search

openshift / cluster-olm-operator

OpenShift operator that manages the Operator Lifecycle Manager components
Apache License 2.0
0 stars 20 forks source link

OCPBUGS-30491: Update kube dep to 1.27.12 #48

Closed kevinrizza closed 3 months ago

kevinrizza commented 3 months ago

Update kube to latest 1.27 to resolve CVE-2024-24786

openshift-ci-robot commented 3 months ago

@kevinrizza: This pull request references Jira Issue OCPBUGS-30491, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug * bug is open, matching expected state (open) * bug target version (4.16.0) matches configured target version for branch (4.16.0) * bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact: /cc @kuiwang02

The bug has been updated to refer to the pull request using the external bug tracker.

In response to [this](https://github.com/openshift/cluster-olm-operator/pull/48): > Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fcluster-olm-operator). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
openshift-ci-robot commented 3 months ago

@kevinrizza: This pull request references Jira Issue OCPBUGS-30491, which is valid.

3 validation(s) were run on this bug * bug is open, matching expected state (open) * bug target version (4.16.0) matches configured target version for branch (4.16.0) * bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact: /cc @kuiwang02

In response to [this](https://github.com/openshift/cluster-olm-operator/pull/48): >Update kube to latest 1.27 to resolve [CVE-2024-24786](https://access.redhat.com/security/cve/CVE-2024-24786) Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fcluster-olm-operator). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
grokspawn commented 3 months ago

I forget that we have this downstream-only piece that coordinates v1 as a third-order operator. I don't want dependabot running on ocp payload repos per se, but I'm a little concerned if cves are the primary motive force for bumping dependencies.

/lgtm

kevinrizza commented 3 months ago

I'm a little concerned if cves are the primary motive force for bumping dependencies.

Agreed, we need to have a better feedback loop on this component (and a couple more, to be honest)

openshift-ci[bot] commented 3 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: everettraven, kevinrizza

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift/cluster-olm-operator/blob/main/OWNERS)~~ [kevinrizza] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
grokspawn commented 3 months ago

I'm a little concerned if cves are the primary motive force for bumping dependencies.

Agreed, we need to have a better feedback loop on this component (and a couple more, to be honest)

cough cough marketplace

openshift-ci[bot] commented 3 months ago

@kevinrizza: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
openshift-ci-robot commented 3 months ago

@kevinrizza: Jira Issue OCPBUGS-30491: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-30491 has been moved to the MODIFIED state.

In response to [this](https://github.com/openshift/cluster-olm-operator/pull/48): >Update kube to latest 1.27 to resolve [CVE-2024-24786](https://access.redhat.com/security/cve/CVE-2024-24786) Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fcluster-olm-operator). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
openshift-bot commented 3 months ago

[ART PR BUILD NOTIFIER]

This PR has been included in build ose-cluster-olm-operator-container-v4.16.0-202404052115.p0.gdac19db.assembly.stream.el8 for distgit ose-cluster-olm-operator. All builds following this will include this PR.

openshift-merge-robot commented 3 months ago

Fix included in accepted release 4.16.0-0.nightly-2024-04-06-153705