Skip to content

Update all Go modules #248

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Jul 10, 2025
Merged

Update all Go modules #248

merged 9 commits into from
Jul 10, 2025

Conversation

wallrj
Copy link
Member

@wallrj wallrj commented Jul 10, 2025
edited
Loading

In particular I updated

Fixes: #240

Testing

$ trivy fs .
2025-07-10T16:57:03+01:00       INFO    [vuln] Vulnerability scanning is enabled
2025-07-10T16:57:03+01:00       INFO    [secret] Secret scanning is enabled
2025-07-10T16:57:03+01:00       INFO    [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-07-10T16:57:03+01:00       INFO    [secret] Please see also https://trivy.dev/v0.61/docs/scanner/secret#recommendation for faster secret detection
2025-07-10T16:57:05+01:00       INFO    Number of language-specific files       num=2
2025-07-10T16:57:05+01:00       INFO    [gomod] Detecting vulnerabilities...

Report Summary

┌──────────────────────────────────────────────┬───────┬─────────────────┬─────────┐
│                    Target                    │ Type  │ Vulnerabilities │ Secrets │
├──────────────────────────────────────────────┼───────┼─────────────────┼─────────┤
│ go.mod                                       │ gomod │        0        │    -    │
├──────────────────────────────────────────────┼───────┼─────────────────┼─────────┤
│ internal/versionchecker/test/testdata/go.mod │ gomod │        0        │    -    │
└──────────────────────────────────────────────┴───────┴─────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)

About cert-manager v1.18.2

I did not update to cert-manager v1.18.2, because that seems to require some additional work on the conversion functions and I didn't want to do that here.

I've already done it once in one of the Dependabot PRs which got supplanted. I'll move those commits to a separate PR.

$ make generate
...
E0710 16:38:50.277598  107359 conversion.go:741] Warning: could not find nor generate a final Conversion function for github.com/cert-manager/cert-manager/pkg/apis/acme/v1.OrderSpec -> github.com/cert-manager/cmctl/v2/pkg/convert/internal/apis/acme.OrderSpec
E0710 16:38:50.277797  107359 conversion.go:742]   the following fields need manual conversion:
E0710 16:38:50.277804  107359 conversion.go:744]       - Profile
E0710 16:38:50.439329  107359 conversion.go:741] Warning: could not find nor generate a final Conversion function for github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1.CertificateSpec -> github.com/cert-manager/cmctl/v2/pkg/convert/internal/apis/certmanager.CertificateSpec
E0710 16:38:50.439383  107359 conversion.go:742]   the following fields need manual conversion:
E0710 16:38:50.439391  107359 conversion.go:744]       - SignatureAlgorithm
E0710 16:38:50.449181  107359 conversion.go:741] Warning: could not find nor generate a final Conversion function for github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1.VaultIssuer -> github.com/cert-manager/cmctl/v2/pkg/convert/internal/apis/certmanager.VaultIssuer
E0710 16:38:50.449228  107359 conversion.go:742]   the following fields need manual conversion:
E0710 16:38:50.449235  107359 conversion.go:744]       - ServerName
The following targets cannot be run simultaneously with each other or other generate scripts:

diff --git a/pkg/convert/internal/apis/acme/v1/zz_generated.conversion.go b/pkg/convert/internal/apis/acme/v1/zz_generated.conversion.go
index a1fefae..d61ed5f 100644
--- a/pkg/convert/internal/apis/acme/v1/zz_generated.conversion.go
+++ b/pkg/convert/internal/apis/acme/v1/zz_generated.conversion.go
@@ -987,6 +987,7 @@ func autoConvert_v1_ACMEIssuer_To_acme_ACMEIssuer(in *acmev1.ACMEIssuer, out *ac
        }
        out.DisableAccountKeyGeneration = in.DisableAccountKeyGeneration
        out.EnableDurationFeature = in.EnableDurationFeature
+       // WARNING: in.Profile requires manual conversion: does not exist in peer-type
        return nil
 }

@@ -1663,14 +1664,10 @@ func autoConvert_v1_OrderSpec_To_acme_OrderSpec(in *acmev1.OrderSpec, out *acme.
        out.DNSNames = *(*[]string)(unsafe.Pointer(&in.DNSNames))
        out.IPAddresses = *(*[]string)(unsafe.Pointer(&in.IPAddresses))
        out.Duration = (*pkgapismetav1.Duration)(unsafe.Pointer(in.Duration))
+       // WARNING: in.Profile requires manual conversion: does not exist in peer-type
        return nil
 }

