-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Security upgrade golang from 1.20 to 1.23.2 #105
base: master
Are you sure you want to change the base?
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN12-EXPAT-7855502 - https://snyk.io/vuln/SNYK-DEBIAN12-EXPAT-7855503 - https://snyk.io/vuln/SNYK-DEBIAN12-GIT-6846203 - https://snyk.io/vuln/SNYK-DEBIAN12-GIT-6846203 - https://snyk.io/vuln/SNYK-DEBIAN12-KRB5-7411315
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Commit Checker results:
|
A set of new images have been built to help with testing out this PR: |
An OCP cluster where you are logged in as cluster admin is required. The Data Science Pipelines team recommends testing this using the Data Science Pipelines Operator. Check here for more information on using the DSPO. To use and deploy a DSP stack with these images (assuming the DSPO is deployed), first save the following YAML to a file named apiVersion: datasciencepipelinesapplications.opendatahub.io/v1alpha1
kind: DataSciencePipelinesApplication
metadata:
name: pr-105
spec:
dspVersion: v2
apiServer:
image: "quay.io/opendatahub/ds-pipelines-api-server:pr-105"
argoDriverImage: "quay.io/opendatahub/ds-pipelines-driver:pr-105"
argoLauncherImage: "quay.io/opendatahub/ds-pipelines-launcher:pr-105"
persistenceAgent:
image: "quay.io/opendatahub/ds-pipelines-persistenceagent:pr-105"
scheduledWorkflow:
image: "quay.io/opendatahub/ds-pipelines-scheduledworkflow:pr-105"
mlmd:
deploy: true # Optional component
grpc:
image: "quay.io/opendatahub/mlmd-grpc-server:latest"
envoy:
image: "registry.redhat.io/openshift-service-mesh/proxyv2-rhel8:2.3.9-2"
mlpipelineUI:
deploy: true # Optional component
image: "quay.io/opendatahub/ds-pipelines-frontend:pr-105"
objectStorage:
minio:
deploy: true
image: 'quay.io/opendatahub/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance' Then run the following: cd $(mktemp -d)
git clone [email protected]:opendatahub-io/data-science-pipelines.git
cd data-science-pipelines/
git fetch origin pull/105/head
git checkout -b pullrequest b5f9400bac79c4934e3bdab65b673a6b1b6bdc3b
oc apply -f dspa.pr-105.yaml More instructions here on how to deploy and test a Data Science Pipelines Application. |
Snyk has created this PR to fix 4 vulnerabilities in the dockerfile dependencies of this project.
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Snyk changed the following file(s):
backend/api/Dockerfile
We recommend upgrading to
golang:1.23.2
, as this image has only 82 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.Vulnerabilities that will be fixed with an upgrade:
SNYK-DEBIAN12-EXPAT-7855502
SNYK-DEBIAN12-EXPAT-7855503
SNYK-DEBIAN12-GIT-6846203
SNYK-DEBIAN12-GIT-6846203
SNYK-DEBIAN12-KRB5-7411315
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.