Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bump go-toolset, and retarget tests #441

Merged
merged 3 commits into from
Aug 21, 2023
Merged

bump go-toolset, and retarget tests #441

merged 3 commits into from
Aug 21, 2023

Conversation

sjhx
Copy link
Member

@sjhx sjhx commented Jul 10, 2023

resolving vulnerabilities reported in go-toolset

Vulnerability ID Policy Status Affected Packages How to Resolve
CVE-2023-29404 Active golang and golang Upgrade 2 packages. Re-run command with --extended to view.
CVE-2023-29405 Active golang and golang Upgrade 2 packages. Re-run command with --extended to view.
CVE-2023-24540 Active golang and golang Upgrade 2 packages. Re-run command with --extended to view.
CVE-2022-41724 Active golang and golang Upgrade 2 packages. Re-run command with --extended to view.
CVE-2022-41725 Active golang and golang Upgrade 2 packages. Re-run command with --extended to view.
CVE-2023-29402 Active golang and golang Upgrade 2 packages. Re-run command with --extended to view.
CVE-2023-29403 Active golang and golang Upgrade 2 packages. Re-run command with --extended to view.

@sjhx
bump go-toolset
9fcee01 
Signed-off-by: Stuart Hayton <[email protected]>
@sjhx
go-toolset 1.19.10-10
24777dd 
Signed-off-by: Stuart Hayton <[email protected]>
@sjhx
Copy link
Member Author

sjhx commented Aug 21, 2023

the majority of the change set here is about reorienting the functional tests toward simple signing and away from notary which is no longer available on the IBM service so we did not have working tests

@Kieran-Muller
Copy link
Contributor

Kieran-Muller commented Aug 21, 2023
edited
Loading

Noticed 1 issue in the alltests. Could you resolve please

Error: grep: test/e2e/vulnerability.imagePolicy_test.go: No such file or directory

Discussed. Will be resolved.

@Kieran-Muller
Copy link
Contributor

Kieran-Muller commented Aug 21, 2023
edited
Loading

This looks to contain more than just a bump to go-toolset, would you mind updating the description with the further changes made (unless my interpretation is wrong) and I'll be happy to approve as tests are happy and no issues jump out to me from what I've seen in the codebase.

Edit: Missed the first comment here #441 (comment), makes sense to me.

@sjhx sjhx changed the title bump go-toolset bump go-toolset, and retarget tests Aug 21, 2023
Kieran-Muller
Kieran-Muller approved these changes Aug 21, 2023
View reviewed changes
Copy link
Contributor

@Kieran-Muller Kieran-Muller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discussed, appoved

@sjhx sjhx added this pull request to the merge queue Aug 21, 2023
Merged via the queue into main with commit 6126c43 Aug 21, 2023
2 checks passed
@sjhx sjhx deleted the remediate-go-toolset branch August 21, 2023 09:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Kieran-Muller Kieran-Muller Kieran-Muller approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sjhx @Kieran-Muller