Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: 4.16.0
Affects Version/s: 4.16.0
Component/s: Installer / openshift-installer
Labels:
None

Regression:
No
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:
N/A
Release Note Type:
Release Note Not Required
Release Note Status:
In Progress
Target Version:

4.16.0

SFDC Cases Counter:
SFDC Cases Links:

Description of problem:

To bump some dependencies for CVE fixes, we added `replace` directives in the go.mod file. These dependencies have since moved way past the pinned version.
We should drop the replaces before we run into problems from having deps pinned to versions that are too old. For example, I've seen PRs with the following diff:

# golang.org/x/net v0.23.0 => golang.org/x/net v0.5.0

which is not really what we want.

Version-Release number of selected component (if applicable):

    4.16

How reproducible:

    always

Steps to Reproduce:

    1.
    2.
    3.

Actual results:

    Some dependencies are not upgraded because they are pinned.

Expected results:

Additional info:

links to

openshift/installer#8271: OCPBUGS-32292: Remove deprecated replace directives

Assignee:: Rafael Fonseca dos Santos

Reporter:: Rafael Fonseca dos Santos

QA Contact:: Gaoyun Pei

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024/04/16 12:10 PM

Updated:: 2024/04/29 10:28 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates