[v13] Bump github.com/sigstore/cosign/v2 to 2.2.1 in /integrations/kube-agent-updater#34462
Conversation
Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.0.1-0.20230228132138-2f1ec646de33 to 2.2.1. - [Release notes](https://github.com/sigstore/cosign/releases) - [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md) - [Commits](https://github.com/sigstore/cosign/commits/v2.2.1) --- updated-dependencies: - dependency-name: github.com/sigstore/cosign/v2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
jentfoo
added
go
jentfoo
force-pushed
the
jent/cosign_update-v13
branch
from
dae671d to
6fc3430
Compare
| golang.org/x/mod v0.10.0 | ||
| k8s.io/api v0.26.1 | ||
| k8s.io/apimachinery v0.26.1 | ||
| github.com/sigstore/cosign/v2 v2.2.1 |
There was a problem hiding this comment.
Note that this is a 2 minors jump.
|
This PR updates a lot of dependencies, are we really forced to update the kube libraries versions? I'm asking because this could break compatibility with old Kubernetes versions and I'd rather not bump the kube minor version if we can avoid it. |
|
We do need this update in order to address CVE-2023-46737. Unfortunately cosign only released the fix as part of 2.2.1, so I don't see any older versions we can patch to. |
…thub.com/distribution/reference
public-teleport-github-review-bot
Bot
removed the request for review
from rosstimothy
|
@codingllama and @hugoShaka can you help me with this update? Do the failures here look familiar at all? I have looked for what change may be missing, but it's not obvious to me. v14 has been merged, so comparing the differences there may be useful. Thank you! |
According to the linter logs This suggests two incompatible libraries are used together: one does not properly implement the interface used by the other ( I'm not a go dependency expert so I cannot advise you on the magic commands to run to fix the broken dependencies. Maybe @codingllama will know a cool trick to fix this. |
|
A quick build attempt tells me the module needs tidying. After $ go build ./...
# sigs.k8s.io/controller-runtime/pkg/cache
/Users/alan/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.4/pkg/cache/multi_namespace_cache.go:308:9: cannot use handles (variable of type map[string]"k8s.io/client-go/tools/cache".ResourceEventHandlerRegistration) as "k8s.io/client-go/tools/cache".ResourceEventHandlerRegistration value in return statement: map[string]"k8s.io/client-go/tools/cache".ResourceEventHandlerRegistration does not implement "k8s.io/client-go/tools/cache".ResourceEventHandlerRegistration (missing method HasSynced)
/Users/alan/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.4/pkg/cache/multi_namespace_cache.go:321:9: cannot use handles (variable of type map[string]"k8s.io/client-go/tools/cache".ResourceEventHandlerRegistration) as "k8s.io/client-go/tools/cache".ResourceEventHandlerRegistration value in return statement: map[string]"k8s.io/client-go/tools/cache".ResourceEventHandlerRegistration does not implement "k8s.io/client-go/tools/cache".ResourceEventHandlerRegistration (missing method HasSynced)
/Users/alan/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.4/pkg/cache/multi_namespace_cache.go:326:17: impossible type assertion: h.(map[string]toolscache.ResourceEventHandlerRegistration)
map[string]"k8s.io/client-go/tools/cache".ResourceEventHandlerRegistration does not implement "k8s.io/client-go/tools/cache".ResourceEventHandlerRegistration (missing method HasSynced)Updating controller-runtime itself brings a whole new set of breakages. k8s modules can be pretty finicky to update. I can't say right now what would work, this would take me a while to fix. |
|
A quick blame shows me #31712, which we may need to backport along with this one. |
|
@codingllama I looked at that PR, however I don't believe it's necessary since the controller-runtime is not being updated as part of this. However I did not test it. |
|
I don't think you'll get this to build without updating the controller. |
* adapt code to deal with controller-runtime breaking changes * bump controller-runtime to v0.16.1
|
@hugoShaka With the runtime update this build appears to be passing. Can you re-review this PR and let me know if you feel there are significant compatibility concerns that we need to consider? |
|
Looks good to me |
3 participants
v13 Backport of #34428