Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bumping go packages to fix CVE #252

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Bumping go packages to fix CVE #252

wants to merge 2 commits into from

Conversation

shivanshuraj1333
Copy link
Member

fixes: #243

@yonch
Copy link
Contributor

yonch commented Feb 29, 2024

Thanks for this!

It doesn't seem to compile (see the auto checks above), appears to require a go mod vendor.

fyi I tried go mod tidy on this branch and got:

opentelemetry-network/collector/k8s $ go mod tidy
go: downloading sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2
go: finding module for package ebpf.net/collector
go: finding module for package k8s.io/api/resource/v1alpha1
go: finding module for package k8s.io/api/flowcontrol/v1alpha1
ebpf.net/collector/k8s-watcher imports
	ebpf.net/collector: can't request version "latest" of the main module (ebpf.net/collector)
ebpf.net/collector/k8s-watcher imports
	k8s.io/client-go/kubernetes imports
	k8s.io/client-go/kubernetes/typed/flowcontrol/v1alpha1 imports
	k8s.io/api/flowcontrol/v1alpha1: module k8s.io/api@latest found (v0.29.2), but does not contain package k8s.io/api/flowcontrol/v1alpha1
ebpf.net/collector/k8s-watcher imports
	k8s.io/client-go/kubernetes imports
	k8s.io/client-go/kubernetes/typed/resource/v1alpha1 imports
	k8s.io/api/resource/v1alpha1: module k8s.io/api@latest found (v0.29.2), but does not contain package k8s.io/api/resource/v1alpha1

@shivanshuraj1333 shivanshuraj1333 force-pushed the fix/issues/243 branch 4 times, most recently from 51a77c4 to e018e44 Compare March 2, 2024 22:02
@yonch
Copy link
Contributor

yonch commented Mar 19, 2024

going through open pull requests, encountered this.

@xrc82 , appreciate the time you spent on this. Auto build still fails, if you have cycles to spend on this I'm happy to merge when the auto build passes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Upgrade packages highlighted by Trivy
2 participants
@shivanshuraj1333 @yonch