-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade dependencies #6332
Upgrade dependencies #6332
Conversation
/cherry-pick release-1.13 |
@inteon: once the present PR merges, I will cherry-pick it on top of release-1.13 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Co-authored-by: Paul Merrison <paul@tetrate.io> Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@inteon lgtm, but strictly there should be another beta release if you backport these to release-1.13, right? Because some of these, such as gateway API are minor upgrades rather than patch upgrades.
Please add comments to the PR explaining which of these upgrades are intended to fix the failing trivvy tests:
And shouldn't those security fixes be split into a separate PR, which we can also cherry pick to release 1.12?
You can't cherry pick this PR to 1.12, right?
/lgtm
/hold
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: wallrj The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
The trivy test was fixed in #6333. This PR just upgrades all dependencies before releasing, I think it is ok to upgrade minor upgrades rather than patch upgrades just so we release a version with all the latest dependencies. Maybe we should do that before the beta in the future instead. It also includes some upgrades (like #6326) which have been upgraded because of some security alerts. But trivy is not complaining about these dependencies, so I think it is ok not to backport to 1.12. |
/unhold |
@inteon: new pull request created: #6338 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Upgrade all dependencies.
I aim to backport this to the release-1.13 branch.
Kind
/kind cleanup
Release Note