Align knative/serving version across Modelmesh repositories #483
Assignees
Labels
bug
Something isn't working
Comments
|
Affected repositories:
|
And They all describe the same vulnerability, however. The Snyk and CVE reports recommend several "safe" versions to upgrade to. However, that list is not exhaustive. In fact the fix knative/serving#14523 for the vulnerability was back-ported to several release streams:
|
|
Ideally, we should be using the latest 0.3X.x, right? |
Well, possibly, yes, but we do need to pick the (latest) |
|
Indeed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Recently we had 2 CVEs in the
knative/servingcomponent which led us to update it to a newer version that would require k8s dependencies to be bumped to 0.27.x., but it is incompatible withcontroller-runtime0.14.x.For this reason, to be able to update the
knative/servingto a newer version we had to pin down the k8s version to 0.26.x.There are two vulnerabilities that are fixed by bumping Knative to 0.39.3:
To property update it, we would need, first, address #481 to not need to pin the k8s version, once it is updated, we can revert the replace tag changes and start using k8s 0.27.x
The text was updated successfully, but these errors were encountered: