Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade migrate binary to v4.15.2 #18698

Closed
beltran-rubo opened this issue May 18, 2023 · 1 comment · Fixed by #18879
Closed

Upgrade migrate binary to v4.15.2 #18698

beltran-rubo opened this issue May 18, 2023 · 1 comment · Fixed by #18879
Assignees
@chlins
Labels
target/2.9.0

Comments

@beltran-rubo
Copy link

The migrate go-lang binary from https://github.com/golang-migrate/migrate is included in Harbor and have several CVEs related to go-lang libraries.

The version specified into the Makefile is 4.11.0 from 2020 but the latest version available in the official repo is 4.15.2. Is there any plans to upgrade this binary for Harbor project?
@chlins chlins self-assigned this May 22, 2023
@chlins
Copy link
Member

chlins commented May 22, 2023

The migrate version specified in the Makefile is only for notary, and notary has been deprecated and will be removed in the v2.9, so there's no plan to upgrade the migrate version for notary, but harbor upgrade also replies on the go-migrate(currently used 4.15.1 which defined in the go.mod), we can take a look on upgrade this to latest version.

@chlins chlins mentioned this issue Jul 2, 2023
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chlins chlins

Labels
target/2.9.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: upgrade golang-migrate to v4.16.2 chlins/harbor
2 participants
@beltran-rubo @chlins