search

yunify / qingcloud-csi

Kubernetes volume plugin based on CSI specification which support block storage of qingcloud
Apache License 2.0
36 stars 22 forks source link

update kubernetes dependency #198

Closed stoneshi-yunify closed 2 years ago

stoneshi-yunify commented 2 years ago

What would you like to be added: current this csi is using k8s.io/kubernetes v1.14.1 which reported by github Dependabot has security issues. github recommends upgrade k8s.io/kubernetes to version 1.19.15 or later.

I guess packages below will all be upgraded together:

    k8s.io/apiextensions-apiserver v0.0.0-20190823014223-07b4561f8b0e // indirect
    k8s.io/apimachinery v0.0.0-20190823012420-8ca64af22337
    k8s.io/apiserver v0.0.0-20190823053033-1316076af51c // indirect
    k8s.io/client-go v0.0.0-20190823012814-cdbd92c111cf
    k8s.io/cloud-provider v0.0.0-20190717025205-585d8110a88f // indirect
    k8s.io/klog v0.4.0
    k8s.io/kube-openapi v0.0.0-20190718094010-3cf2ea392886 // indirect
    k8s.io/kubernetes v1.14.1

Why is this needed: for security issues.

f10atin9 commented 2 years ago

In this issue , I saw that depending on k8s.io/kubernetes directly as a library, which is not recommend. Should we remove k8s.io/kubernetes and update other standalone modules at the same time?

stoneshi-yunify commented 2 years ago

sure, go ahead

f10atin9 commented 2 years ago

The new module was found to be incompatible when updated, so this issue will be closed