Closed kevinrizza closed 3 months ago
@kevinrizza: This pull request references Jira Issue OCPBUGS-30491, which is valid. The bug has been moved to the POST state.
Requesting review from QA contact: /cc @kuiwang02
The bug has been updated to refer to the pull request using the external bug tracker.
@kevinrizza: This pull request references Jira Issue OCPBUGS-30491, which is valid.
Requesting review from QA contact: /cc @kuiwang02
I forget that we have this downstream-only piece that coordinates v1 as a third-order operator. I don't want dependabot running on ocp payload repos per se, but I'm a little concerned if cves are the primary motive force for bumping dependencies.
/lgtm
I'm a little concerned if cves are the primary motive force for bumping dependencies.
Agreed, we need to have a better feedback loop on this component (and a couple more, to be honest)
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: everettraven, kevinrizza
The full list of commands accepted by this bot can be found here.
The pull request process is described here
I'm a little concerned if cves are the primary motive force for bumping dependencies.
Agreed, we need to have a better feedback loop on this component (and a couple more, to be honest)
cough cough marketplace
@kevinrizza: all tests passed!
Full PR test history. Your PR dashboard.
@kevinrizza: Jira Issue OCPBUGS-30491: All pull requests linked via external trackers have merged:
Jira Issue OCPBUGS-30491 has been moved to the MODIFIED state.
[ART PR BUILD NOTIFIER]
This PR has been included in build ose-cluster-olm-operator-container-v4.16.0-202404052115.p0.gdac19db.assembly.stream.el8 for distgit ose-cluster-olm-operator. All builds following this will include this PR.
Fix included in accepted release 4.16.0-0.nightly-2024-04-06-153705
Update kube to latest 1.27 to resolve CVE-2024-24786