Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependencies #1913

Merged
merged 1 commit into from
May 9, 2024
Merged

Update dependencies #1913

merged 1 commit into from
May 9, 2024

Conversation

rzetelskik
Copy link
Member

@rzetelskik rzetelskik commented May 8, 2024
edited
Loading

Description of your changes: This PR updates dependencies to latest patch releases to fix GO-2024-2824: A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.

Which issue is resolved by this Pull Request:
Resolves #1912

/kind feature
/priority critical-urgent
/cc zimnx

@scylla-operator-bot scylla-operator-bot bot requested a review from zimnx May 8, 2024 10:35
@scylla-operator-bot scylla-operator-bot bot added kind/feature Categorizes issue or PR as related to a new feature. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. area/dependency Issues or PRs related to dependency changes labels May 8, 2024
@rzetelskik
Copy link
Member Author

/retest

@rzetelskik
Copy link
Member Author

@rzetelskik: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-gke-parallel-clusterip 4559e2b link true /test e2e-gke-parallel-clusterip
ci/prow/e2e-gke-parallel 4559e2b link true /test e2e-gke-parallel
ci/prow/verify 4559e2b link true /test verify
Full PR test history. Your PR dashboard.

https://prow.scylla-operator.scylladb.com/view/gs/scylla-operator-prow/pr-logs/pull/scylladb_scylla-operator/1913/pull-scylla-operator-master-verify/1788205958934040576#1:build-log.txt%3A3
k8s.io/code-generator made a ton of breaking changes, see kubernetes/code-generator@v0.29.3...v0.30.0

this takes more work - changing this PR to only update go version

@scylla-operator-bot scylla-operator-bot bot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels May 8, 2024
@rzetelskik rzetelskik changed the title Update dependencies Update go version to 1.22.3 May 8, 2024
@rzetelskik
Copy link
Member Author

rzetelskik commented May 8, 2024
edited
Loading

@zimnx will this do or should I update dependency patch releases at the least?

@zimnx
Copy link
Collaborator

zimnx commented May 8, 2024

@zimnx will this do or should I update dependency patch releases at the least?

To fix vulnerability it's enough to bump Go.
It's fine for me to bump only Go in this PR, but before we release, it would be good to bump at least patch versions of dependencies.

@rzetelskik rzetelskik changed the title Update go version to 1.22.3 Update dependencies May 8, 2024
@scylla-operator-bot scylla-operator-bot bot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels May 8, 2024
@rzetelskik
Copy link
Member Author

@zimnx will this do or should I update dependency patch releases at the least?

To fix vulnerability it's enough to bump Go.
It's fine for me to bump only Go in this PR, but before we release, it would be good to bump at least patch versions of dependencies.

Let's get this done in one PR then - updated.

zimnx
zimnx approved these changes May 8, 2024
View reviewed changes
Copy link
Collaborator

@zimnx zimnx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm
/assign tnozicka

@scylla-operator-bot scylla-operator-bot bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 8, 2024
@rzetelskik
Copy link
Member Author

@rzetelskik: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-gke-parallel df9e20c link true /test e2e-gke-parallel
Full PR test history. Your PR dashboard.

known manager flake
/retest

tnozicka
tnozicka approved these changes May 9, 2024
View reviewed changes
Copy link
Contributor

@tnozicka tnozicka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree we should bump all the deps by default 👍

/approve
/lgtm

@scylla-operator-bot scylla-operator-bot bot added the lgtm Indicates that a PR is ready to be merged. label May 9, 2024
@scylla-operator-bot scylla-operator-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rzetelskik, tnozicka, zimnx

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@scylla-operator-bot scylla-operator-bot bot merged commit e0b8c10 into scylladb:master May 9, 2024
12 checks passed
@rzetelskik rzetelskik deleted the 1912-fix branch May 9, 2024 07:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zimnx zimnx zimnx approved these changes

@tnozicka tnozicka tnozicka approved these changes

Assignees

@tnozicka tnozicka

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/dependency Issues or PRs related to dependency changes kind/feature Categorizes issue or PR as related to a new feature. lgtm Indicates that a PR is ready to be merged. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
3 participants
@rzetelskik @zimnx @tnozicka