Skip to content

Downgrade sops dependency to v3.9.0 #1727

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
joaopapereira merged 1 commit into from
May 12, 2025
Merged

Downgrade sops dependency to v3.9.0 #1727

joaopapereira merged 1 commit into from
May 12, 2025

Conversation

@aroradaman
Copy link

@aroradaman aroradaman commented May 11, 2025
edited
Loading

What this PR does / why we need it:

This intentionally downgrades mozilla/sops version to v3.9.0. The version v3.9.0 was built using MPL 2.0 licensed go module of hashicorp/vault, all the versions of sops greater than v3.9.0 are built using BSL 1.1 licensed go module of hashicorp/vault.

sops v3.9.0 uses github.com/hashicorp/vault@v1.14.0 which is MPL 2.0 licensed, v3.9.1 uses uses github.com/hashicorp/vault@v1.15.0 which uses BUSL 1.1 (Business Source License 1.1).

Also, I noticed that the dependencies.yml file is periodically update by the carvel-bot
#1663, we might need to figure out a way to check for license before upgrading the versions.

Which issue(s) this PR fixes:

Fixes #

Does this PR introduce a user-facing change?

Additional Notes for your reviewer:

Review Checklist:
  • Follows the developer guidelines
  • Relevant tests are added or updated
  • Relevant docs in this repo added or updated
  • Relevant carvel.dev docs added or updated in a separate PR and there's
    a link to that PR
  • Code is at least as readable and maintainable as it was before this
    change

Additional documentation e.g., Proposal, usage docs, etc.:

@aroradaman
downgrade sops dependency to v3.9.0
983f945 
This intentionally downgrades mozilla/sops version to v3.9.0.
The version v3.9.0 was built using MPL 2.0 licensed go module
of hashicorp/vault, all the versions of sops greater than
v3.9.0 are built using BSL 1.1 licensed go module of
hashicorp/vault.

Signed-off-by: Daman Arora <aroradaman@gmail.com>
@joaopapereira joaopapereira merged commit d38fe46 into carvel-dev:develop May 12, 2025
10 checks passed
@github-project-automation github-project-automation bot moved this to Closed in Carvel May 12, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joaopapereira joaopapereira joaopapereira approved these changes

Assignees

No one assigned

Labels

None yet

Projects

Carvel
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aroradaman @joaopapereira