-// Convert_v1_OrderSpec_To_acme_OrderSpec is an autogenerated conversion function.
-func Convert_v1_OrderSpec_To_acme_OrderSpec(in *acmev1.OrderSpec, out *acme.OrderSpec, s conversion.Scope) error {
-       return autoConvert_v1_OrderSpec_To_acme_OrderSpec(in, out, s)
-}
-
 func autoConvert_acme_OrderSpec_To_v1_OrderSpec(in *acme.OrderSpec, out *acmev1.OrderSpec, s conversion.Scope) error {
        out.Request = *(*[]byte)(unsafe.Pointer(&in.Request))
        if err := metav1.Convert_meta_ObjectReference_To_v1_ObjectReference(&in.IssuerRef, &out.IssuerRef, s); err != nil {

@wallrj-cyberark
Update helm.sh/helm/v3 to v3.18.4 to fix CVE-2025-53547
abd1d24 
```
_bin/tools/go get helm.sh/helm/v3@latest
_bin/tools/go mod tidy
```

Signed-off-by: Richard Wall <[email protected]>
@cert-manager-prow cert-manager-prow bot added dco-signoff: no Indicates that at least one commit in this pull request is missing the DCO sign-off message. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jul 10, 2025
@wallrj-cyberark
Update sigs.k8s.io/controller-runtime to version 0.21.0
e0180d9 
Signed-off-by: Richard Wall <[email protected]>
@wallrj-cyberark
Update sigs.k8s.io/yaml to version 1.5.0
04b2f14 
Signed-off-by: Richard Wall <[email protected]>
@wallrj-cyberark
Update github.com/go-logr/logr to version 1.4.3
2a17738 
Signed-off-by: Richard Wall <[email protected]>
@wallrj-cyberark
Update golang.org/x/sync to version 0.16.0
1154700 
Signed-off-by: Richard Wall <[email protected]>
@wallrj-cyberark
Update github.com/sergi/go-diff to version 1.4.0
b2323ff 
Signed-off-by: Richard Wall <[email protected]>
@wallrj-cyberark
Update k8s.io/kube-aggregator to version 0.33.2
2b71209 
Signed-off-by: Richard Wall <[email protected]>
@wallrj-cyberark
Update k8s.io/utils to version 0.0.0-20250604170112-4c0f3b243397
1f70ff6 
Signed-off-by: Richard Wall <[email protected]>
@wallrj-cyberark
Update github.com/cert-manager/cert-manager to v1.17.4
ed54255 
Signed-off-by: Richard Wall <[email protected]>
@wallrj wallrj force-pushed the go-mod-upgrade-1 branch from 105dc1f to ed54255 Compare July 10, 2025 15:48
@cert-manager-prow cert-manager-prow bot added dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. and removed dco-signoff: no Indicates that at least one commit in this pull request is missing the DCO sign-off message. labels Jul 10, 2025
@wallrj wallrj requested a review from inteon July 10, 2025 15:53
wallrj
wallrj commented Jul 10, 2025
View reviewed changes
go.mod
k8s.io/klog/v2 v2.130.1 // indirect
k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
oras.land/oras-go v1.2.5 // indirect
oras.land/oras-go/v2 v2.6.0 // indirect
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should fix #240

@inteon
Copy link
Member

inteon commented Jul 10, 2025

Thanks @wallrj

Indeed the dependabot upgrade was stuck on the cert-manager v1.18.2 changes.

/approve
/lgtm

@cert-manager-prow cert-manager-prow bot added the lgtm Indicates that a PR is ready to be merged. label Jul 10, 2025
@cert-manager-prow
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: inteon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@cert-manager-prow cert-manager-prow bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 10, 2025
@cert-manager-prow cert-manager-prow bot merged commit 1260250 into cert-manager:main Jul 10, 2025
5 checks passed
@wallrj wallrj deleted the go-mod-upgrade-1 branch July 10, 2025 16:17
@BrewTestBot BrewTestBot mentioned this pull request Jul 11, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@inteon inteon Awaiting requested review from inteon

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. lgtm Indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

High risk vulnerability with oras-go version

3 participants

@wallrj @inteon @wallrj-cyberark