Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump all dependencies #133

Merged
merged 1 commit into from
Nov 22, 2022
Merged

Bump all dependencies #133

merged 1 commit into from
Nov 22, 2022

Conversation

jkroepke
Copy link
Member

Signed-off-by: Jan-Otto Kröpke jok@cloudeteer.de

This should resolve some vulnerability alerts:

jiralert % trivy filesystem .

go.mod (gomod)

Total: 60 (UNKNOWN: 26, LOW: 1, MEDIUM: 7, HIGH: 24, CRITICAL: 2)

@bwplotka
Copy link
Member

Thanks, but sounds like the CI changes you added have some issues to build our code.

@jkroepke
Bump all dependencies
f322732 
Signed-off-by: Jan-Otto Kröpke <jok@cloudeteer.de>
@jkroepke
Copy link
Member Author

It works locally now:

% make
>> checking code style
>> checking license header
>> running golangci-lint
GO111MODULE=on go list -e -compiled -test=true -export=false -deps=true -find=false -tags= -- ./... > /dev/null
GO111MODULE=on /Users/jok/go/bin/golangci-lint run  ./...
WARN [runner] The linter 'golint' is deprecated (since v1.41.0) due to: The repository of the linter has been archived by the owner.  Replaced by revive. 
>> running check for unused/missing packages in go.mod
GO111MODULE=on go mod tidy
>> building binaries
GO111MODULE=on /Users/jok/go/bin/promu build --prefix /Users/jok/Downloads/jiralert 
 >   jiralert
>> running all tests
GO111MODULE=on go test   ./...
?       github.com/prometheus-community/jiralert/cmd/jiralert   [no test files]
?       github.com/prometheus-community/jiralert/pkg/alertmanager       [no test files]
ok      github.com/prometheus-community/jiralert/pkg/config     0.314s
ok      github.com/prometheus-community/jiralert/pkg/notify     0.410s
?       github.com/prometheus-community/jiralert/pkg/template   [no test files]
jok@CDT-MB-20200178 jiralert % make common-lint
>> running golangci-lint
GO111MODULE=on go list -e -compiled -test=true -export=false -deps=true -find=false -tags= -- ./... > /dev/null
GO111MODULE=on /Users/jok/go/bin/golangci-lint run  ./...
WARN [runner] The linter 'golint' is deprecated (since v1.41.0) due to: The repository of the linter has been archived by the owner.  Replaced by revive. 
jok@CDT-MB-20200178 jiralert % docker build -t a .            
[+] Building 38.6s (12/12) FINISHED                                                                                                                                                                                                                                                                                     
 => [internal] load build definition from Dockerfile                                                                                                                                                                                                                                                               0.0s
 => => transferring dockerfile: 37B                                                                                                                                                                                                                                                                                0.0s
 => [internal] load .dockerignore                                                                                                                                                                                                                                                                                  0.0s
 => => transferring context: 2B                                                                                                                                                                                                                                                                                    0.0s
 => [internal] load metadata for quay.io/prometheus/busybox-linux-amd64:latest                                                                                                                                                                                                                                     0.6s
 => [internal] load metadata for docker.io/library/golang:1.19                                                                                                                                                                                                                                                     1.6s
 => [builder 1/4] FROM docker.io/library/golang:1.19@sha256:25de7b6b28219279a409961158c547aadd0960cf2dcbc533780224afa1157fd4                                                                                                                                                                                       0.0s
 => [internal] load build context                                                                                                                                                                                                                                                                                  0.2s
 => => transferring context: 15.29MB                                                                                                                                                                                                                                                                               0.2s
 => CACHED [stage-1 1/2] FROM quay.io/prometheus/busybox-linux-amd64:latest@sha256:c9f983fc55b0b74723a69c31688cca7d5a2e5b2af7c954780f29a331817982f3                                                                                                                                                                0.0s
 => CACHED [builder 2/4] WORKDIR /go/src/github.com/prometheus-community/jiralert                                                                                                                                                                                                                                  0.0s
 => [builder 3/4] COPY . /go/src/github.com/prometheus-community/jiralert                                                                                                                                                                                                                                          0.1s
 => [builder 4/4] RUN GO111MODULE=on GOBIN=/tmp/bin make                                                                                                                                                                                                                                                          36.6s
 => [stage-1 2/2] COPY --from=builder /go/src/github.com/prometheus-community/jiralert/jiralert /bin/jiralert                                                                                                                                                                                                      0.0s 
 => exporting to image                                                                                                                                                                                                                                                                                             0.0s 
 => => exporting layers                                                                                                                                                                                                                                                                                            0.0s 
 => => writing image sha256:54b94b975d034b71309edd2b1a11154f4573046f0b59ce6f3c8215123da645fd                                                                                                                                                                                                                       0.0s
 => => naming to docker.io/library/a                                                                                                                                                                                                                                                                               0.0s

