search

openshift / node-feature-discovery

Node feature discovery, detects the available hardware features and configuration in a cluster.
Apache License 2.0
14 stars 26 forks source link

OCPBUGS-26267: update 4.14 vendor libraries for SAST scanner #129

Closed chr15p closed 6 months ago

chr15p commented 7 months ago

This will fix most of the SAST security scanner results reported in OCPBUGS-26267 by updating go.mod and the vendor directory to the versions used in 4.16.

It will still leave at least one SAST reported error in the hooks code open, that should be fixed in a future PR

openshift-ci[bot] commented 7 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: chr15p

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift/node-feature-discovery/blob/release-4.14/OWNERS)~~ [chr15p] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
openshift-ci[bot] commented 7 months ago

@chr15p: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
yevgeny-shnaidman commented 7 months ago

/lgtm

yevgeny-shnaidman commented 7 months ago

/label backport-risk-assessed

openshift-ci-robot commented 7 months ago

@chr15p: This pull request references Jira Issue OCPBUGS-26267, which is invalid:

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to [this](https://github.com/openshift/node-feature-discovery/pull/129): >This will fix most of the SAST security scanner results reported in [OCPBUGS-26267](https://issues.redhat.com/browse/OCPBUGS-26267) by updating go.mod and the vendor directory to the versions used in 4.16. > >It will still leave at least one SAST reported error in the hooks code open, that should be fixed in a future PR Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fnode-feature-discovery). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
chr15p commented 7 months ago

/jira refresh

openshift-ci-robot commented 7 months ago

@chr15p: This pull request references Jira Issue OCPBUGS-26267, which is invalid:

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to [this](https://github.com/openshift/node-feature-discovery/pull/129#issuecomment-1959348809): >/jira refresh Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fnode-feature-discovery). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
chr15p commented 6 months ago

/jira refresh

openshift-ci-robot commented 6 months ago

@chr15p: This pull request references Jira Issue OCPBUGS-26267, which is invalid:

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to [this](https://github.com/openshift/node-feature-discovery/pull/129#issuecomment-2020067274): >/jira refresh Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fnode-feature-discovery). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
chr15p commented 6 months ago

/jira refresh

openshift-ci-robot commented 6 months ago

@chr15p: This pull request references Jira Issue OCPBUGS-26267, which is valid. The bug has been moved to the POST state.

6 validation(s) were run on this bug * bug is open, matching expected state (open) * bug target version (4.14.z) matches configured target version for branch (4.14.z) * bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST) * dependent bug [Jira Issue OCPBUGS-25329](https://issues.redhat.com//browse/OCPBUGS-25329) is in the state Verified, which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA)) * dependent [Jira Issue OCPBUGS-25329](https://issues.redhat.com//browse/OCPBUGS-25329) targets the "4.15.z" version, which is one of the valid target versions: 4.15.0, 4.15.z * bug has dependents

No GitHub users were found matching the public email listed for the QA contact in Jira (ggordani@redhat.com), skipping review request.

In response to [this](https://github.com/openshift/node-feature-discovery/pull/129#issuecomment-2045135805): >/jira refresh Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fnode-feature-discovery). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
chr15p commented 6 months ago

/label cherry-pick-approved

openshift-ci[bot] commented 6 months ago

@chr15p: Can not set label cherry-pick-approved: Must be member in one of these teams: []

In response to [this](https://github.com/openshift/node-feature-discovery/pull/129#issuecomment-2045144201): >/label cherry-pick-approved Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
ggordaniRed commented 6 months ago

/label cherry-pick-approved

openshift-ci-robot commented 6 months ago

@chr15p: Jira Issue OCPBUGS-26267: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-26267 has been moved to the MODIFIED state.

In response to [this](https://github.com/openshift/node-feature-discovery/pull/129): >This will fix most of the SAST security scanner results reported in [OCPBUGS-26267](https://issues.redhat.com/browse/OCPBUGS-26267) by updating go.mod and the vendor directory to the versions used in 4.16. > >It will still leave at least one SAST reported error in the hooks code open, that should be fixed in a future PR Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fnode-feature-discovery). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
openshift-bot commented 6 months ago

[ART PR BUILD NOTIFIER]

This PR has been included in build node-feature-discovery-container-v4.14.0-202404091009.p0.g7e68ae8.assembly.stream.el8 for distgit node-feature-discovery. All builds following this will include this PR.