Skip to content

fix: upgrade go and dependencies to fix CVEs #41255

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: 2.5
Choose a base branch
from
Open

fix: upgrade go and dependencies to fix CVEs #41255

wants to merge 1 commit into from

Conversation

liliu-z
Copy link
Member

@liliu-z liliu-z commented Apr 11, 2025
edited
Loading

pr: #40940

issue : #40933

@sre-ci-robot sre-ci-robot added the size/XS Denotes a PR that changes 0-9 lines. label Apr 11, 2025
@liliu-z liliu-z changed the title enhance: upgrade go and dependencies to fix CVEs fix: upgrade go and dependencies to fix CVEs Apr 11, 2025
@sre-ci-robot sre-ci-robot added the area/dependency Pull requests that update a dependency file label Apr 11, 2025
@mergify Mergify
Copy link
Contributor

mergify bot commented Apr 11, 2025

@liliu-z Please associate the related pr of master to the body of your Pull Request. (eg. “pr: #”)

@mergify mergify bot added dco-passed DCO check passed. do-not-merge/missing-related-pr kind/bug Issues or changes related a bug labels Apr 11, 2025
@sre-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: liliu-z

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@mergify Mergify
Copy link
Contributor

mergify bot commented Apr 11, 2025

@liliu-z go-sdk check failed, comment rerun go-sdk can trigger the job again.

@mergify Mergify
Copy link
Contributor

mergify bot commented Apr 11, 2025

@liliu-z E2e jenkins job failed, comment /run-cpu-e2e can trigger the job again.

@codecov Codecov
Copy link

codecov bot commented Apr 11, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 70.67%. Comparing base (b3d3a26) to head (a53bbda).
Report is 1 commits behind head on 2.5.

❌ Your project check has failed because the head coverage (70.67%) is below the target coverage (77.00%). You can increase the head coverage or adjust the target coverage.

❗ There is a different number of reports uploaded between BASE (b3d3a26) and HEAD (a53bbda). Click for more details.

HEAD has 1 upload less than BASE
Flag BASE (b3d3a26) HEAD (a53bbda)
2 1
Additional details and impacted files

Impacted file tree graph

@@             Coverage Diff             @@
##              2.5   #41255       +/-   ##
===========================================
- Coverage   80.85%   70.67%   -10.18%     
===========================================
  Files        1421      307     -1114     
  Lines      203230    29728   -173502     
===========================================
- Hits       164325    21011   -143314     
+ Misses      33142     8717    -24425     
+ Partials     5763        0     -5763
Components Coverage Δ
Client ∅ <ø> (∅)
Core 70.67% <ø> (+0.02%) ⬆️
Go ∅ <ø> (∅)

see 1120 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@sre-ci-robot sre-ci-robot added size/S Denotes a PR that changes 10-29 lines. and removed size/XS Denotes a PR that changes 0-9 lines. labels Apr 14, 2025
@sre-ci-robot sre-ci-robot added size/M Denotes a PR that changes 30-99 lines. and removed size/S Denotes a PR that changes 10-29 lines. labels Apr 15, 2025
@mergify Mergify
Copy link
Contributor

mergify bot commented Apr 15, 2025

@liliu-z E2e jenkins job failed, comment /run-cpu-e2e can trigger the job again.

@liliu-z liliu-z force-pushed the cp_40940 branch 3 times, most recently from e04494e to 07fcc3e Compare April 15, 2025 14:06
@xiaofan-luan @liliu-z
fix: upgrade go and dependencies to fix CVEs
a53bbda 
Signed-off-by: xiaofanluan <[email protected]>
Signed-off-by: Li Liu <[email protected]>
@mergify Mergify
Copy link
Contributor

mergify bot commented Apr 16, 2025

@liliu-z go-sdk check failed, comment rerun go-sdk can trigger the job again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@congqixia congqixia Awaiting requested review from congqixia

@czs007 czs007 Awaiting requested review from czs007

@yanliang567 yanliang567 Awaiting requested review from yanliang567

Assignees
No one assigned
Labels
approved area/dependency Pull requests that update a dependency file dco-passed DCO check passed. kind/bug Issues or changes related a bug size/M Denotes a PR that changes 30-99 lines.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@liliu-z @sre-ci-robot @xiaofan-luan