chore: bump transitive dependencies #527
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mdelapenya
added
dependencies
Codecov Report
@@ Coverage Diff @@
## main #527 +/- ##
==========================================
- Coverage 68.88% 68.85% -0.04%
==========================================
Files 22 22
Lines 2144 2148 +4
==========================================
+ Hits 1477 1479 +2
- Misses 528 530 +2
Partials 139 139
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
|
I feel this PR can be converted from draft to an actual PR |
* main: Add system requirements parent docs page for podman and colima (#562) Support for cap-add/cap-drop (#555) fix container NetworkMode usage (#560) chore: use hashed versions of test-summary action (#556) chore: use container.State() function in tests (#543) Log docker server info (#548) docs: add docs regarding Colima usage (#547) chore: add emoji to breaking changes in release drafter (#542) chore: add CONTRIBUTING file (#539) issue #537 Rename the wait/multi.go file to wait/all.go (#541) docs: add a basic layout for wait strategies in docs (#536) docs: improve consistency and fix typos (#534) chore: do not skip test (#528) chore: include test flakiness in the release drafter (#535) chore: retire old versions of Go (#530)
* main: (79 commits) chore: reduce concurrent builds (testcontainers#702) chore: add mysql example (testcontainers#700) chore(deps): bump google.golang.org/api from 0.104.0 to 0.105.0 (testcontainers#699) chore(deps): bump google.golang.org/api in /examples/firestore (testcontainers#683) chore(deps): bump cloud.google.com/go/spanner in /examples/spanner (testcontainers#688) chore(deps): bump google.golang.org/api in /examples/pubsub (testcontainers#685) chore(deps): bump google.golang.org/api in /examples/spanner (testcontainers#684) chore(deps): bump google.golang.org/grpc in /examples/firestore (testcontainers#686) chore(deps): bump google.golang.org/api in /examples/bigtable (testcontainers#680) chore(deps): bump google.golang.org/api in /examples/datastore (testcontainers#678) chore(deps): bump golang.org/x/text from 0.3.7 to 0.5.0 (testcontainers#660) chore(deps): bump github.com/magiconair/properties from 1.8.6 to 1.8.7 (testcontainers#677) chore: postgres example (testcontainers#674) Add bigtable example (testcontainers#676) chore(deps): bump github.com/containerd/containerd from 1.6.10 to 1.6.12 (testcontainers#675) chore: run go mod tidy in examples (testcontainers#672) Improve datastore, firestore, pubsub and spanner tests (testcontainers#670) chore: group dependabot updates (testcontainers#668) chore: update mkdocs format to go-yaml v3 (testcontainers#667) chore: generate dependabot configs for examples (testcontainers#654) ...
|
I resolved conflicts and got this report: I believe the gorm dependency issue will disappear with #650, as it's pushed back to the compose module. OTOH, I ran which confirms that the gorm dependency was introduced by compose native support. Regarding apiserver, it is not required by the main module, and not sure how it gets into the dependencies, as it's not present at any file, including @kishaningithub because the number of issues has being removed from 23 (as shown in the original #326 issue) to 2 (1 after #650), I'd merge this PR as is, considering done. Wdyt? |
|
@mdelapenya Beautiful to see the vulnerabilities go from 23 to 2. Yes IMO this can be merged :-) |
mdelapenya
referenced
this pull request
in mdelapenya/testcontainers-go
Dec 21, 2022
* main: chore: bump transitive dependencies (#527)
mdelapenya
referenced
this pull request
in mdelapenya/testcontainers-go
Jan 4, 2023
* main: (44 commits) feat: support passing registry credentials to the reaper (testcontainers#647) fix: close response body in http strategy (testcontainers#718) chore: move e2e module to postgres example module (testcontainers#717) chore: bump containerd transitive dep in examples (testcontainers#715) chore(deps): bump github.com/containerd/containerd from 1.6.12 to 1.6.14 (testcontainers#703) chore(deps): bump github.com/compose-spec/compose-go in /modules/compose (testcontainers#710) chore: bump testcontainers-go to 0.17.0 in examples (testcontainers#714) chore(deps): bump github.com/docker/compose/v2 in /modules/compose (testcontainers#711) chore: support running MySQL compose in ARM (testcontainers#712) chore: simplify compose replace directives (testcontainers#713) chore: add compose module to dependabot (testcontainers#709) chore: move compose code to a separate module (testcontainers#650) docs: refine onboarding process with quickstart guide (testcontainers#706) chore: move redis-specific tests to the example module (testcontainers#701) chore: bump transitive dependencies (#527) chore: reduce concurrent builds (testcontainers#702) chore: add mysql example (testcontainers#700) chore(deps): bump google.golang.org/api from 0.104.0 to 0.105.0 (testcontainers#699) chore(deps): bump google.golang.org/api in /examples/firestore (testcontainers#683) chore(deps): bump cloud.google.com/go/spanner in /examples/spanner (testcontainers#688) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
It bumps the following deps to their latest released versions:
We have run the following command to detect the vulnerabilities:
go list -json -m all | docker run --rm -i sonatypecommunity/nancy:v1.0.39 sleuth --skip-update-checkIt has resolved 2 out of 5 security issues, but not sure how to resolve those 3 packages, as getting the :
Finally, it's adding a Make goal to scan the dependencies with the above command:
make dependencies-scan, which is available to any module via thecommons-test.mkfile.Why is it important?
This PR resolves 2 security issues, but there are still 3.
I've observed myself everything what @mwittig commented in #326 (comment), so I'd say that we are stuck on containerd's vulnerabilities.
Related issues
Follow-ups
As a follow-up, and once we are green in terms of dependencies, we could run it in the GH action and force a successful check in order to merge a PR.