search

openshift / cloud-credential-operator

Manage cloud provider credentials as Kubernetes CRDs
Apache License 2.0
62 stars 143 forks source link

OCPBUGS-37334: SNYK ignore go-client misreporting #734

Closed jstuever closed 1 month ago

jstuever commented 1 month ago

SNYK is misreporting a vulnerability in go-client because it thinks we need v1.17 or higher. However, k8s numbering changed after v1.17 to v0.xx and so SNYK calculates v0.30.2 as less than v1.17.

openshift-ci-robot commented 1 month ago

@jstuever: This pull request references Jira Issue OCPBUGS-37334, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug * bug is open, matching expected state (open) * bug target version (4.17.0) matches configured target version for branch (4.17.0) * bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact: /cc @jianping-shu

The bug has been updated to refer to the pull request using the external bug tracker.

In response to [this](https://github.com/openshift/cloud-credential-operator/pull/734): >SNYK is misreporting a vulnerability in go-client because it thinks we need v1.17 or higher. However, k8s numbering changed after v1.17 to v0.xx and so SNYK calculates v0.30.2 as less than v1.17. Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fcloud-credential-operator). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
jstuever commented 1 month ago

/jira backport release-4.16 release-4.15 release-4.14 release-4.13 release-4.12

jstuever commented 1 month ago

/assign @dlom

dlom commented 1 month ago

I love go dependency versioning!!!

/lgtm

openshift-ci[bot] commented 1 month ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dlom, jstuever

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift/cloud-credential-operator/blob/master/OWNERS)~~ [dlom,jstuever] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
openshift-ci[bot] commented 1 month ago

@jstuever: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
openshift-ci-robot commented 1 month ago

@jstuever: Jira Issue OCPBUGS-37334: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-37334 has been moved to the MODIFIED state.

In response to [this](https://github.com/openshift/cloud-credential-operator/pull/734): >SNYK is misreporting a vulnerability in go-client because it thinks we need v1.17 or higher. However, k8s numbering changed after v1.17 to v0.xx and so SNYK calculates v0.30.2 as less than v1.17. Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fcloud-credential-operator). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
jstuever commented 1 month ago

/jira backport release-4.16,release-4.15,release-4.14,release-4.13,release-4.12

openshift-ci-robot commented 1 month ago

@jstuever: The following backport issues have been created:

Queuing cherrypicks to the requested branches to be created after this PR merges: /cherrypick release-4.16 /cherrypick release-4.15 /cherrypick release-4.14 /cherrypick release-4.13 /cherrypick release-4.12

In response to [this](https://github.com/openshift/cloud-credential-operator/pull/734#issuecomment-2243410558): >/jira backport release-4.16,release-4.15,release-4.14,release-4.13,release-4.12 Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fcloud-credential-operator). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
openshift-cherrypick-robot commented 1 month ago

@openshift-ci-robot: new pull request created: #735

In response to [this](https://github.com/openshift/cloud-credential-operator/pull/734#issuecomment-2243411511): >@jstuever: The following backport issues have been created: >- [OCPBUGS-37418](https://issues.redhat.com//browse/OCPBUGS-37418) for branch release-4.16 >- [OCPBUGS-37419](https://issues.redhat.com//browse/OCPBUGS-37419) for branch release-4.15 >- [OCPBUGS-37420](https://issues.redhat.com//browse/OCPBUGS-37420) for branch release-4.14 >- [OCPBUGS-37421](https://issues.redhat.com//browse/OCPBUGS-37421) for branch release-4.13 >- [OCPBUGS-37422](https://issues.redhat.com//browse/OCPBUGS-37422) for branch release-4.12 > >Queuing cherrypicks to the requested branches to be created after this PR merges: >/cherrypick release-4.16 >/cherrypick release-4.15 >/cherrypick release-4.14 >/cherrypick release-4.13 >/cherrypick release-4.12 > >
> >In response to [this](https://github.com/openshift/cloud-credential-operator/pull/734#issuecomment-2243410558): > >>/jira backport release-4.16,release-4.15,release-4.14,release-4.13,release-4.12 > > >Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fcloud-credential-operator). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository. >

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

openshift-bot commented 1 month ago

[ART PR BUILD NOTIFIER]

Distgit: ose-cloud-credential-operator This PR has been included in build ose-cloud-credential-operator-container-v4.17.0-202407222110.p0.ga6e423c.assembly.stream.el9. All builds following this will include this PR.