Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade dependencies #6332

Merged
merged 1 commit into from
Sep 12, 2023
Merged

Upgrade dependencies #6332

merged 1 commit into from
Sep 12, 2023

Conversation

inteon
Copy link
Member

@inteon inteon commented Sep 12, 2023
edited

Upgrade all dependencies.

I aim to backport this to the release-1.13 branch.

Kind

/kind cleanup

Release Note

NONE

@jetstack-bot jetstack-bot added release-note-none Denotes a PR that doesn't merit a release note. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. labels Sep 12, 2023
@inteon inteon changed the title upgrade depdencies Upgrade dependencies Sep 12, 2023
@jetstack-bot jetstack-bot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. area/acme Indicates a PR directly modifies the ACME Issuer code labels Sep 12, 2023
@jetstack-bot jetstack-bot added the area/testing Issues relating to testing label Sep 12, 2023
@inteon inteon mentioned this pull request Sep 12, 2023
Closed
@jetstack-bot jetstack-bot added the area/deploy Indicates a PR modifies deployment configuration label Sep 12, 2023
@inteon
Copy link
Member Author

inteon commented Sep 12, 2023

/cherry-pick release-1.13

@jetstack-bot
Copy link
Contributor

@inteon: once the present PR merges, I will cherry-pick it on top of release-1.13 in a new PR and assign it to you.

In response to this:

/cherry-pick release-1.13

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@inteon @pmerrison
upgrade dependencies
9749f12 
Co-authored-by: Paul Merrison <paul@tetrate.io>
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
wallrj
wallrj approved these changes Sep 12, 2023
View reviewed changes
Copy link
Member

@wallrj wallrj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@inteon lgtm, but strictly there should be another beta release if you backport these to release-1.13, right? Because some of these, such as gateway API are minor upgrades rather than patch upgrades.

Please add comments to the PR explaining which of these upgrades are intended to fix the failing trivvy tests:

And shouldn't those security fixes be split into a separate PR, which we can also cherry pick to release 1.12?

You can't cherry pick this PR to 1.12, right?

/lgtm
/hold

@jetstack-bot jetstack-bot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. lgtm Indicates that a PR is ready to be merged. labels Sep 12, 2023
@jetstack-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: wallrj

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jetstack-bot jetstack-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 12, 2023
@inteon
Copy link
Member Author

inteon commented Sep 12, 2023
edited

The trivy test was fixed in #6333.

This PR just upgrades all dependencies before releasing, I think it is ok to upgrade minor upgrades rather than patch upgrades just so we release a version with all the latest dependencies. Maybe we should do that before the beta in the future instead.

It also includes some upgrades (like #6326) which have been upgraded because of some security alerts. But trivy is not complaining about these dependencies, so I think it is ok not to backport to 1.12.

@inteon
Copy link
Member Author

inteon commented Sep 12, 2023

/unhold

@jetstack-bot jetstack-bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 12, 2023
@jetstack-bot jetstack-bot merged commit a91834e into cert-manager:master Sep 12, 2023
7 checks passed
@jetstack-bot jetstack-bot mentioned this pull request Sep 12, 2023
Merged
@jetstack-bot
Copy link
Contributor

@inteon: new pull request created: #6338

In response to this:

/cherry-pick release-1.13

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@inteon inteon mentioned this pull request Sep 26, 2023
Closed
@inteon inteon mentioned this pull request Sep 26, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wallrj wallrj wallrj approved these changes

@maelvls maelvls Awaiting requested review from maelvls

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/acme Indicates a PR directly modifies the ACME Issuer code area/deploy Indicates a PR modifies deployment configuration area/testing Issues relating to testing dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm Indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@inteon @jetstack-bot @wallrj