chore: fix vulnerabilities and CI failures #1179
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Convert .golangci.yaml from v1 to v2 format with version: '2' - Replace deprecated linters: exportloopref -> copyloopvar - Move formatters (gofmt, gofumpt, goimports) to formatters section - Update linters.disable-all to linters.default: none - Update Go version in CI from 1.21 to 1.23 to match go.mod - Add exclusion for docs directory to avoid linting generated files Fixes the CI error: 'unsupported version of the configuration' Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com>
Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com>
Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com>
ashnamehrotra
force-pushed
the
fix-vulns
branch
from
21f4884 to
115c155
Compare
Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com>
Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com>
Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com>
|
Thanks for looking into this @ashnamehrotra! We look forward to the new release :) |
Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com>
Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com>
Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com>
Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com>
Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com>
Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com>
Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com>
Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com>
Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com>
Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com>
ashnamehrotra
force-pushed
the
fix-vulns
branch
from
aba19d2 to
8da8978
Compare
Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com>
Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com>
Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com>
sozercan
reviewed
Nov 26, 2025
sozercan
reviewed
Nov 26, 2025
sozercan
reviewed
Nov 26, 2025
| func checkNodeFitness(pod *corev1.Pod, node *corev1.Node) bool { | ||
| nodeInfo := framework.NewNodeInfo() | ||
| nodeInfo.SetNode(node) | ||
| // Check if node has sufficient resources for the pod |
Contributor
Author
There was a problem hiding this comment.
The framework package it was using introduces k8s.io/kubernetes vulnerabilities which is what this was trying to resolve. In order to upgrade this to latest version, it would require major controller runtime api changes. By removing the dependency on this we can eliminate both the dependency and vulns.
sozercan
reviewed
Nov 26, 2025
sozercan
reviewed
Nov 26, 2025
| return nil, err | ||
| } | ||
|
|
||
| //nolint:staticcheck // SA1019: grpc.DialContext is deprecated but maintains required blocking behavior |
Member
There was a problem hiding this comment.
can we open issues for these too
Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com>
ashnamehrotra
force-pushed
the
fix-vulns
branch
from
b8f458f to
6cb2b32
Compare
Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com>
sozercan
reviewed
Nov 26, 2025
sozercan
reviewed
Nov 26, 2025
sozercan
reviewed
Nov 26, 2025
Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com>
ashnamehrotra
force-pushed
the
fix-vulns
branch
from
c2aec66 to
0ee866c
Compare
Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com>
|
One of the specific vulns we're looking to get remediated by a new release is |
sozercan
reviewed
Dec 2, 2025
Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com> Signed-off-by: Ashna Mehrotra <ashnamehrotra@gmail.com>
Member
|
@christensenjairus yes, after this is merged and we cut a release that CVE will be resolved since we'll be building with latest version of Go |
ashnamehrotra
added a commit
to ashnamehrotra/eraser
that referenced
this pull request
Dec 2, 2025
Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com> Signed-off-by: Ashna Mehrotra <ashnamehrotra@gmail.com> Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com>
ashnamehrotra
added a commit
that referenced
this pull request
Dec 2, 2025
Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com> Signed-off-by: Ashna Mehrotra <ashnamehrotra@gmail.com> Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com>
alexlebens
pushed a commit
to alexlebens/infrastructure
that referenced
this pull request
Dec 3, 2025
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [eraser](https://github.com/eraser-dev/eraser) | minor | `v1.3.1` -> `1.4.1` | --- ### Release Notes <details> <summary>eraser-dev/eraser (eraser)</summary> ### [`v1.4.1`](https://github.com/eraser-dev/eraser/releases/tag/v1.4.1) [Compare Source](eraser-dev/eraser@v1.3.1...v1.4.1) #### Chores - Prepare v1.4.0 release ([#​1085](eraser-dev/eraser#1085)) [#​1085](eraser-dev/eraser#1085) ([github-actions\[bot\]](eraser-dev/eraser@e89d585)) - Prepare v1.4.1 release ([#​1190](eraser-dev/eraser#1190)) [#​1190](eraser-dev/eraser#1190) ([github-actions\[bot\]](eraser-dev/eraser@bb7634b)) - fix vulnerabilities and CI failures ([#​1179](eraser-dev/eraser#1179)) ([Ashna Mehrotra](eraser-dev/eraser@a9cfd88)) - revert "chore: Prepare v1.4.1 release" ([#​1191](eraser-dev/eraser#1191)) [#​1191](eraser-dev/eraser#1191) ([Ashna Mehrotra](eraser-dev/eraser@311e972)) - release 1.4.1 cherry pick module upgrades ([#​1192](eraser-dev/eraser#1192)) [#​1192](eraser-dev/eraser#1192) ([Ashna Mehrotra](eraser-dev/eraser@96b21ed)) - Prepare v1.4.1 release ([#​1193](eraser-dev/eraser#1193)) [#​1193](eraser-dev/eraser#1193) ([github-actions\[bot\]](eraser-dev/eraser@4b1a834)) #### Commits - [`1d7dabe`](eraser-dev/eraser@1d7dabe): Upgrade OpenTelemetry modules to v1.37.0 and migrate deprecated APIs ([#​1160](eraser-dev/eraser#1160)) (Copilot) - [`a5e6a65`](eraser-dev/eraser@a5e6a65): Merge branch 'release-1.4' of github.com:Azure/eraser into release-1.4 (ashnamehrotra) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41LjAiLCJ1cGRhdGVkSW5WZXIiOiI0Mi41LjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImNoYXJ0Il19--> Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/2217 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
Which issue(s) this PR fixes (optional, using
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when the PR gets merged):Fixes unit tests and updates all vulnerable modules/handles api incompatibilities introduced. Also fixes golang lint errors aside from revive lint (issue created for this for follow up as there are large file changes needed). Remaining vulnerability is from latest version of Trivy binary and cannot be resolved on eraser side:
Special notes for your reviewer: