Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-6860

Gitops-Backend relies on old version of ArgoCD

XMLWordPrintable

    • 1
    • False
    • Hide

      None

      Show
      None
    • False
    • Hide
      This update upgrades the Kubernetes and Argo CD dependencies used in the GitOps backend. Previously, older versions of these dependencies triggered vulnerability alerts in several CVE scanners.
      With this change, the backend aligns with more recent and secure versions of these libraries, addressing those flagged issues.
      Show
      This update upgrades the Kubernetes and Argo CD dependencies used in the GitOps backend. Previously, older versions of these dependencies triggered vulnerability alerts in several CVE scanners. With this change, the backend aligns with more recent and secure versions of these libraries, addressing those flagged issues.
    • 1
    • GitOps Crimson Sprint 19

      Description of Problem

      The  component in question is the "/backend-http" file within the image used by this operator version:

      [https://catalog.redhat.com/software/containers/openshift-gitops-1/gitops-rhel8/60428a206280a414853ec055?architecture=amd64&image=67fc6f0c639042b2fe7cc4a8&container-tabs=overview

      ] Analysis of the /backend-http file reveals a dependency on github.com/argoproj/argo-cd version v0.8.1-0.20210326223336-719d6a9c252e, as shown by the output:

       

      $ go version -m /backend-http | grep 0.8.1-0.20210326223336-719d6a9c252e 

dep github.com/argoproj/argo-cd v0.8.1-0.20210326223336-719d6a9c252e h1:JtCvIxZfCDdEQH9bbZam7/MlqdjZ2rFJApgVro4dB4M=

       

      Additional Info

      • <Any additional info such as logs, must-gather outputs, etc.>

      Problem Reproduction

      • <How do we reproduce the problem?>

      Reproducibility

      • <Always/Intermittent/Only Once>

      Prerequisites/Environment

      • <OpenShift, managed service (e.g., ROSA, ARO), operators, layered product, and other software versions, build details>

      Steps to Reproduce

      • ...

      Expected Results

      • ...

      Actual Results

      • ...

      Problem Analysis

      • <Completed by engineering team as part of the triage/refinement process>

      Root Cause

      • <What is the root cause of the problem? Or, why is it not a bug?>

      Workaround (If Possible)

      • <Are there any workarounds we can provide to the customers?>

      Fix Approaches

      • <If we decide to fix this bug, how will we do it?>

      Acceptance Criteria

      • ...

      Definition of Done

      • Code Complete:
        • All code has been written, reviewed, and approved.
      • Tested:
        • Unit tests have been written and passed.
        • Ensure code coverage is not reduced with the changes.
        • Integration tests have been automated.
        • System tests have been conducted, and all critical bugs have been fixed.
        • Tested and merged on OpenShift either upstream or downstream on a local build.
      • Documentation:
        • User documentation or release notes have been written (if applicable).
      • Build:
        • Code has been successfully built and integrated into the main repository / project.
        • Midstream changes (if applicable) are done, reviewed, approved and merged.
      • Review:
        • Code has been peer-reviewed and meets coding standards.
        • All acceptance criteria defined in the user story have been met.
        • Tested by reviewer on OpenShift.
      • Deployment:
        • The feature has been deployed on OpenShift cluster for testing.

              rh-ee-sghadi Siddhesh Ghadi
              rhn-support-jyarora Jyotsana Arora
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: