Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump all dependencies #133

Merged
merged 1 commit into from
Nov 22, 2022

Conversation

jkroepke
Copy link
Member

Signed-off-by: Jan-Otto Kröpke [email protected]

This should resolve some vulnerability alerts:

jiralert % trivy filesystem .

go.mod (gomod)

Total: 60 (UNKNOWN: 26, LOW: 1, MEDIUM: 7, HIGH: 24, CRITICAL: 2)

@bwplotka
Copy link
Member

Thanks, but sounds like the CI changes you added have some issues to build our code.

Signed-off-by: Jan-Otto Kröpke <[email protected]>
@jkroepke
Copy link
Member Author

It works locally now:

% make
>> checking code style
>> checking license header
>> running golangci-lint
GO111MODULE=on go list -e -compiled -test=true -export=false -deps=true -find=false -tags= -- ./... > /dev/null
GO111MODULE=on /Users/jok/go/bin/golangci-lint run  ./...
WARN [runner] The linter 'golint' is deprecated (since v1.41.0) due to: The repository of the linter has been archived by the owner.  Replaced by revive. 
>> running check for unused/missing packages in go.mod
GO111MODULE=on go mod tidy
>> building binaries
GO111MODULE=on /Users/jok/go/bin/promu build --prefix /Users/jok/Downloads/jiralert 
 >   jiralert
>> running all tests
GO111MODULE=on go test   ./...
?       github.com/prometheus-community/jiralert/cmd/jiralert   [no test files]
?       github.com/prometheus-community/jiralert/pkg/alertmanager       [no test files]
ok      github.com/prometheus-community/jiralert/pkg/config     0.314s
ok      github.com/prometheus-community/jiralert/pkg/notify     0.410s
?       github.com/prometheus-community/jiralert/pkg/template   [no test files]
jok@CDT-MB-20200178 jiralert % make common-lint
>> running golangci-lint
GO111MODULE=on go list -e -compiled -test=true -export=false -deps=true -find=false -tags= -- ./... > /dev/null
GO111MODULE=on /Users/jok/go/bin/golangci-lint run  ./...
WARN [runner] The linter 'golint' is deprecated (since v1.41.0) due to: The repository of the linter has been archived by the owner.  Replaced by revive. 
jok@CDT-MB-20200178 jiralert % docker build -t a .            
[+] Building 38.6s (12/12) FINISHED                                                                                                                                                                                                                                                                                     
 => [internal] load build definition from Dockerfile                                                                                                                                                                                                                                                               0.0s
 => => transferring dockerfile: 37B                                                                                                                                                                                                                                                                                0.0s
 => [internal] load .dockerignore                                                                                                                                                                                                                                                                                  0.0s
 => => transferring context: 2B                                                                                                                                                                                                                                                                                    0.0s
 => [internal] load metadata for quay.io/prometheus/busybox-linux-amd64:latest                                                                                                                                                                                                                                     0.6s
 => [internal] load metadata for docker.io/library/golang:1.19                                                                                                                                                                                                                                                     1.6s
 => [builder 1/4] FROM docker.io/library/golang:1.19@sha256:25de7b6b28219279a409961158c547aadd0960cf2dcbc533780224afa1157fd4                                                                                                                                                                                       0.0s
 => [internal] load build context                                                                                                                                                                                                                                                                                  0.2s
 => => transferring context: 15.29MB                                                                                                                                                                                                                                                                               0.2s
 => CACHED [stage-1 1/2] FROM quay.io/prometheus/busybox-linux-amd64:latest@sha256:c9f983fc55b0b74723a69c31688cca7d5a2e5b2af7c954780f29a331817982f3                                                                                                                                                                0.0s
 => CACHED [builder 2/4] WORKDIR /go/src/github.com/prometheus-community/jiralert                                                                                                                                                                                                                                  0.0s
 => [builder 3/4] COPY . /go/src/github.com/prometheus-community/jiralert                                                                                                                                                                                                                                          0.1s
 => [builder 4/4] RUN GO111MODULE=on GOBIN=/tmp/bin make                                                                                                                                                                                                                                                          36.6s
 => [stage-1 2/2] COPY --from=builder /go/src/github.com/prometheus-community/jiralert/jiralert /bin/jiralert                                                                                                                                                                                                      0.0s 
 => exporting to image                                                                                                                                                                                                                                                                                             0.0s 
 => => exporting layers                                                                                                                                                                                                                                                                                            0.0s 
 => => writing image sha256:54b94b975d034b71309edd2b1a11154f4573046f0b59ce6f3c8215123da645fd                                                                                                                                                                                                                       0.0s
 => => naming to docker.io/library/a                                                                                                                                                                                                                                                                               0.0s

Use 'docker scan' to run Snyk tests against images to find vulnerabilities and learn how to fix them
jok@CDT-MB-20200178 jiralert % trivy image docker.io/library/a
2022-10-20T13:23:46.711+0200    INFO    Vulnerability scanning is enabled
2022-10-20T13:23:46.711+0200    INFO    Secret scanning is enabled
2022-10-20T13:23:46.711+0200    INFO    If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2022-10-20T13:23:46.711+0200    INFO    Please see also https://aquasecurity.github.io/trivy/v0.32/docs/secret/scanning/#recommendation for faster secret detection
2022-10-20T13:23:47.077+0200    INFO    Number of language-specific files: 1
2022-10-20T13:23:47.077+0200    INFO    Detecting gobinary vulnerabilities...

