Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update container builds from go 1.21.5 to 1.21.latest #5097

Merged
merged 1 commit into from
Mar 26, 2024

Conversation

ddl-ebrown
Copy link
Contributor

Tracking issue

https://github.com/flyteorg/flyte/issues/

Why are the changes needed?

The container images include a number of critical and high CVEs that should be addressed.

What changes were proposed in this pull request?

  • go 1.21.5 was released on 12-5-2023 and go 1.21.8 was released on 3-5-2024. During that time a number of high and critical vulns have been addressed

  • This PR changes the build process to float with the latest go release to automatically pick up remediated vulnerabilities rather than pin to a specific go release

  • Ideally there would be a renovate or dependabot process that automatically puts up PRs to this repo to update the pinning, which is safer from a build / test perspective. Without that process in place, it's probably better to float with the latest patch release of go 1.21

How was this patch tested?

Setup process

Screenshots

Check all the applicable boxes

  • I updated the documentation accordingly.
  • All new and existing tests passed.
  • All commits are signed-off.

Related PRs

Docs link

@dosubot dosubot bot added size:S This PR changes 10-29 lines, ignoring generated files. enhancement New feature or request security Issues related to Security improvements labels Mar 22, 2024
 - go 1.21.5 was released on 12-5-2023 and go 1.21.8 was released on
   3-5-2024. During that time a number of high and critical vulns have
   been addressed

 - This PR changes the build process to float with the latest go release
   to automatically pick up remediated vulnerabilities rather than pin
   to a specific go release

 - Ideally there would be a renovate or dependabot process that
   automatically puts up PRs to this repo to update the pinning, which
   is safer from a build / test perspective.  Without that process in
   place, it's probably better to float with the latest patch release of
   go 1.21

Signed-off-by: ddl-ebrown <[email protected]>
@ddl-ebrown ddl-ebrown force-pushed the update-go-1.21-latest branch from c5b8d17 to 64e9f38 Compare March 22, 2024 16:25
Copy link

codecov bot commented Mar 22, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 58.99%. Comparing base (b6f35ad) to head (64e9f38).
Report is 5 commits behind head on master.

Additional details and impacted files
@@            Coverage Diff             @@
##           master    #5097      +/-   ##
==========================================
- Coverage   58.99%   58.99%   -0.01%     
==========================================
  Files         645      645              
  Lines       55648    55648              
==========================================
- Hits        32831    32830       -1     
- Misses      20222    20223       +1     
  Partials     2595     2595              
Flag Coverage Δ
unittests 58.99% <ø> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@ddl-ebrown ddl-ebrown requested a review from eapolinario March 22, 2024 20:29
@ddl-ebrown ddl-ebrown changed the title Update container builds from go 1.21.5 to latest Update container builds from go 1.21.5 to 1.21.latest Mar 22, 2024
@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Mar 26, 2024
@eapolinario eapolinario merged commit 998c9ce into flyteorg:master Mar 26, 2024
47 of 48 checks passed
@eapolinario
Copy link
Contributor

  • Ideally there would be a renovate or dependabot process that automatically puts up PRs to this repo to update the pinning, which is safer from a build / test perspective.

This is a great suggestion. I'm going to investigate how to enable that in dependabot.

@ddl-ebrown ddl-ebrown deleted the update-go-1.21-latest branch March 26, 2024 20:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request lgtm This PR has been approved by a maintainer security Issues related to Security improvements size:S This PR changes 10-29 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants