Closed harsimranmaan closed 1 week ago
Hi team, can I get some eyes on the related PR. Thanks for your time
There are a couple packaging issues I want to fix before we do another release. It is on my radar for sometime in the next week or two.
Sure, thanks. Lemme know if I can help
Please note that it is desired that the next release be tagged >= v0.15.0 as v0.14.0 was likely published in the past and deleted as evident from the entries in gosumdb. https://pkg.go.dev/github.com/rancher/system-upgrade-controller?tab=versions
@brandond Any updates?
Hi team, it would great if a new release could be published as suc gets flagged for multiple critical vulns. The patches have been merged already,
@brandond Do you need any help to get this moving?
Sorry, there was a bunch of release CI stuff to fix - the changes from https://github.com/rancher/system-upgrade-controller/pull/311 did not actually work to move image publish CI over to GHA.
v0.14.0 should work.
Thanks Brandon but could the release be bumped to v0.15.0? 0.14.0 was likely published in the past and recalled it seems as gosumdb already has entries for it with a different shasum. Please see https://pkg.go.dev/github.com/rancher/system-upgrade-controller?tab=versions
I'm not able to find any references to that tag on GH or Docker Hub, so I have no idea where that would have come from. I can tag 0.15.0 next week when I am back in the office.
You can use v0.14.0-rc4 in the mean time, as that points at the same commit.
There are some public golang CVEs that requires addressing in the suc. Per the security policy, these are patched during the dev cycle. Is there a cadence to expect such patch releases?