search

openshift / oc

The OpenShift Command Line, part of OKD
https://www.openshift.org
Apache License 2.0
185 stars 373 forks source link

WRKLDS-1292: oc k8s 1.30 bump #1789

Closed ardaguclu closed 1 month ago

ardaguclu commented 1 month ago

There is a good attempt https://github.com/openshift/oc/pull/1788 to cover CVE fixes. However, first we need to land k8s 1.30 changes into the oc. Therefore, this PR tries to combine both of them.

This PR bumps;

Additionally since runc indirect import comes from library-go and library-go still uses 1.1.10, in order to cover CVEs, this PR manually modifies this indirect import by bumping it to v1.1.12.

openshift-ci-robot commented 1 month ago

@ardaguclu: This pull request references WRKLDS-1292 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.17.0" version, but no target version was set.

In response to [this](https://github.com/openshift/oc/pull/1789): >There is an good attempt to cover CVE fixes https://github.com/openshift/oc/pull/1788. However, first we need to land k8s 1.30 changes into the oc. Therefore, this PR tries to combine both of them. > >This PR bumps; >* k8s dependencies to 1.30.1 >* go version to 1.22.0 (and toolchain 1.22.1) >* containers/image/v5 to v5.30.1 >* aws-sdk-go to v1.53.12 > >Additionally since runc indirect import comes from library-go and library-go still uses 1.1.10, in order to cover CVEs, this PR manually modifies this indirect import by bumping it to v1.1.12. Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Foc). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
openshift-ci-robot commented 1 month ago

@ardaguclu: This pull request references WRKLDS-1292 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.17.0" version, but no target version was set.

In response to [this](https://github.com/openshift/oc/pull/1789): >There is a good attempt https://github.com/openshift/oc/pull/1788 to cover CVE fixes. However, first we need to land k8s 1.30 changes into the oc. Therefore, this PR tries to combine both of them. > >This PR bumps; >* k8s dependencies to 1.30.1 >* go version to 1.22.0 (and toolchain 1.22.1) >* containers/image/v5 to v5.30.1 >* aws-sdk-go to v1.53.12 > >Additionally since runc indirect import comes from library-go and library-go still uses 1.1.10, in order to cover CVEs, this PR manually modifies this indirect import by bumping it to v1.1.12. Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Foc). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
openshift-ci-robot commented 1 month ago

@ardaguclu: This pull request references WRKLDS-1292 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.17.0" version, but no target version was set.

In response to [this](https://github.com/openshift/oc/pull/1789): >There is a good attempt https://github.com/openshift/oc/pull/1788 to cover CVE fixes. However, first we need to land k8s 1.30 changes into the oc. Therefore, this PR tries to combine both of them. > >This PR bumps; >* k8s dependencies to 1.30.1 >* go version to 1.22.0 (and toolchain 1.22.1) >* containers/image/v5 to v5.30.1 >* aws-sdk-go to v1.53.12 > >Additionally since runc indirect import comes from library-go and library-go still uses 1.1.10, in order to cover CVEs, this PR manually modifies this indirect import by bumping it to v1.1.12. Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Foc). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
ardaguclu commented 1 month ago

/retest

openshift-ci-robot commented 1 month ago

@ardaguclu: This pull request references WRKLDS-1292 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.17.0" version, but no target version was set.

In response to [this](https://github.com/openshift/oc/pull/1789): >There is a good attempt https://github.com/openshift/oc/pull/1788 to cover CVE fixes. However, first we need to land k8s 1.30 changes into the oc. Therefore, this PR tries to combine both of them. > >This PR bumps; >* k8s dependencies to 1.30.1 >* go version to 1.22.0 (and toolchain 1.22.1) >* containers/image/v5 to v5.30.1 >* aws-sdk-go to v1.53.12 > >Additionally since runc indirect import comes from library-go and library-go still uses 1.1.10, in order to cover CVEs, this PR manually modifies this indirect import by bumping it to v1.1.12. Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Foc). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
ardaguclu commented 1 month ago

/test all

ardaguclu commented 1 month ago

/uncc @gabemontero @mfojtik

ardaguclu commented 1 month ago

/retest

psalajova commented 1 month ago

/test all

ardaguclu commented 1 month ago

/retest

ardaguclu commented 1 month ago

/retest

ardaguclu commented 1 month ago

CI results are promising, but for now we need to hold it due to https://github.com/openshift/kubernetes/pull/1984/ /hold /cc @ingvagabund

ardaguclu commented 1 month ago

/unhold

ingvagabund commented 1 month ago

/lgtm

openshift-ci[bot] commented 1 month ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ardaguclu, ingvagabund

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift/oc/blob/master/OWNERS)~~ [ardaguclu] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
openshift-ci-robot commented 1 month ago

/retest-required

Remaining retests: 0 against base HEAD 0bea0594b2cdb44de33be3a96f8ac2cf68e10ee2 and 2 for PR HEAD 752390593e5aff7b1505aa4ed65f139ed94f9f4b in total

openshift-ci-robot commented 1 month ago

/retest-required

Remaining retests: 0 against base HEAD 143d40519485a7d11cbb92097357c1ed44b1e655 and 1 for PR HEAD 752390593e5aff7b1505aa4ed65f139ed94f9f4b in total

openshift-ci[bot] commented 1 month ago

@ardaguclu: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).