Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[0.11.x] Bump lifecycle to 0.17.2 #1435

Merged
merged 1 commit into from
Nov 28, 2023
Merged

[0.11.x] Bump lifecycle to 0.17.2 #1435

merged 1 commit into from
Nov 28, 2023

Conversation

chenbh
Copy link
Contributor

@chenbh chenbh commented Nov 28, 2023

The lifecycle image is built with an older version of go that contains CVEs, this means that both the kpack deployment, the builder pod, and even the built app image will show up in scanners. By bumping to 0.17.2 (which is the highest backwards-compatible version), it at leasts resolves CVEs from the go stdlib (there's still go.mod CVEs, but not much we can do about that since lifecycle doesn't patch older versions).

The user facing changes would be that Buildpack API v0.9 and v0.10 would now be supported (we hard code the supported Platform API versions) . See https://github.com/buildpacks/lifecycle?tab=readme-ov-file#supported-apis for more details

@chenbh
bump lifecycle image to 0.17.2
9553edb 
this is the highest we can go without backwards incompatible changes.

this will introduce new Platform API version (although they won't be
used because we hardcode supported versions), and Buildpack API
versions.

Signed-off-by: Bohan Chen <[email protected]>
@chenbh chenbh requested a review from a team as a code owner November 28, 2023 19:43
@chenbh chenbh changed the title [0.10.x] Bump lifecycle to 0.17.2 [0.11.x] Bump lifecycle to 0.17.2 Nov 28, 2023
@codecov-commenter
Copy link

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (fb80b5b) 67.83% compared to head (9553edb) 67.83%.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@               Coverage Diff                @@
##           release/v0.11.x    #1435   +/-   ##
================================================
  Coverage            67.83%   67.83%           
================================================
  Files                  132      132           
  Lines                 8071     8071           
================================================
  Hits                  5475     5475           
  Misses                2166     2166           
  Partials               430      430

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@chenbh chenbh merged commit 03fb18a into release/v0.11.x Nov 28, 2023
16 checks passed
@chenbh chenbh deleted the 0-11-x-bump-lifecycle branch November 28, 2023 23:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomkennedy513 tomkennedy513 tomkennedy513 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@chenbh @codecov-commenter @tomkennedy513