Copy link
Member

@bwplotka bwplotka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lgtm, thanks!

@jkroepke
Copy link
Member Author

@bwplotka are you able to merge and release this? Thanks

@bwplotka bwplotka merged commit f58ae33 into prometheus-community:master Nov 22, 2022
@jkroepke
Copy link
Member Author

@bwplotka It is possible to do a release including this PR?

@jkroepke jkroepke deleted the bump-dependendies branch November 24, 2022 15:36
bwplotka pushed a commit that referenced this pull request Apr 25, 2023
* Bump all dependencies (#133)

Signed-off-by: Jan-Otto Kröpke <[email protected]>

Signed-off-by: Jan-Otto Kröpke <[email protected]>
Signed-off-by: Holger Waschke <[email protected]>

* parameter to disable update jira issues

Signed-off-by: Holger Waschke <[email protected]>
Signed-off-by: Holger Waschke <[email protected]>

* rename parameter to make it more clear and avoid double negation. fix bug with missing return value.

Signed-off-by: Holger Waschke <[email protected]>

* Update main.go

Signed-off-by: dvag-holger-waschke <[email protected]>

* Update notify.go

Signed-off-by: dvag-holger-waschke <[email protected]>

* Update main.go

Signed-off-by: dvag-holger-waschke <[email protected]>

* Update main.go

Signed-off-by: dvag-holger-waschke <[email protected]>

* Update main.go

Signed-off-by: dvag-holger-waschke <[email protected]>

* Update notify.go

Signed-off-by: dvag-holger-waschke <[email protected]>

* fix for notify test

Signed-off-by: Holger Waschke <[email protected]>

---------

Signed-off-by: Jan-Otto Kröpke <[email protected]>
Signed-off-by: Holger Waschke <[email protected]>
Signed-off-by: Holger Waschke <[email protected]>
Signed-off-by: dvag-holger-waschke <[email protected]>
Co-authored-by: Jan-Otto Kröpke <[email protected]>
Co-authored-by: Holger Waschke <[email protected]>
rufusnufus pushed a commit to KazanExpress/jiralert that referenced this pull request May 13, 2024
…ity#150)

* Bump all dependencies (prometheus-community#133)

Signed-off-by: Jan-Otto Kröpke <[email protected]>

Signed-off-by: Jan-Otto Kröpke <[email protected]>
Signed-off-by: Holger Waschke <[email protected]>

* parameter to disable update jira issues

Signed-off-by: Holger Waschke <[email protected]>
Signed-off-by: Holger Waschke <[email protected]>

* rename parameter to make it more clear and avoid double negation. fix bug with missing return value.

Signed-off-by: Holger Waschke <[email protected]>

* Update main.go

Signed-off-by: dvag-holger-waschke <[email protected]>

* Update notify.go

Signed-off-by: dvag-holger-waschke <[email protected]>

* Update main.go

Signed-off-by: dvag-holger-waschke <[email protected]>

* Update main.go

Signed-off-by: dvag-holger-waschke <[email protected]>

* Update main.go

Signed-off-by: dvag-holger-waschke <[email protected]>

* Update notify.go

Signed-off-by: dvag-holger-waschke <[email protected]>

* fix for notify test

Signed-off-by: Holger Waschke <[email protected]>

---------

Signed-off-by: Jan-Otto Kröpke <[email protected]>
Signed-off-by: Holger Waschke <[email protected]>
Signed-off-by: Holger Waschke <[email protected]>
Signed-off-by: dvag-holger-waschke <[email protected]>
Co-authored-by: Jan-Otto Kröpke <[email protected]>
Co-authored-by: Holger Waschke <[email protected]>
rufusnufus added a commit to KazanExpress/jiralert that referenced this pull request May 13, 2024
* Better Jira error handling (prometheus-community#140)

* Better Jira error handling

* Return HTTP 400 Bad Request for non-retriable errors. It is inaccurate, but
  will prevent alertmanager from retrying.
* Turns out go-jira does actually produce useful error messages (and it consumes
  the response body in the process). Log that instead of the empty body.

Signed-off-by: Alin Sinpalean <[email protected]>

* Also include HTTP response status 429 among retriable errors.

Signed-off-by: Alin Sinpalean <[email protected]>

* Include both the go-jira error and the response body in errors. Sometimes go-jira consumes the body and includes it in its error, sometimes it doesn't.

