

bcvanmeurs commented 3 months ago

Describe the issue

flytectl/v0.9.0 does not pass our security audits due to a known and fixed CVE in github.com/docker/docker, I noticed that the flytectl dependencies in main are already updated to http://github.com/docker/docker v26.1.5+incompatible which does not have the CVE.

Could you create a new release to fix this?

What if we do not do this?

Flytectl contains known CVE

Related component(s)

No response

Are you sure this issue hasn't been raised already?

Have you read the Code of Conduct?

welcome[bot] commented 3 months ago

Thank you for opening your first issue here! 🛠

runllm[bot] commented 3 months ago

The issue you raised is related to updating the flytectl dependency to a version of github.com/docker/docker that does not contain the CVE. According to this pull request, the dependency has been updated to v24.0.9+incompatible, which addresses several CVEs.

Would you like more details on how to proceed with creating a new release for flytectl?

Sources:

This is an AI-generated response and your feedback is appreciated! Please leave a 👍 if this is helpful and 👎 if it is not.

Mention @runllm to ask follow-up questions. See runllm.com for more!

bcvanmeurs commented 3 months ago

Ah I now see that https://github.com/flyteorg/flyte/pull/5614, which addressed this vulnerability was only recently merged, sorry should have checked that.

eapolinario commented 3 months ago

https://github.com/flyteorg/flyte/releases/tag/flytectl%2Fv0.9.1 is out.