Closed rexagod closed 3 months ago
v2.12.0+
will be released through an automated workflow, pushing shortly.
Is there any plan to fix https://github.com/advisories/GHSA-5f94-vhjq-rpg8 and https://github.com/advisories/GHSA-vvjp-q62m-2vph CVE's with this release? Fix is to build with 1.21.5 or 1.21.12.
/assign @dgrisonnet /triage accepted
when is the plan to release this version?
Can you fix the markdown lint and rebase the release-2.11 branch on main first to reduce the delta to a minimum (that will help with merging it back)? https://github.com/kubernetes/kube-state-metrics/compare/release-2.11...main
Also I would suggest to wait for tomorrow until go 1.21.8 is released, see: https://groups.google.com/g/golang-announce/c/smSYdsWaO4o
/lgtm
/hold for @rexagod to unhold.
@dgrisonnet I believe this is good to go in now, but seeing as https://github.com/kubernetes/kube-state-metrics/pull/2270#issuecomment-1955093046 might be an /lgtm
away, can we merge and include that here as well?
/unhold /lgtm
Will include #2270 in the next release, going forward with this one since this has been in the pipeline for a while.
@rexagod: you cannot LGTM your own PR.
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: mrueg, rexagod
The full list of commands accepted by this bot can be found here.
The pull request process is described here
Signed-off-by: Pranshu Srivastava rexagod@gmail.com
Fixes #2293