search

redhat-developer / kam

GitOps Application Manager: An opinionated CLI that generates the Kubernetes resources for managing your Tekton-based CI manifests, ArgoCD-based CD manifests and Application manifests in Git.
Apache License 2.0
145 stars 83 forks source link

Update openshift/client-go dep to fix CVE-2023-37788 #343

Closed svghadi closed 1 year ago

svghadi commented 1 year ago

What type of PR is this? /kind bug

What does this PR do / why we need it: Kam is affected by CVE-2023-37788 due to indirect goproxy dependency pulled by openshift/client-go library. The goproxy dependency is dropped from v1.27.0 versions of kubernetes libraries.

This PR updates openshift/client-go to get rid of affected k8s libraries.

Which issue(s) this PR fixes:

GITOPS-3142

How to test changes / Special notes to the reviewer:

svghadi commented 1 year ago

/retest

svghadi commented 1 year ago

PR to fix failing tests https://github.com/redhat-developer/kam/pull/345

codecov-commenter commented 1 year ago

Codecov Report

Patch and project coverage have no change.

Comparison is base (787d8c0) 58.61% compared to head (be43465) 58.61%.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #343 +/- ## ======================================= Coverage 58.61% 58.61% ======================================= Files 57 57 Lines 2885 2885 ======================================= Hits 1691 1691 Misses 1028 1028 Partials 166 166 ``` | [Flag](https://app.codecov.io/gh/redhat-developer/kam/pull/343/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=redhat-developer) | Coverage Δ | | |---|---|---| | [unittests](https://app.codecov.io/gh/redhat-developer/kam/pull/343/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=redhat-developer) | `58.61% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=redhat-developer#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

iam-veeramalla commented 1 year ago

/lgtm /approved

openshift-ci[bot] commented 1 year ago

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/redhat-developer/kam/blob/master/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment