Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(sec): upgrade runc version v1.0.2 -> v1.1.2 #8050

Merged
merged 1 commit into from
Nov 8, 2022
Merged

fix(sec): upgrade runc version v1.0.2 -> v1.1.2 #8050

merged 1 commit into from
Nov 8, 2022

Conversation

aaron-prindle
Copy link
Contributor

No description provided.

This was referenced Nov 7, 2022
Closed
Closed
@codecov
Copy link

codecov bot commented Nov 7, 2022
edited
Loading

Codecov Report

Merging #8050 (b5d719b) into main (290280e) will decrease coverage by 3.98%.
The diff coverage is 53.77%.

@@            Coverage Diff             @@
##             main    #8050      +/-   ##
==========================================
- Coverage   70.48%   66.49%   -3.99%     
==========================================
  Files         515      597      +82     
  Lines       23150    29146    +5996     
==========================================
+ Hits        16317    19382    +3065     
- Misses       5776     8327    +2551     
- Partials     1057     1437     +380
Impacted Files Coverage Δ
cmd/skaffold/app/cmd/credits/export.go 0.00% <0.00%> (ø)
cmd/skaffold/app/cmd/deploy.go 40.90% <0.00%> (-12.94%) ⬇️
cmd/skaffold/app/cmd/test.go 44.44% <0.00%> (ø)
cmd/skaffold/app/exitcode.go 100.00% <ø> (+6.66%) ⬆️
cmd/skaffold/skaffold.go 0.00% <0.00%> (ø)
cmd/skaffold/app/cmd/inspect_tests.go 62.50% <14.28%> (-1.14%) ⬇️
cmd/skaffold/app/cmd/render.go 35.48% <18.18%> (-5.90%) ⬇️
cmd/skaffold/app/cmd/lsp.go 28.12% <28.12%> (ø)
cmd/skaffold/app/cmd/run.go 64.28% <33.33%> (-9.63%) ⬇️
cmd/skaffold/app/cmd/fix.go 56.41% <37.50%> (-20.07%) ⬇️
... and 394 more

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@aaron-prindle aaron-prindle force-pushed the merge-security-bot-prs branch from a04c32d to 26ef356 Compare November 8, 2022 04:49
ericzzzzzzz
ericzzzzzzz reviewed Nov 8, 2022
View reviewed changes
go.mod Outdated Show resolved Hide resolved
gsquared94
gsquared94 reviewed Nov 8, 2022
View reviewed changes
go.mod Outdated
@@ -95,7 +95,7 @@ require (
google.golang.org/grpc v1.49.0
google.golang.org/protobuf v1.28.1
gopkg.in/yaml.v2 v2.4.0
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
gopkg.in/yaml.v3 v3.0.0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I remember there was a reason we were pinned to a specific version of yaml.v3 although I don't recall what it was.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

aah here it is:

skaffold/go.mod

Lines 11 to 14 in 9802b0e

// pin yamlv3 to parent of https://github.com/go-yaml/yaml/commit/ae27a744346343ea814bd6f3bdd41d8669b172d0
// Avoid indenting sequences.
gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, I can hold off on this then and try to understand more why we pin atm. There was a security bot that suggested this change which is the context here

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed the PR to only update runc due to comments here

@aaron-prindle
Copy link
Contributor Author

Changed this PR to only update runc

@aaron-prindle aaron-prindle force-pushed the merge-security-bot-prs branch from e544649 to b5d719b Compare November 8, 2022 20:05
@aaron-prindle aaron-prindle changed the title fix(sec): upgrade runc and gopkg.in/yaml.v3 versions fix(sec): upgrade runc version v1.0.2 -> v1.1.2 Nov 8, 2022
@aaron-prindle aaron-prindle merged commit 332b6c1 into GoogleContainerTools:main Nov 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gsquared94 gsquared94 gsquared94 left review comments

@ericzzzzzzz ericzzzzzzz ericzzzzzzz approved these changes

Assignees
No one assigned
Labels
size/XS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@aaron-prindle @gsquared94 @ericzzzzzzz