Use 'docker scan' to run Snyk tests against images to find vulnerabilities and learn how to fix them
jok@CDT-MB-20200178 jiralert % trivy image docker.io/library/a
2022-10-20T13:23:46.711+0200    INFO    Vulnerability scanning is enabled
2022-10-20T13:23:46.711+0200    INFO    Secret scanning is enabled
2022-10-20T13:23:46.711+0200    INFO    If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2022-10-20T13:23:46.711+0200    INFO    Please see also https://aquasecurity.github.io/trivy/v0.32/docs/secret/scanning/#recommendation for faster secret detection
2022-10-20T13:23:47.077+0200    INFO    Number of language-specific files: 1
2022-10-20T13:23:47.077+0200    INFO    Detecting gobinary vulnerabilities...

bwplotka
bwplotka approved these changes Oct 27, 2022
View reviewed changes
Copy link
Member

@bwplotka bwplotka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lgtm, thanks!

@jkroepke
Copy link
Member Author

@bwplotka are you able to merge and release this? Thanks

@bwplotka bwplotka merged commit f58ae33 into prometheus-community:master Nov 22, 2022
@jkroepke
Copy link
Member Author

@bwplotka It is possible to do a release including this PR?

@jkroepke jkroepke deleted the bump-dependendies branch November 24, 2022 15:36
bwplotka pushed a commit that referenced this pull request Apr 25, 2023
@holger-waschke @jkroepke @dj-holgie
disable update existing jira issues with parameter (#150)
6463176 
* Bump all dependencies (#133)

Signed-off-by: Jan-Otto Kröpke <jok@cloudeteer.de>

Signed-off-by: Jan-Otto Kröpke <jok@cloudeteer.de>
Signed-off-by: Holger Waschke <holger.waschke@dvag.com>

* parameter to disable update jira issues

Signed-off-by: Holger Waschke <holger_2000@hotmail.com>
Signed-off-by: Holger Waschke <holger.waschke@dvag.com>

* rename parameter to make it more clear and avoid double negation. fix bug with missing return value.

Signed-off-by: Holger Waschke <holger.waschke@dvag.com>

* Update main.go

Signed-off-by: dvag-holger-waschke <85643002+dvag-holger-waschke@users.noreply.github.com>

* Update notify.go

Signed-off-by: dvag-holger-waschke <85643002+dvag-holger-waschke@users.noreply.github.com>

* Update main.go

Signed-off-by: dvag-holger-waschke <85643002+dvag-holger-waschke@users.noreply.github.com>

* Update main.go

Signed-off-by: dvag-holger-waschke <85643002+dvag-holger-waschke@users.noreply.github.com>

* Update main.go

Signed-off-by: dvag-holger-waschke <85643002+dvag-holger-waschke@users.noreply.github.com>

* Update notify.go

Signed-off-by: dvag-holger-waschke <85643002+dvag-holger-waschke@users.noreply.github.com>

* fix for notify test

Signed-off-by: Holger Waschke <holger.waschke@dvag.com>

---------

Signed-off-by: Jan-Otto Kröpke <jok@cloudeteer.de>
Signed-off-by: Holger Waschke <holger.waschke@dvag.com>
Signed-off-by: Holger Waschke <holger_2000@hotmail.com>
Signed-off-by: dvag-holger-waschke <85643002+dvag-holger-waschke@users.noreply.github.com>
Co-authored-by: Jan-Otto Kröpke <github@jkroepke.de>
Co-authored-by: Holger Waschke <holger_2000@hotmail.com>
rufusnufus pushed a commit to KazanExpress/jiralert that referenced this pull request May 13, 2024
@holger-waschke @jkroepke
@dj-holgie @rufusnufus
disable update existing jira issues with parameter (prometheus-commun…
177ee50 
…ity#150)

* Bump all dependencies (prometheus-community#133)

Signed-off-by: Jan-Otto Kröpke <jok@cloudeteer.de>

Signed-off-by: Jan-Otto Kröpke <jok@cloudeteer.de>
Signed-off-by: Holger Waschke <holger.waschke@dvag.com>

* parameter to disable update jira issues

Signed-off-by: Holger Waschke <holger_2000@hotmail.com>
Signed-off-by: Holger Waschke <holger.waschke@dvag.com>

* rename parameter to make it more clear and avoid double negation. fix bug with missing return value.

