Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bump helm client to v0.12.8 #552

Closed
wants to merge 15 commits into from
Closed

bump helm client to v0.12.8 #552

wants to merge 15 commits into from

Conversation

tariq1890
Copy link
Contributor

@tariq1890 tariq1890 commented Feb 26, 2024
edited
Loading

This fixes the HIGH CVE : GHSA-r53h-jv2g-vpx6

NOTE: The latest helm client imports k8s v1.29, so this MR also bumps NFD to v0.15.1 to ensure a consistent dependency tree

@tariq1890 tariq1890 force-pushed the bump-helm-client branch 2 times, most recently from 8f6e575 to eed7b2f Compare February 26, 2024 20:57
@tariq1890
bump helm client to v0.12.8
3fa7c0d 
Signed-off-by: Tariq Ibrahim <[email protected]>
@tariq1890 tariq1890 mentioned this pull request Feb 27, 2024
Closed
ArangoGutierrez
ArangoGutierrez requested changes Feb 27, 2024
View reviewed changes
Copy link
Collaborator

@ArangoGutierrez ArangoGutierrez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this, please create a separate PR for "so this MR also bumps NFD to v0.15.1"

@elezar
Copy link
Member

elezar commented Feb 27, 2024

@tariq1890 does it make sense to bump NFD first and then let delendabot rebase #543?

Note that since we use replace directives in our go modules, we will have to bump the k8s dependencies separately.

@ArangoGutierrez ArangoGutierrez added the dependencies Issue/PR Pull about a dependency file label Feb 27, 2024
@elezar
Copy link
Member

elezar commented Feb 27, 2024

@tariq1890 I believe this was updated as part of #556

Note that the NFD bump is done in #485, but probably requires #558 to bump the go version.

@ArangoGutierrez
Copy link
Collaborator

instead of #558 we ended up doing #559

@tariq1890
Copy link
Contributor Author

I'll rebase the PR

elezar and others added 14 commits February 27, 2024 10:15
@elezar @tariq1890
Use github image as staging image
1c8699f 
Signed-off-by: Evan Lezar <[email protected]>
@elezar @tariq1890
Update k8s.io dependencies as a group
2b9f619 
Signed-off-by: Evan Lezar <[email protected]>
@dependabot @tariq1890
Bump actions/stale from 8 to 9
a723ba4 
Bumps [actions/stale](https://github.com/actions/stale) from 8 to 9.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@v8...v9)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@ArangoGutierrez @tariq1890
Update golang gh-Action to use go-version-file
7118690 
Signed-off-by: Carlos Eduardo Arango Gutierrez <[email protected]>
@elezar @tariq1890
Remove deprecated extensions/v1beta1 static deployment
b31ee45 
Signed-off-by: Evan Lezar <[email protected]>
@dependabot @tariq1890
Bump github.com/NVIDIA/go-gpuallocator from 0.3.1 to 0.3.2
fc33444 
Bumps [github.com/NVIDIA/go-gpuallocator](https://github.com/NVIDIA/go-gpuallocator) from 0.3.1 to 0.3.2.
- [Release notes](https://github.com/NVIDIA/go-gpuallocator/releases)
- [Commits](NVIDIA/go-gpuallocator@v0.3.1...v0.3.2)

---
updated-dependencies:
- dependency-name: github.com/NVIDIA/go-gpuallocator
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@ArangoGutierrez @tariq1890
Edit stale message
093647e 
Signed-off-by: Carlos Eduardo Arango Gutierrez <[email protected]>
@ArangoGutierrez @tariq1890
Increase operations-per-run on stale action
19debfd 
Signed-off-by: Carlos Eduardo Arango Gutierrez <[email protected]>
@elezar @tariq1890
Bump k8s.io dependencies to v0.29.2
48a730a 
Signed-off-by: Evan Lezar <[email protected]>
@elezar @tariq1890
Update github.com/mittwald/go-helm-client to v0.12.8
de10680 
This is required to address an incompatibility with the v0.29.x k8s APIs.

Signed-off-by: Evan Lezar <[email protected]>
@elezar @tariq1890
Extract GOLANG_VERSION from versions.mk
3d7905c 
Signed-off-by: Evan Lezar <[email protected]>
@elezar @tariq1890
Add vendor check to actions
f841007 
Signed-off-by: Evan Lezar <[email protected]>
@elezar @tariq1890
TOFIX: Allow go mod tidy to set go version
a7a9462 
Signed-off-by: Evan Lezar <[email protected]>
@dependabot @tariq1890
Bump sigs.k8s.io/node-feature-discovery from 0.14.2 to 0.15.1
187be3c 
Bumps [sigs.k8s.io/node-feature-discovery](https://github.com/kubernetes-sigs/node-feature-discovery) from 0.14.2 to 0.15.1.
- [Release notes](https://github.com/kubernetes-sigs/node-feature-discovery/releases)
- [Commits](kubernetes-sigs/node-feature-discovery@v0.14.2...v0.15.1)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/node-feature-discovery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@tariq1890
Copy link
Contributor Author

Closing this as this is no longer needed

@tariq1890 tariq1890 closed this Feb 27, 2024
@tariq1890 tariq1890 deleted the bump-helm-client branch February 27, 2024 18:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ArangoGutierrez ArangoGutierrez ArangoGutierrez requested changes

@klueska klueska Awaiting requested review from klueska

@elezar elezar Awaiting requested review from elezar

@cdesiniotis cdesiniotis Awaiting requested review from cdesiniotis

Assignees
No one assigned
Labels
dependencies Issue/PR Pull about a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tariq1890 @elezar @ArangoGutierrez