Skip to content

spark-operator/1.2.5 package update #16852

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

spark-operator/1.2.5 package update #16852

wants to merge 3 commits into from

Conversation

octo-sts[bot]
Copy link
Contributor

@octo-sts octo-sts bot commented Apr 14, 2024

@octo-sts octo-sts bot added request-version-update request for a newer version of a package automated pr labels Apr 14, 2024
@octo-sts octo-sts bot mentioned this pull request Apr 14, 2024
Closed
@debasishbsws debasishbsws self-assigned this Apr 15, 2024
@debasishbsws
Fix Package update and cve
b38607f 
Signed-off-by: Debasish Biswas <[email protected]>
@github-actions GitHub Actions
Copy link
Contributor

Package spark-operator: Click to expand/collapse

Package spark-operator:
Modified: /usr/bin/spark-operator

Package sparkctl: Click to expand/collapse

Package sparkctl:
Modified: /usr/bin/sparkctl

Package spark-operator-oci-entrypoint: Click to expand/collapse

Package spark-operator-oci-entrypoint:
Unchanged

bincapz found differences: Click to expand/collapse

Changed: sparkctl/usr/bin/sparkctl

RISK KEY DESCRIPTION
-2/MEDIUM net/bpf bPF (Berkeley Packet Filter)
-2/MEDIUM procfs/self/exe gets executable associated to this process
-2/MEDIUM ref/words/ddos references DDoS: "DD0S"
+1/LOW cloud/aws/metadata references the AWS EC2 metadata token

Changed: spark-operator/usr/bin/spark-operator

RISK KEY DESCRIPTION
-2/MEDIUM ref/words/ddos references DDoS: "DD0S"
+1/LOW cloud/aws/metadata references the AWS EC2 metadata token
-1/LOW ref/path/hidden possible hidden file path: "/home/build/.cache"

@debasishbsws
Copy link
Member

debasishbsws commented Apr 15, 2024
edited
Loading

As the Kubernetes is already in 1.29.3 and it is replaced by a lower version in upstream.
can't use gobump Error: Failed to run update. Error: package k8s.io/kubernetes with version 'v1.26.2' is already at version v1.29.3

But if we use script to do this we will not notice when there is a version update happening upstream and we will be downgrading the module version here.

I think it should be allowed to downgrade the go module version using gobump with some special flag.

OR is there any way to use gobump for this use case?

hectorj2f
hectorj2f reviewed Apr 15, 2024
View reviewed changes
@debasishbsws
Add droprequire
23b4170 
Signed-off-by: Debasish Biswas <[email protected]>
@github-actions GitHub Actions
Copy link
Contributor

Package spark-operator: Click to expand/collapse

Package spark-operator:
Modified: /usr/bin/spark-operator

Package sparkctl: Click to expand/collapse

Package sparkctl:
Modified: /usr/bin/sparkctl

Package spark-operator-oci-entrypoint: Click to expand/collapse

Package spark-operator-oci-entrypoint:
Unchanged

bincapz found differences: Click to expand/collapse

Changed: sparkctl/usr/bin/sparkctl

RISK KEY DESCRIPTION
-2/MEDIUM net/bpf bPF (Berkeley Packet Filter)
-2/MEDIUM procfs/self/exe gets executable associated to this process
-2/MEDIUM ref/words/ddos references DDoS: "DD0S"
+1/LOW cloud/aws/metadata references the AWS EC2 metadata token

Changed: spark-operator/usr/bin/spark-operator

RISK KEY DESCRIPTION
-2/MEDIUM ref/words/ddos references DDoS: "DD0S"
+1/LOW cloud/aws/metadata references the AWS EC2 metadata token
-1/LOW ref/path/hidden possible hidden file path: "/home/build/.cache"

hectorj2f
hectorj2f reviewed Apr 15, 2024
View reviewed changes
spark-operator.yaml
deps: golang.org/x/[email protected] google.golang.org/[email protected] golang.org/x/[email protected] k8s.io/[email protected] google.golang.org/[email protected]
replaces: golang.org/x/crypto=golang.org/x/[email protected]
show-diff: true
# Note about the Found CVE here
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can add a note about the reason to add these changes here.

@octo-sts octo-sts bot closed this Apr 16, 2024
@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Apr 16, 2024

superseded by #16987

@octo-sts octo-sts bot deleted the wolfictl-e968be78-fa9d-4641-acac-4e835531d837 branch April 17, 2024 00:15
@philroche philroche mentioned this pull request Sep 5, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hectorj2f hectorj2f hectorj2f left review comments

@debasishbsws debasishbsws debasishbsws left review comments

Assignees

@debasishbsws debasishbsws

Labels
automated pr request-version-update request for a newer version of a package
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@debasishbsws @hectorj2f @wolfi-bot