-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v13] Update k8s.io to 0.29.0 to address PRISMA-2022-0227 #36240
Conversation
The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hopefully it doesn't break anything
It looks like some deprecation changes will also need to be backported to v13 and v12 |
I don't feel good about making changes we are not confident in to appease some commercial vulnerability scanner that we are in no way affiliated with. |
Kube access will continue working - impersonation and stable apis kept the same and we don't use other APIs so we will continue working with all Kube versions - but for the operator, it's always a Schrödinger's cat paradox |
After discussion on slack we are going to forgo the v12 and v13 backports due to risk. We should not be vulnerable to this as mentioned in the k8s issue: kubernetes/client-go#1254 We will backport v14 since there is less potential risk there and it will help with support load on this false positive. We may revive this PR if support loads increase. |
Thank you for the pragmatism on this. |
[v13] backport of k8s.io update to
0.29.0
to addressPRISMA-2022-0227
(not currently tracked by dependabot), applied in master as part of #35810