Upgrade Alpine to 3.18 #5684
Merged
Upgrade Alpine to 3.18 #5684
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Daniel Sabsay <sabsay@adobe.com>
Signed-off-by: Daniel Sabsay <sabsay@adobe.com>
|
Hi @dsabsay, can you please add more description to the pr itself, what does this change fix? Thanks |
|
@yeya24 Added. |
|
LGTM |
alanprot
approved these changes
Nov 29, 2023
yeya24
approved these changes
Nov 30, 2023
yeya24
pushed a commit
to yeya24/cortex
that referenced
this pull request
Apr 23, 2024
* Upgrade Alpine to 3.18 Signed-off-by: Daniel Sabsay <sabsay@adobe.com> * Update CHANGELOG.md Signed-off-by: Daniel Sabsay <sabsay@adobe.com> --------- Signed-off-by: Daniel Sabsay <sabsay@adobe.com> Co-authored-by: Daniel Sabsay <sabsay@adobe.com>
friedrichg
added a commit
that referenced
this pull request
Apr 24, 2024
* Upgrade Alpine to 3.18 (#5684) * Upgrade Alpine to 3.18 Signed-off-by: Daniel Sabsay <sabsay@adobe.com> * Update CHANGELOG.md Signed-off-by: Daniel Sabsay <sabsay@adobe.com> --------- Signed-off-by: Daniel Sabsay <sabsay@adobe.com> Co-authored-by: Daniel Sabsay <sabsay@adobe.com> * Upgrade to go 1.21.9 (#5879) * Upgrade to go 1.21.9 Signed-off-by: Friedrich Gonzalez <friedrichg@gmail.com> * Update changelog and workflows Signed-off-by: Friedrich Gonzalez <friedrichg@gmail.com> * Not use minor version for now. Needs more investigation Signed-off-by: Friedrich Gonzalez <friedrichg@gmail.com> * Update image again Signed-off-by: Friedrich Gonzalez <friedrichg@gmail.com> --------- Signed-off-by: Friedrich Gonzalez <friedrichg@gmail.com> * fix go version for integration tests (#5882) Signed-off-by: Friedrich Gonzalez <friedrichg@gmail.com> * include #5882 to changelog Signed-off-by: Ben Ye <benye@amazon.com> try fixing lint Signed-off-by: Ben Ye <benye@amazon.com> try again Signed-off-by: Ben Ye <benye@amazon.com> --------- Signed-off-by: Daniel Sabsay <sabsay@adobe.com> Signed-off-by: Friedrich Gonzalez <friedrichg@gmail.com> Signed-off-by: Ben Ye <benye@amazon.com> Co-authored-by: Daniel Sabsay <danielrsabsay@gmail.com> Co-authored-by: Daniel Sabsay <sabsay@adobe.com> Co-authored-by: Friedrich Gonzalez <friedrichg@gmail.com>
yeya24
added a commit
that referenced
this pull request
Apr 25, 2024
* Cherrypick commits for 1.16.1 (#5885) * Upgrade Alpine to 3.18 (#5684) * Upgrade Alpine to 3.18 Signed-off-by: Daniel Sabsay <sabsay@adobe.com> * Update CHANGELOG.md Signed-off-by: Daniel Sabsay <sabsay@adobe.com> --------- Signed-off-by: Daniel Sabsay <sabsay@adobe.com> Co-authored-by: Daniel Sabsay <sabsay@adobe.com> * Upgrade to go 1.21.9 (#5879) * Upgrade to go 1.21.9 Signed-off-by: Friedrich Gonzalez <friedrichg@gmail.com> * Update changelog and workflows Signed-off-by: Friedrich Gonzalez <friedrichg@gmail.com> * Not use minor version for now. Needs more investigation Signed-off-by: Friedrich Gonzalez <friedrichg@gmail.com> * Update image again Signed-off-by: Friedrich Gonzalez <friedrichg@gmail.com> --------- Signed-off-by: Friedrich Gonzalez <friedrichg@gmail.com> * fix go version for integration tests (#5882) Signed-off-by: Friedrich Gonzalez <friedrichg@gmail.com> * include #5882 to changelog Signed-off-by: Ben Ye <benye@amazon.com> try fixing lint Signed-off-by: Ben Ye <benye@amazon.com> try again Signed-off-by: Ben Ye <benye@amazon.com> --------- Signed-off-by: Daniel Sabsay <sabsay@adobe.com> Signed-off-by: Friedrich Gonzalez <friedrichg@gmail.com> Signed-off-by: Ben Ye <benye@amazon.com> Co-authored-by: Daniel Sabsay <danielrsabsay@gmail.com> Co-authored-by: Daniel Sabsay <sabsay@adobe.com> Co-authored-by: Friedrich Gonzalez <friedrichg@gmail.com> * update changelog Signed-off-by: Ben Ye <benye@amazon.com> --------- Signed-off-by: Daniel Sabsay <sabsay@adobe.com> Signed-off-by: Friedrich Gonzalez <friedrichg@gmail.com> Signed-off-by: Ben Ye <benye@amazon.com> Co-authored-by: Daniel Sabsay <danielrsabsay@gmail.com> Co-authored-by: Daniel Sabsay <sabsay@adobe.com> Co-authored-by: Friedrich Gonzalez <friedrichg@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does:
Upgrades Alpine to 3.18. Intended to fix several security vulnerabilities in alpine packages. In particular, Jfrog Xray is flagging
CVE-2022-48174. I'm unsure if it's correct, as the image has the latest busybox in 3.17. Regardless, it's much easier to upgrade to keep scans clean instead of tracking various false positives. I have some 3.18 images and this vuln does not show up.Which issue(s) this PR fixes:
None
Checklist
CHANGELOG.mdupdated - the order of entries should be[CHANGE],[FEATURE],[ENHANCEMENT],[BUGFIX]