Signed-off-by: Holger Waschke <holger.waschke@dvag.com>

* Update main.go

Signed-off-by: dvag-holger-waschke <85643002+dvag-holger-waschke@users.noreply.github.com>

* Update notify.go

Signed-off-by: dvag-holger-waschke <85643002+dvag-holger-waschke@users.noreply.github.com>

* Update main.go

Signed-off-by: dvag-holger-waschke <85643002+dvag-holger-waschke@users.noreply.github.com>

* Update main.go

Signed-off-by: dvag-holger-waschke <85643002+dvag-holger-waschke@users.noreply.github.com>

* Update main.go

Signed-off-by: dvag-holger-waschke <85643002+dvag-holger-waschke@users.noreply.github.com>

* Update notify.go

Signed-off-by: dvag-holger-waschke <85643002+dvag-holger-waschke@users.noreply.github.com>

* fix for notify test

Signed-off-by: Holger Waschke <holger.waschke@dvag.com>

---------

Signed-off-by: Jan-Otto Kröpke <jok@cloudeteer.de>
Signed-off-by: Holger Waschke <holger.waschke@dvag.com>
Signed-off-by: Holger Waschke <holger_2000@hotmail.com>
Signed-off-by: dvag-holger-waschke <85643002+dvag-holger-waschke@users.noreply.github.com>
Co-authored-by: Jan-Otto Kröpke <github@jkroepke.de>
Co-authored-by: Holger Waschke <holger_2000@hotmail.com>
rufusnufus added a commit to KazanExpress/jiralert that referenced this pull request May 13, 2024
@rufusnufus @alin-at-dfinity
@free @holger-waschke @jkroepke @dj-holgie @jtyr @longtomjr @jan-zajic @julianfbeck @twotired @nlgotz @bwplotka
feat: cherry-pick upstream commits (#3)
e01463c 
* Better Jira error handling (prometheus-community#140)

* Better Jira error handling

* Return HTTP 400 Bad Request for non-retriable errors. It is inaccurate, but
  will prevent alertmanager from retrying.
* Turns out go-jira does actually produce useful error messages (and it consumes
  the response body in the process). Log that instead of the empty body.

Signed-off-by: Alin Sinpalean <alin.sinpalean@gmail.com>

* Also include HTTP response status 429 among retriable errors.

Signed-off-by: Alin Sinpalean <alin.sinpalean@gmail.com>

* Include both the go-jira error and the response body in errors. Sometimes go-jira consumes the body and includes it in its error, sometimes it doesn't.

Signed-off-by: Alin Sinpalean <alin.sinpalean@gmail.com>

---------

Signed-off-by: Alin Sinpalean <alin.sinpalean@gmail.com>
Co-authored-by: Alin Sinpalean <alin.sinpalean@gmail.com>

* disable update existing jira issues with parameter (prometheus-community#150)

* Bump all dependencies (prometheus-community#133)

Signed-off-by: Jan-Otto Kröpke <jok@cloudeteer.de>

Signed-off-by: Jan-Otto Kröpke <jok@cloudeteer.de>
Signed-off-by: Holger Waschke <holger.waschke@dvag.com>

* parameter to disable update jira issues

Signed-off-by: Holger Waschke <holger_2000@hotmail.com>
Signed-off-by: Holger Waschke <holger.waschke@dvag.com>

* rename parameter to make it more clear and avoid double negation. fix bug with missing return value.

Signed-off-by: Holger Waschke <holger.waschke@dvag.com>

* Update main.go

Signed-off-by: dvag-holger-waschke <85643002+dvag-holger-waschke@users.noreply.github.com>

* Update notify.go

Signed-off-by: dvag-holger-waschke <85643002+dvag-holger-waschke@users.noreply.github.com>

* Update main.go

Signed-off-by: dvag-holger-waschke <85643002+dvag-holger-waschke@users.noreply.github.com>

* Update main.go

Signed-off-by: dvag-holger-waschke <85643002+dvag-holger-waschke@users.noreply.github.com>

* Update main.go

Signed-off-by: dvag-holger-waschke <85643002+dvag-holger-waschke@users.noreply.github.com>

* Update notify.go

Signed-off-by: dvag-holger-waschke <85643002+dvag-holger-waschke@users.noreply.github.com>

* fix for notify test

Signed-off-by: Holger Waschke <holger.waschke@dvag.com>

---------

Signed-off-by: Jan-Otto Kröpke <jok@cloudeteer.de>
Signed-off-by: Holger Waschke <holger.waschke@dvag.com>
Signed-off-by: Holger Waschke <holger_2000@hotmail.com>
Signed-off-by: dvag-holger-waschke <85643002+dvag-holger-waschke@users.noreply.github.com>
Co-authored-by: Jan-Otto Kröpke <github@jkroepke.de>
Co-authored-by: Holger Waschke <holger_2000@hotmail.com>

* Adding getEnv templating function (prometheus-community#153)

Signed-off-by: Jiri Tyr <jiri.tyr@gmail.com>

* feat: add support for static jira labels (prometheus-community#154)

Signed-off-by: Herman Ewert <longtomjr@gmail.com>
Co-authored-by: Herman Ewert <hewert@mezzanineware.com>

* Fix prometheus-community#146 (safe limit of 200 characters from group label value) (prometheus-community#147)

Signed-off-by: jzajic <jan.zajic@corpus.cz>

* doc(PAT): Adds doc for PAT usage (prometheus-community#155)

Signed-off-by: Julian Beck <ju-fa-beck@t-online.de>

* truncate descriptions that exceed -max-description-length (default 32KB) (prometheus-community#165)

* truncate descriptions that exceed -max-description-length (default 32,768)

Signed-off-by: Jason Wells <spinmaster@gmail.com>

* Update main.go

size was off by 1

Signed-off-by: Jason Wells <spinmaster@gmail.com>

---------

Signed-off-by: Jason Wells <spinmaster@gmail.com>

* fix: 🐛 Fixes error message for doTransition to display the proper transition state (prometheus-community#176)

Signed-off-by: Nathan Gotz <nathan.gotz@gmail.com>

* search for existing issue in multiple projects (prometheus-community#162)

* search for existing issue in multiple projects

Signed-off-by: Jason Wells <spinmaster@gmail.com>

* Apply suggestions from code review

Co-authored-by: Bartlomiej Plotka <bwplotka@gmail.com>
Signed-off-by: Jason Wells <spinmaster@gmail.com>

---------

Signed-off-by: Jason Wells <spinmaster@gmail.com>
Co-authored-by: Bartlomiej Plotka <bwplotka@gmail.com>

* add Fingerprint field to Alert so that it may be used in templates (prometheus-community#152) (prometheus-community#163)

Signed-off-by: Jason Wells <spinmaster@gmail.com>

---------

Signed-off-by: Alin Sinpalean <alin.sinpalean@gmail.com>
Signed-off-by: Jan-Otto Kröpke <jok@cloudeteer.de>
Signed-off-by: Holger Waschke <holger.waschke@dvag.com>
Signed-off-by: Holger Waschke <holger_2000@hotmail.com>
Signed-off-by: dvag-holger-waschke <85643002+dvag-holger-waschke@users.noreply.github.com>
Signed-off-by: Jiri Tyr <jiri.tyr@gmail.com>
Signed-off-by: Herman Ewert <longtomjr@gmail.com>
Signed-off-by: jzajic <jan.zajic@corpus.cz>
Signed-off-by: Julian Beck <ju-fa-beck@t-online.de>
Signed-off-by: Jason Wells <spinmaster@gmail.com>
Signed-off-by: Nathan Gotz <nathan.gotz@gmail.com>
Co-authored-by: Alin Sinpalean <58422065+alin-at-dfinity@users.noreply.github.com>
Co-authored-by: Alin Sinpalean <alin.sinpalean@gmail.com>
Co-authored-by: dvag-holger-waschke <85643002+dvag-holger-waschke@users.noreply.github.com>
Co-authored-by: Jan-Otto Kröpke <github@jkroepke.de>
Co-authored-by: Holger Waschke <holger_2000@hotmail.com>
Co-authored-by: Jiri Tyr <jtyr@users.noreply.github.com>
Co-authored-by: Herman <longtomjr@gmail.com>
Co-authored-by: Herman Ewert <hewert@mezzanineware.com>
Co-authored-by: Jan Zajic <jan.zajic@gmail.com>
Co-authored-by: Julian Beck <ju-fa-beck@t-online.de>
Co-authored-by: Jason Wells <spinmaster@gmail.com>
Co-authored-by: Nathan Gotz <775979+nlgotz@users.noreply.github.com>
Co-authored-by: Bartlomiej Plotka <bwplotka@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bwplotka bwplotka bwplotka approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jkroepke @bwplotka