Skip to content

Update go and action packages #268

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Update go and action packages #268

wants to merge 2 commits into from

Conversation

pandemicsyn
Copy link
Member

@pandemicsyn pandemicsyn commented Apr 3, 2025
edited
Loading

What this PR does / why we need it:

  • Update github.com/containerd/containerd from v1.7.24 to v1.7.27
  • Update golang.org/x/net from v0.34.0 to v0.36.0
  • Upgrade @actions/github from ^5.1.1 to ^6.0.0 to resolve multiple security updates (rather than trying to update transitives)

Which issue(s) this PR fixes:

Fixes https://github.com/replicatedhq/replicated-sdk/security/dependabot/31
Fixes https://github.com/replicatedhq/replicated-sdk/security/dependabot/30
Fixes https://github.com/replicatedhq/replicated-sdk/security/dependabot/29
Fixes https://github.com/replicatedhq/replicated-sdk/security/dependabot/28
Fixes https://github.com/replicatedhq/replicated-sdk/security/dependabot/27

Special notes for your reviewer:

Steps to reproduce

Does this PR introduce a user-facing change?

Does this PR require documentation?

@pandemicsyn
Update dependencies in go.mod and go.sum
1546738 
- Update github.com/containerd/containerd from v1.7.24 to v1.7.27
- Update golang.org/x/net from v0.34.0 to v0.36.0
@pandemicsyn
Update dependencies in cmx-versions action
96d2d9c 
- Upgrade @actions/github from ^5.1.1 to ^6.0.0 to resolve multiple security updates
- rebuild
@pandemicsyn
Copy link
Member Author

https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md#600

@pandemicsyn pandemicsyn marked this pull request as ready for review April 3, 2025 21:20
@pandemicsyn pandemicsyn requested a review from divolgin April 3, 2025 22:35
@pandemicsyn
Copy link
Member Author

Closing this out and resending since theres only one dependabot alert (containerd) left with the recent dagger refactor.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@divolgin divolgin Awaiting requested review from divolgin

Assignees
No one assigned
Labels
type::security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pandemicsyn