Update dependencies - Githubissues

scylladb / scylla-operator

The Kubernetes Operator for ScyllaDB

https://operator.docs.scylladb.com/

Apache License 2.0

332 stars 162 forks source link

Update dependencies #1913

Closed rzetelskik closed 4 months ago

rzetelskik commented 4 months ago

Description of your changes: This PR updates dependencies to latest patch releases to fix GO-2024-2824: A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.

Which issue is resolved by this Pull Request: Resolves #1912

/kind feature /priority critical-urgent /cc zimnx

rzetelskik commented 4 months ago

/retest

rzetelskik commented 4 months ago

@rzetelskik: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command ci/prow/e2e-gke-parallel-clusterip 4559e2b link true /test e2e-gke-parallel-clusterip ci/prow/e2e-gke-parallel 4559e2b link true /test e2e-gke-parallel ci/prow/verify 4559e2b link true /test verify Full PR test history. Your PR dashboard.

https://prow.scylla-operator.scylladb.com/view/gs/scylla-operator-prow/pr-logs/pull/scylladb_scylla-operator/1913/pull-scylla-operator-master-verify/1788205958934040576#1:build-log.txt%3A3 k8s.io/code-generator made a ton of breaking changes, see https://github.com/kubernetes/code-generator/compare/v0.29.3...v0.30.0

this takes more work - changing this PR to only update go version

rzetelskik commented 4 months ago

@zimnx will this do or should I update dependency patch releases at the least?

zimnx commented 4 months ago

@zimnx will this do or should I update dependency patch releases at the least?

To fix vulnerability it's enough to bump Go. It's fine for me to bump only Go in this PR, but before we release, it would be good to bump at least patch versions of dependencies.

rzetelskik commented 4 months ago

@zimnx will this do or should I update dependency patch releases at the least?

To fix vulnerability it's enough to bump Go. It's fine for me to bump only Go in this PR, but before we release, it would be good to bump at least patch versions of dependencies.

Let's get this done in one PR then - updated.

rzetelskik commented 4 months ago

@rzetelskik: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command ci/prow/e2e-gke-parallel df9e20c link true /test e2e-gke-parallel Full PR test history. Your PR dashboard.

known manager flake /retest

scylla-operator-bot[bot] commented 4 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rzetelskik, tnozicka, zimnx

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/scylladb/scylla-operator/blob/master/OWNERS)~~ [tnozicka,zimnx] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment