-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: build with keda-tools:1.22.5 #5971
Conversation
I guess that we need to bump the user version too: I'd say that it's a good moment to bump go version, don't you think @zroubalik ? |
I tested locally for both Also, I think we should bump go version in the Devcontainer too, right? Line 6 in bb53516
|
Yeah, you can check all the places to change here: https://github.com/kedacore/keda/pull/5734/files |
c4cd459
to
f625518
Compare
Semgrep found 1 Avoid using sudo in Dockerfiles. Running processes as a non-root user can help reduce the potential impact of configuration errors and security vulnerabilities. Ignore this finding from no-sudo-in-dockerfile. |
56195f9
to
abd7e74
Compare
In the Devcontainer's Dockerfile, I had to change the way go modules were installed. Bumping to 1.22.5 gave me errors about running Also, after looking through the Devcontainer files, there seems to be a bit of code that could use some cleanup. For instance, in the Dockerfile I see that it configures a non-root user vscode but runs as root (probably for Docker CLI). Also, might be able to leverage devcontainer features in the devcontainer.json file to load some of the tooling instead of baking them all into the container. I can create an issue for this and work on cleaning this up if that's okay. |
Yeah, let's do it |
Sounds good! Anything else I need to do for this particular pull request? |
just solve merge conflicts please 🙏 |
Merge conflict has been resolved 😁 |
Semgrep found 1 Avoid using sudo in Dockerfiles. Running processes as a non-root user can help reduce the potential impact of configuration errors and security vulnerabilities. Ignore this finding from no-sudo-in-dockerfile. |
to resolve CVE-2024-24790, CVE-2024-24789, and CVE-2024-24791 bump github.com/Azure/azure-sdk-for-go/sdk/azidentity to resolve CVE-2024-35255 Signed-off-by: Paul Yu <paul.d.yu@gmail.com>
Signed-off-by: Paul Yu <paul.d.yu@gmail.com>
Signed-off-by: Paul Yu <paul.d.yu@gmail.com>
Semgrep found 1 Avoid using sudo in Dockerfiles. Running processes as a non-root user can help reduce the potential impact of configuration errors and security vulnerabilities. Ignore this finding from no-sudo-in-dockerfile. |
Hi @JorTurFer, Once this PR is merged, is it possible to cut a release for KEDA 2.14.1? |
We plan to ship v2.15 next week and I'd like to include the golang bump. Is it enough? We don't plan any other release for v2.14 |
/run-e2e internal |
Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es>
/run-e2e azure |
Semgrep found 1 Avoid using sudo in Dockerfiles. Running processes as a non-root user can help reduce the potential impact of configuration errors and security vulnerabilities. Ignore this finding from no-sudo-in-dockerfile. |
1 similar comment
Semgrep found 1 Avoid using sudo in Dockerfiles. Running processes as a non-root user can help reduce the potential impact of configuration errors and security vulnerabilities. Ignore this finding from no-sudo-in-dockerfile. |
* chore: build with keda-tools:1.22.5 to resolve CVE-2024-24790, CVE-2024-24789, and CVE-2024-24791 bump github.com/Azure/azure-sdk-for-go/sdk/azidentity to resolve CVE-2024-35255 Signed-off-by: Paul Yu <paul.d.yu@gmail.com> * chore: use go install instead of go get and replacing deprecated tools Signed-off-by: Paul Yu <paul.d.yu@gmail.com> * chore: vendor dependency cleanup Signed-off-by: Paul Yu <paul.d.yu@gmail.com> * Update missing references to 1.21 Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> --------- Signed-off-by: Paul Yu <paul.d.yu@gmail.com> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> Co-authored-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es>
* chore: build with keda-tools:1.22.5 to resolve CVE-2024-24790, CVE-2024-24789, and CVE-2024-24791 bump github.com/Azure/azure-sdk-for-go/sdk/azidentity to resolve CVE-2024-35255 Signed-off-by: Paul Yu <paul.d.yu@gmail.com> * chore: use go install instead of go get and replacing deprecated tools Signed-off-by: Paul Yu <paul.d.yu@gmail.com> * chore: vendor dependency cleanup Signed-off-by: Paul Yu <paul.d.yu@gmail.com> * Update missing references to 1.21 Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> --------- Signed-off-by: Paul Yu <paul.d.yu@gmail.com> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> Co-authored-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es>
* bump golang Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * chore: build with keda-tools:1.22.5 (#5971) * chore: build with keda-tools:1.22.5 to resolve CVE-2024-24790, CVE-2024-24789, and CVE-2024-24791 bump github.com/Azure/azure-sdk-for-go/sdk/azidentity to resolve CVE-2024-35255 Signed-off-by: Paul Yu <paul.d.yu@gmail.com> * chore: use go install instead of go get and replacing deprecated tools Signed-off-by: Paul Yu <paul.d.yu@gmail.com> * chore: vendor dependency cleanup Signed-off-by: Paul Yu <paul.d.yu@gmail.com> * Update missing references to 1.21 Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> --------- Signed-off-by: Paul Yu <paul.d.yu@gmail.com> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> Co-authored-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * [BUG-5922] Report failing ScaledJob triggers in status (#5916) Signed-off-by: Josef Karasek <josef@kedify.io> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * [BUG-5656] Annotate Jobs with parent ScaledJob generation (#5876) * Annotate Jobs with parent ScaledJob generation Signed-off-by: Josef Karasek <josef@kedify.io> * fix tests Signed-off-by: Josef Karasek <josef@kedify.io> * fix lint Signed-off-by: Josef Karasek <josef@kedify.io> * fix log message Signed-off-by: Josef Karasek <josef@kedify.io> * update changelog Signed-off-by: Josef Karasek <josef@kedify.io> * update changelog Signed-off-by: Josef Karasek <josef@kedify.io> * update changelog Signed-off-by: Josef Karasek <josef@kedify.io> --------- Signed-off-by: Josef Karasek <josef@kedify.io> Signed-off-by: Zbynek Roubalik <zroubalik@gmail.com> Co-authored-by: Zbynek Roubalik <zroubalik@gmail.com> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * fix: `+srv` mongodb url scheme parsing bug (#5773) This commit fixs issue #5760. where OP was facing problem with +srv schema Signed-off-by: Rishikesh Betigeri <53863619+Rishikesh01@users.noreply.github.com> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * fix: issue when GitHub organization contains more than 30 repos (#5746) Signed-off-by: Simon Kobler <github@kobler.me> Signed-off-by: Simon Kobler <32038731+KoblerS@users.noreply.github.com> Co-authored-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es> Co-authored-by: Simon Kobler <github@kobler.me> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * Fix scaler leak during cache refresh (#5807) Signed-off-by: Guillaume Jacquet <guillaume.jacquet@gmail.com> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * Prepare release v2.14.1 Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * add missing change Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * update changelog Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * fix: e2e test regex check tag (#5831) Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * Validate regex before building image for e2e test (#5783) * added regex pre check before building image Signed-off-by: Yaxhveer <yaxhcod@gmail.com> * updated changelog Signed-off-by: Yaxhveer <yaxhcod@gmail.com> * refactored Signed-off-by: Yaxhveer <yaxhcod@gmail.com> * corrected Signed-off-by: Yaxhveer <yaxhcod@gmail.com> * corrected changelog Signed-off-by: Yaxhveer <yaxhcod@gmail.com> * updated the