Signed-off-by: Alin Sinpalean <[email protected]>

---------

Signed-off-by: Alin Sinpalean <[email protected]>
Co-authored-by: Alin Sinpalean <[email protected]>

* disable update existing jira issues with parameter (prometheus-community#150)

* Bump all dependencies (prometheus-community#133)

Signed-off-by: Jan-Otto Kröpke <[email protected]>

Signed-off-by: Jan-Otto Kröpke <[email protected]>
Signed-off-by: Holger Waschke <[email protected]>

* parameter to disable update jira issues

Signed-off-by: Holger Waschke <[email protected]>
Signed-off-by: Holger Waschke <[email protected]>

* rename parameter to make it more clear and avoid double negation. fix bug with missing return value.

Signed-off-by: Holger Waschke <[email protected]>

* Update main.go

Signed-off-by: dvag-holger-waschke <[email protected]>

* Update notify.go

Signed-off-by: dvag-holger-waschke <[email protected]>

* Update main.go

Signed-off-by: dvag-holger-waschke <[email protected]>

* Update main.go

Signed-off-by: dvag-holger-waschke <[email protected]>

* Update main.go

Signed-off-by: dvag-holger-waschke <[email protected]>

* Update notify.go

Signed-off-by: dvag-holger-waschke <[email protected]>

* fix for notify test

Signed-off-by: Holger Waschke <[email protected]>

---------

Signed-off-by: Jan-Otto Kröpke <[email protected]>
Signed-off-by: Holger Waschke <[email protected]>
Signed-off-by: Holger Waschke <[email protected]>
Signed-off-by: dvag-holger-waschke <[email protected]>
Co-authored-by: Jan-Otto Kröpke <[email protected]>
Co-authored-by: Holger Waschke <[email protected]>

* Adding getEnv templating function (prometheus-community#153)

Signed-off-by: Jiri Tyr <[email protected]>

* feat: add support for static jira labels (prometheus-community#154)

Signed-off-by: Herman Ewert <[email protected]>
Co-authored-by: Herman Ewert <[email protected]>

* Fix prometheus-community#146 (safe limit of 200 characters from group label value) (prometheus-community#147)

Signed-off-by: jzajic <[email protected]>

* doc(PAT): Adds doc for PAT usage (prometheus-community#155)

Signed-off-by: Julian Beck <[email protected]>

* truncate descriptions that exceed -max-description-length (default 32KB) (prometheus-community#165)

* truncate descriptions that exceed -max-description-length (default 32,768)

Signed-off-by: Jason Wells <[email protected]>

* Update main.go

size was off by 1

Signed-off-by: Jason Wells <[email protected]>

---------

Signed-off-by: Jason Wells <[email protected]>

* fix: 🐛 Fixes error message for doTransition to display the proper transition state (prometheus-community#176)

Signed-off-by: Nathan Gotz <[email protected]>

* search for existing issue in multiple projects (prometheus-community#162)

* search for existing issue in multiple projects

Signed-off-by: Jason Wells <[email protected]>

* Apply suggestions from code review

Co-authored-by: Bartlomiej Plotka <[email protected]>
Signed-off-by: Jason Wells <[email protected]>

---------

Signed-off-by: Jason Wells <[email protected]>
Co-authored-by: Bartlomiej Plotka <[email protected]>

* add Fingerprint field to Alert so that it may be used in templates (prometheus-community#152) (prometheus-community#163)

Signed-off-by: Jason Wells <[email protected]>

---------

Signed-off-by: Alin Sinpalean <[email protected]>
Signed-off-by: Jan-Otto Kröpke <[email protected]>
Signed-off-by: Holger Waschke <[email protected]>
Signed-off-by: Holger Waschke <[email protected]>
Signed-off-by: dvag-holger-waschke <[email protected]>
Signed-off-by: Jiri Tyr <[email protected]>
Signed-off-by: Herman Ewert <[email protected]>
Signed-off-by: jzajic <[email protected]>
Signed-off-by: Julian Beck <[email protected]>
Signed-off-by: Jason Wells <[email protected]>
Signed-off-by: Nathan Gotz <[email protected]>
Co-authored-by: Alin Sinpalean <[email protected]>
Co-authored-by: Alin Sinpalean <[email protected]>
Co-authored-by: dvag-holger-waschke <[email protected]>
Co-authored-by: Jan-Otto Kröpke <[email protected]>
Co-authored-by: Holger Waschke <[email protected]>
Co-authored-by: Jiri Tyr <[email protected]>
Co-authored-by: Herman <[email protected]>
Co-authored-by: Herman Ewert <[email protected]>
Co-authored-by: Jan Zajic <[email protected]>
Co-authored-by: Julian Beck <[email protected]>
Co-authored-by: Jason Wells <[email protected]>
Co-authored-by: Nathan Gotz <[email protected]>
Co-authored-by: Bartlomiej Plotka <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants