-
Notifications
You must be signed in to change notification settings - Fork 117
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Align knative/serving version across Modelmesh repositories #483
Comments
Affected repositories:
|
And They all describe the same vulnerability, however. The Snyk and CVE reports recommend several "safe" versions to upgrade to. However, that list is not exhaustive. In fact the fix knative/serving#14523 for the vulnerability was back-ported to several release streams:
|
Ideally, we should be using the latest 0.3X.x, right? |
Well, possibly, yes, but we do need to pick the (latest) |
Indeed. |
Describe the bug
Recently we had 2 CVEs in the
knative/serving
component which led us to update it to a newer version that would require k8s dependencies to be bumped to 0.27.x., but it is incompatible withcontroller-runtime
0.14.x.For this reason, to be able to update the
knative/serving
to a newer version we had to pin down the k8s version to 0.26.x.There are two vulnerabilities that are fixed by bumping Knative to 0.39.3:
To property update it, we would need, first, address #481 to not need to pin the k8s version, once it is updated, we can revert the replace tag changes and start using k8s 0.27.x
The text was updated successfully, but these errors were encountered: