search

kubernetes-sigs / prometheus-adapter

An implementation of the custom.metrics.k8s.io API using Prometheus
Apache License 2.0
1.9k stars 551 forks source link

Cut release v0.11.2 #608

Closed jaybooth4 closed 10 months ago

jaybooth4 commented 1 year ago

This release would address several critical CVEs fixed as part of a golang upgrade performed in https://github.com/kubernetes-sigs/prometheus-adapter/pull/606

k8s-ci-robot commented 1 year ago

Hi @jaybooth4. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
dashpole commented 12 months ago

/assign @dgrisonnet /triage accepted

jaybooth4 commented 11 months ago

Hi @dgrisonnet, are we able to merge this CL to release a new version that addresses the open CVEs?

dashpole commented 10 months ago

/ok-to-test

dgrisonnet commented 10 months ago

@jaybooth4 sorry for the delay. Could you perhaps backport https://github.com/kubernetes-sigs/prometheus-adapter/pull/606 to release-0.11, and open this PR against the release branch as well as master?

I noticed that I incorrectly cut v0.11.1 out of master, but it should've been on release-0.11. I synced the release branch with https://github.com/kubernetes-sigs/prometheus-adapter/pull/613 so it should be good now.

jaybooth4 commented 10 months ago

Hey dgrisonnet, PTAL

https://github.com/kubernetes-sigs/prometheus-adapter/pull/617

https://github.com/kubernetes-sigs/prometheus-adapter/pull/616

Thank you!

jaybooth4 commented 10 months ago

This CL was merged instead: https://github.com/kubernetes-sigs/prometheus-adapter/pull/617

dgrisonnet commented 10 months ago

Both PRs need to be merged, but this one post release so that users can have manifests pointing to the latest release on master

k8s-ci-robot commented 10 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dgrisonnet, jaybooth4

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kubernetes-sigs/prometheus-adapter/blob/master/OWNERS)~~ [dgrisonnet] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment