Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Dependencies #164

Merged
merged 4 commits into from
Mar 3, 2023
Merged

Update Dependencies #164

merged 4 commits into from
Mar 3, 2023

Conversation

gl-johnson
Copy link
Contributor

@gl-johnson gl-johnson commented Feb 7, 2023
edited
Loading

Desired Outcome

Update dependencies to address Snyk vulnerabilities. Ended up adding some misc cleanup tasks while working on failing builds.

Implemented Changes

  • Remove PHP test app
  • Update tests/integration/apps/java/pom.xml spring boot version
  • Update tests/integration/apps/ruby to Ruby 3, update dependencies
  • Update conjur-env/Dockerfile and tests/retrieve-secrets/Dockerfile golang base image to 1.20
  • Update conjur-env/go.mod dependencies
  • Prep for 2.2.7 release

A couple issues cropped up:

  • Spring Boot 3.x was causing CI issues with the Java test app so stick with latest 2.x for the time being
  • Currently Sinatra only supports Rack v2, so we're stuck with the latest 2.x version of Rack for now

Definition of Done

At least 1 todo must be completed in the sections below for the PR to be
merged.

Changelog

  • The CHANGELOG has been updated, or
  • This PR does not include user-facing changes and doesn't require a
    CHANGELOG update

Test coverage

  • This PR includes new unit and integration tests to go with the code
    changes, or
  • The changes in this PR do not require tests

Documentation

  • Docs (e.g. READMEs) were updated in this PR
  • A follow-up issue to update official docs has been filed here: [insert issue ID]
  • This PR does not require updating any documentation

Behavior

  • This PR changes product behavior and has been reviewed by a PO, or
  • These changes are part of a larger initiative that will be reviewed later, or
  • No behavior was changed with this PR

Security

  • Security architect has reviewed the changes in this PR,
  • These changes are part of a larger initiative with a separate security review, or
  • There are no security aspects to these changes

@gl-johnson gl-johnson force-pushed the update-dependencies branch 17 times, most recently from 6887186 to 6cbcd95 Compare February 28, 2023 19:45
@gl-johnson gl-johnson force-pushed the update-dependencies branch 8 times, most recently from 5aa4eea to 7d46157 Compare March 1, 2023 21:06
@gl-johnson gl-johnson force-pushed the update-dependencies branch 2 times, most recently from 40d4fb8 to 0720695 Compare March 1, 2023 21:50
This was referenced Mar 1, 2023
Closed
Closed
@gl-johnson gl-johnson force-pushed the update-dependencies branch 3 times, most recently from 23d427d to f975b28 Compare March 2, 2023 03:34
@gl-johnson gl-johnson force-pushed the update-dependencies branch from 0ae163a to 2b7ce1e Compare March 2, 2023 17:29
@gl-johnson gl-johnson marked this pull request as ready for review March 2, 2023 17:39
@gl-johnson gl-johnson requested review from a team as code owners March 2, 2023 17:39
john-odonnell
john-odonnell reviewed Mar 2, 2023
View reviewed changes
NOTICES.txt
@@ -110,7 +110,7 @@ limitations under the License.

BSD 3-clause "New" or "Revised" License is applicable to the following component(s).

>>> golang.org/x/sys-0.0.0-20220728004956-3c1f35247d10
>>> golang.org/x/sys-0.3.0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sys package version changed to 0.3.0 here, but not in the TOC.

.codeclimate.yml Outdated
@@ -16,7 +16,6 @@ plugins:
go:
java:
javascript:
php:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to remove this? I think this is a standard file we include in every repo.

@gl-johnson gl-johnson force-pushed the update-dependencies branch 2 times, most recently from 6a5d7b4 to fa82b3a Compare March 2, 2023 20:24
@gl-johnson gl-johnson force-pushed the update-dependencies branch from fa82b3a to 56c71af Compare March 2, 2023 20:50
john-odonnell
john-odonnell approved these changes Mar 2, 2023
View reviewed changes
Copy link
Contributor

@john-odonnell john-odonnell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@jtuttle jtuttle merged commit d4912f7 into main Mar 3, 2023
@jtuttle jtuttle deleted the update-dependencies branch March 3, 2023 14:22
@john-odonnell john-odonnell mentioned this pull request Mar 3, 2023
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@john-odonnell john-odonnell john-odonnell approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gl-johnson @john-odonnell @jtuttle