Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump spegel to v0.0.20-k3s1 #9863

Merged
merged 3 commits into from
Apr 5, 2024
Merged

Bump spegel to v0.0.20-k3s1 #9863

merged 3 commits into from
Apr 5, 2024

Conversation

dereknola
Copy link
Member

@dereknola dereknola commented Apr 3, 2024
edited
Loading

Signed-off-by: Derek Nola [email protected]

Proposed Changes

  • New spegel version, upstream incorporated more of our patches, so we are down from 5 patches to 3 patches But we added more 🙃 .
  • Bumps libp2p, making Bump libp2p for riscv support #9719 redundant
  • Removes quic-go pins. The indirect version is now v0.42.0 (because we bumped libp2p), which resolves the CVE we originally pinned avoid.

Types of Changes

Dependency Bump

Verification

CI Green

Testing

Linked Issues

#7151

User-Facing Change

Further Comments

@dereknola dereknola requested a review from a team as a code owner April 3, 2024 20:37
@codecov Codecov
Copy link

codecov bot commented Apr 3, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 0% with 1 lines in your changes are missing coverage. Please review.

Project coverage is 46.67%. Comparing base (49414a8) to head (b5fc99a).
Report is 2 commits behind head on master.

Files Patch % Lines
pkg/spegel/spegel.go 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #9863      +/-   ##
==========================================
- Coverage   52.87%   46.67%   -6.20%     
==========================================
  Files         157      157              
  Lines       13822    13822              
==========================================
- Hits         7308     6452     -856     
- Misses       5128     6132    +1004     
+ Partials     1386     1238     -148
Flag Coverage Δ
e2etests 38.83% <0.00%> (-10.48%) ⬇️
inttests 39.41% <0.00%> (+0.06%) ⬆️
unittests 16.82% <0.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@brandond
Copy link
Member

brandond commented Apr 3, 2024

k3s-io/spegel@v0.0.18-k3s4...v0.0.19-k3s1

LGTM!

@brandond
Copy link
Member

brandond commented Apr 3, 2024
edited
Loading

We might have to revert this one: k3s-io/spegel@8a5978f
and keep this one instead: k3s-io/spegel@8fbe436

I don't agree with his approach to fixing the error handling. With his fix, if there is an error it just stops syncing images until the next time k3s is restarted.

brandond
brandond requested changes Apr 3, 2024
View reviewed changes
Copy link
Member

@brandond brandond left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit on dropped patches

@dereknola
Copy link
Member Author

Okay I can work on a patch bringing that back and put out a k3s2

@brandond
Copy link
Member

brandond commented Apr 4, 2024

yeah, probably just revert + cherry-pick should do it.

@dereknola dereknola changed the title Bump spegel to v0.0.19-k3s1 Bump spegel to v0.0.19-k3s2 Apr 4, 2024
@dereknola dereknola requested a review from brandond April 4, 2024 17:36
@brandond
Copy link
Member

brandond commented Apr 4, 2024

Now there's another one! https://github.com/spegel-org/spegel/releases/tag/v0.0.20

@dereknola
Copy link
Member Author

Welp, looks like its a high severity CVE on quic-go

@dereknola
Bump spegel to v0.0.20-k3s1
f62cc4a 
Signed-off-by: Derek Nola <[email protected]>
@dereknola
Remove deprecated libp2p Pretty function
1ff33df 
Signed-off-by: Derek Nola <[email protected]>
@dereknola
Remove quic-go pin
b5fc99a 
Pinned version is now out of date,  indirect dependencies are now newer, with CVE issue fixed
Signed-off-by: Derek Nola <[email protected]>
@dereknola dereknola changed the title Bump spegel to v0.0.19-k3s2 Bump spegel to v0.0.20-k3s1 Apr 4, 2024
@dereknola dereknola merged commit 9846a72 into k3s-io:master Apr 5, 2024
27 checks passed
This was referenced Apr 8, 2024
Merged
Merged
@cguertin14 cguertin14 mentioned this pull request Apr 27, 2024
Closed
@dereknola dereknola deleted the bump_spegel branch June 6, 2024 19:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vitorsavian vitorsavian vitorsavian approved these changes

@brandond brandond brandond approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dereknola @brandond @vitorsavian