-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix/fix issues #812
Fix/fix issues #812
Conversation
871ee4f
to
64fb46f
Compare
Codecov ReportBase: 96.81% // Head: 96.81% // No change to project coverage 👍
Additional details and impacted files@@ Coverage Diff @@
## develop #812 +/- ##
========================================
Coverage 96.81% 96.81%
========================================
Files 22 22
Lines 1226 1226
========================================
Hits 1187 1187
Misses 39 39
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
cc618d8
to
b60de4e
Compare
6bd78b0
to
e6c6d45
Compare
There is a transitiv dependency on frozenlist, which updated their package for python 3.11, but didn't add the package to pypi wheels. Thus, building on python >= 3.11 fails the whole docker building process ([issue](aio-libs/frozenlist#342)). Need to add gcc and libc to docker container as well as upgrade pip to resolve this. Secondly, there are two more vulnerabilities due to cosign, which cannot be fixed on our side. Ignore listing them until cosign publishes a new version.
The upload of the code coverage has nothing to do with connaisseurs functionality and thus should be optional.
Cosign changed its error code for non existant images and missing signatures in transparency logs, resulting connaisseur in throwing wrong errors as well. This has been fixed.
02e9178
to
ad974f7
Compare
There is a transitiv dependency on frozenlist, which updated their package for python 3.11, but didn't add the package to pypi wheels. Thus, building on python >= 3.11 fails the whole docker building process (issue). Switching to python 3.10. Secondly, there are two more vulnerabilities due to cosign, which cannot be fixed on our side. Ignore listing them until cosign publishes a new version.
Checklist
develop
values.yaml
andChart.yaml
(if necessary)