-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bump kubebuilder to v3.13.0 and fixup scaffolding #79
Conversation
Signed-off-by: Joe Lanford <joe.lanford@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/approve
@@ -25,7 +25,7 @@ RUN set -e && yum clean all && rm -rf /var/cache/yum/* \ | |||
&& pip3 install --upgrade pip~=23.3.2 \ | |||
&& pip3 install pipenv==2023.11.15 \ | |||
&& pipenv install --deploy \ | |||
&& pipenv check \ | |||
&& pipenv check --ignore 70612 \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is this CVE and why are we ignoring it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was a very old CVE that just got re-triggered, and is disputed in a few places.
GHSA-f6pv-j8mr-w6rr
dbt-labs/dbt-core#10250
https://data.safetycli.com/v/70612/97c/
…sting, also adding an ignore to CVE-2019-8341(70612) in saftey scanning, since this is a transient dependency in the builder container Signed-off-by: Adam D. Cornett <adc@redhat.com>
New changes are detected. LGTM label has been removed. |
Description of the change:
Bump Kubebuilder to v3.13.0 and fix up scaffolding to handle the incoming breaking changes.
Motivation for the change:
Operator SDK already bumped its kubebuilder dependency to v3.13.0, but it still uses a version of this package that is on a prior version.
Kubebuilder 3.13.0 seems to have made some changes in its
kustomize
plugin that break the expectations of downstream plugins (like this one)In order to fix things up, we need to also bump this repo to Kubebuilder v3.13.0, fix up its scaffolding to handle the incoming breaking changes, make a release, and then bump operator-sdk.
This PR is the first step of the process.