Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump alpine 3.20 and golang modules #912

Merged
merged 3 commits into from
Jun 1, 2024
Merged

Bump alpine 3.20 and golang modules #912

merged 3 commits into from
Jun 1, 2024

Conversation

neiljain
Copy link
Contributor

@neiljain neiljain commented May 29, 2024
edited
Loading

  • Fix alpine 3.19.1 CVEs
  • Bump go modules to match 1.22.3 version being used

oliver006/redis_exporter/v1.59.0-alpine

CVE-2023-42366 | 3.19busybox3.19busybox-binsh3.19ssl_client
CVE-2024-2511 | 3.19libcrypto33.19libssl3

@neiljain
Bump alpine to 3.20.0
ab9e903 
- to fix CVEs reported in 3.19.1

Signed-off-by: Neelesh Jain <[email protected]>
@neiljain
Bump go modules to 1.22.3
70ccb3a 
Signed-off-by: Neelesh Jain <[email protected]>
@coveralls
Copy link

coveralls commented May 30, 2024
edited
Loading

Pull Request Test Coverage Report for Build 361

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • 43 unchanged lines in 2 files lost coverage.
  • Overall coverage decreased (-0.1%) to 84.107%
Files with Coverage Reduction New Missed Lines %
main.go 19 0.0%
exporter/exporter.go 24 94.45%
Totals Coverage Status
Change from base Build 350: -0.1%
Covered Lines: 1974
Relevant Lines: 2347
💛 - Coveralls

@oliver006
Copy link
Owner

PR looks good but any idea why this is failing?
https://github.com/oliver006/redis_exporter/actions/runs/9294679529/job/25636706710?pr=912

@neiljain
Copy link
Contributor Author

neiljain commented May 31, 2024
edited
Loading

looks like golang 1.22 should already be supported with https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.16.4/#golang-1 or higher and this one failed with codeql 2.17.3 for some reason

@oliver006
Copy link
Owner

Let's roll back the go.mod file, it's not that important (i.e. it doesn't determine what version the exporter is build with) and ship the alpine upgrade only.

@oliver006 oliver006 merged commit 4b1e805 into oliver006:master Jun 1, 2024
3 of 4 checks passed
@neiljain
Copy link
Contributor Author

neiljain commented Jun 3, 2024

I realize, that this PR didn't quite make the cut for v1.60.0 ... is it possible to push a new v1.61.0 release for this change so some of the CVEs are resolved?

@neiljain neiljain deleted the feature/bump-alpine-3-20 branch June 3, 2024 23:37
@oliver006
Copy link
Owner

Released as v1.61.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@neiljain @coveralls @oliver006