search

pravega / pravega-operator

Pravega Kubernetes Operator
Apache License 2.0
41 stars 38 forks source link

update alpine image to 3.15 #615

Closed nishant-yt closed 2 years ago

nishant-yt commented 2 years ago

Signed-off-by: Nishant Gupta Nishant_Gupta3@dell.com

Change log description

The latest pravega-operator image has OpenSSL 1.1.1l installed which contains CVE-2021-4160 . This has been fixed in OpenSSL 1.1.1m+ versions. Though the alpine:3.14 has OpenSSL 1.1.1n , it seems the latest pravega-operator image does not contains that fix. So it's recommended to update the alpine image from 3.14 --> 3.15

Purpose of the change

Fixes #614

What the code does

Updates the alpine image to 3.15 and updates the golang version to 1.16.15

How to verify it

By running pravega-operator pod with the latest alpine image and making sure OpenSSL 1.1.1m+ version in installed

codecov-commenter commented 2 years ago

Codecov Report

Merging #615 (9284773) into master (0d63251) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #615   +/-   ##
=======================================
  Coverage   75.09%   75.09%           
=======================================
  Files          16       16           
  Lines        4525     4525           
=======================================
  Hits         3398     3398           
  Misses        993      993           
  Partials      134      134

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 0d63251...9284773. Read the comment docs.