workflow Signed-off-by: Yaxhveer <yaxhcod@gmail.com> * updated the workflow Signed-off-by: Yaxhveer <yaxhcod@gmail.com> --------- Signed-off-by: Yaxhveer <yaxhcod@gmail.com> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * fix some pending tasks Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * use AAD-Pod-Identity always Signed-off-by: Jorge Turrado <jorge.turrado@scrm.lidl> * use AAD-Pod-Identity always Signed-off-by: Jorge Turrado <jorge.turrado@scrm.lidl> --------- Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> Signed-off-by: Paul Yu <paul.d.yu@gmail.com> Signed-off-by: Josef Karasek <josef@kedify.io> Signed-off-by: Zbynek Roubalik <zroubalik@gmail.com> Signed-off-by: Rishikesh Betigeri <53863619+Rishikesh01@users.noreply.github.com> Signed-off-by: Simon Kobler <github@kobler.me> Signed-off-by: Simon Kobler <32038731+KoblerS@users.noreply.github.com> Signed-off-by: Guillaume Jacquet <guillaume.jacquet@gmail.com> Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com> Signed-off-by: Yaxhveer <yaxhcod@gmail.com> Signed-off-by: Jorge Turrado <jorge.turrado@scrm.lidl> Co-authored-by: Paul Yu <paul.d.yu@gmail.com> Co-authored-by: Josef Karasek <josef@kedify.io> Co-authored-by: Zbynek Roubalik <zroubalik@gmail.com> Co-authored-by: Rishikesh <53863619+Rishikesh01@users.noreply.github.com> Co-authored-by: Simon Kobler <32038731+KoblerS@users.noreply.github.com> Co-authored-by: Simon Kobler <github@kobler.me> Co-authored-by: Guillaume Jacquet <guillaume.jacquet@gmail.com> Co-authored-by: Jan Wozniak <wozniak.jan@gmail.com> Co-authored-by: Yashveer <101015836+Yaxhveer@users.noreply.github.com>
* bump golang Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * chore: build with keda-tools:1.22.5 (kedacore#5971) * chore: build with keda-tools:1.22.5 to resolve CVE-2024-24790, CVE-2024-24789, and CVE-2024-24791 bump github.com/Azure/azure-sdk-for-go/sdk/azidentity to resolve CVE-2024-35255 Signed-off-by: Paul Yu <paul.d.yu@gmail.com> * chore: use go install instead of go get and replacing deprecated tools Signed-off-by: Paul Yu <paul.d.yu@gmail.com> * chore: vendor dependency cleanup Signed-off-by: Paul Yu <paul.d.yu@gmail.com> * Update missing references to 1.21 Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> --------- Signed-off-by: Paul Yu <paul.d.yu@gmail.com> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> Co-authored-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * [BUG-5922] Report failing ScaledJob triggers in status (kedacore#5916) Signed-off-by: Josef Karasek <josef@kedify.io> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * [BUG-5656] Annotate Jobs with parent ScaledJob generation (kedacore#5876) * Annotate Jobs with parent ScaledJob generation Signed-off-by: Josef Karasek <josef@kedify.io> * fix tests Signed-off-by: Josef Karasek <josef@kedify.io> * fix lint Signed-off-by: Josef Karasek <josef@kedify.io> * fix log message Signed-off-by: Josef Karasek <josef@kedify.io> * update changelog Signed-off-by: Josef Karasek <josef@kedify.io> * update changelog Signed-off-by: Josef Karasek <josef@kedify.io> * update changelog Signed-off-by: Josef Karasek <josef@kedify.io> --------- Signed-off-by: Josef Karasek <josef@kedify.io> Signed-off-by: Zbynek Roubalik <zroubalik@gmail.com> Co-authored-by: Zbynek Roubalik <zroubalik@gmail.com> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * fix: `+srv` mongodb url scheme parsing bug (kedacore#5773) This commit fixs issue kedacore#5760. where OP was facing problem with +srv schema Signed-off-by: Rishikesh Betigeri <53863619+Rishikesh01@users.noreply.github.com> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * fix: issue when GitHub organization contains more than 30 repos (kedacore#5746) Signed-off-by: Simon Kobler <github@kobler.me> Signed-off-by: Simon Kobler <32038731+KoblerS@users.noreply.github.com> Co-authored-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es> Co-authored-by: Simon Kobler <github@kobler.me> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * Fix scaler leak during cache refresh (kedacore#5807) Signed-off-by: Guillaume Jacquet <guillaume.jacquet@gmail.com> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * Prepare release v2.14.1 Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * add missing change Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * update changelog Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * fix: e2e test regex check tag (kedacore#5831) Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * Validate regex before building image for e2e test (kedacore#5783) * added regex pre check before building image Signed-off-by: Yaxhveer <yaxhcod@gmail.com> * updated changelog Signed-off-by: Yaxhveer <yaxhcod@gmail.com> * refactored Signed-off-by: Yaxhveer <yaxhcod@gmail.com> * corrected Signed-off-by: Yaxhveer <yaxhcod@gmail.com> * corrected changelog Signed-off-by: Yaxhveer <yaxhcod@gmail.com> * updated the workflow Signed-off-by: Yaxhveer <yaxhcod@gmail.com> * updated the workflow Signed-off-by: Yaxhveer <yaxhcod@gmail.com> --------- Signed-off-by: Yaxhveer <yaxhcod@gmail.com> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * fix some pending tasks Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * use AAD-Pod-Identity always Signed-off-by: Jorge Turrado <jorge.turrado@scrm.lidl> * use AAD-Pod-Identity always Signed-off-by: Jorge Turrado <jorge.turrado@scrm.lidl> --------- Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> Signed-off-by: Paul Yu <paul.d.yu@gmail.com> Signed-off-by: Josef Karasek <josef@kedify.io> Signed-off-by: Zbynek Roubalik <zroubalik@gmail.com> Signed-off-by: Rishikesh Betigeri <53863619+Rishikesh01@users.noreply.github.com> Signed-off-by: Simon Kobler <github@kobler.me> Signed-off-by: Simon Kobler <32038731+KoblerS@users.noreply.github.com> Signed-off-by: Guillaume Jacquet <guillaume.jacquet@gmail.com> Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com> Signed-off-by: Yaxhveer <yaxhcod@gmail.com> Signed-off-by: Jorge Turrado <jorge.turrado@scrm.lidl> Co-authored-by: Paul Yu <paul.d.yu@gmail.com> Co-authored-by: Josef Karasek <josef@kedify.io> Co-authored-by: Zbynek Roubalik <zroubalik@gmail.com> Co-authored-by: Rishikesh <53863619+Rishikesh01@users.noreply.github.com> Co-authored-by: Simon Kobler <32038731+KoblerS@users.noreply.github.com> Co-authored-by: Simon Kobler <github@kobler.me> Co-authored-by: Guillaume Jacquet <guillaume.jacquet@gmail.com> Co-authored-by: Jan Wozniak <wozniak.jan@gmail.com> Co-authored-by: Yashveer <101015836+Yaxhveer@users.noreply.github.com>
* chore: build with keda-tools:1.22.5 to resolve CVE-2024-24790, CVE-2024-24789, and CVE-2024-24791 bump github.com/Azure/azure-sdk-for-go/sdk/azidentity to resolve CVE-2024-35255 Signed-off-by: Paul Yu <paul.d.yu@gmail.com> * chore: use go install instead of go get and replacing deprecated tools Signed-off-by: Paul Yu <paul.d.yu@gmail.com> * chore: vendor dependency cleanup Signed-off-by: Paul Yu <paul.d.yu@gmail.com> * Update missing references to 1.21 Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> --------- Signed-off-by: Paul Yu <paul.d.yu@gmail.com> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> Co-authored-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es>
Provide a description of what has been changed
This PR is to build keda container images with an updated version of keda-tools with latest version of Go to resolve CVE-2024-24790, CVE-2024-24789, and CVE-2024-24791. Related PR: kedacore/test-tools#169
Also bumping github.com/Azure/azure-sdk-for-go/sdk/azidentity to resolve CVE-2024-35255.
Checklist
Fixes #
Relates to #
kedacore/test-tools#169