Skip to content

Upgrade many dependencies to resolve CVEs#5917

Merged
kflynn merged 5 commits intoemissary-ingress:dev/v4/mainfrom
kflynn:dev/v4/zencircle-cvefix
Mar 6, 2026
Merged

Upgrade many dependencies to resolve CVEs#5917
kflynn merged 5 commits intoemissary-ingress:dev/v4/mainfrom
kflynn:dev/v4/zencircle-cvefix

Conversation

@kflynn
Copy link
Member

@kflynn kflynn commented Mar 6, 2026
edited
Loading

(This is based @zencircle's #5916 -- thanks!)

This updates a lot of Go and Python PRs, with two particular noteworthy upgrades:

  • We hold the K8s client libraries at 0.30.2 rather than going to 0.30.3, since our code-generator is based on 0.30.2.
  • We also go to Python 3.13.5 -- uv doesn't have 3.12.12 so we may as well jump to 3.13.

Signed-off-by: Flynn emissary@flynn.kodachi.com

@kflynn kflynn requested a review from the-wondersmith March 6, 2026 03:03
@dosubot dosubot bot added size:L This PR changes 100-499 lines, ignoring generated files. dependencies Pull requests that update a dependency file go Pull requests that update Go code python Pull requests that update Python code labels Mar 6, 2026
zencircle and others added 3 commits March 5, 2026 22:20
@zencircle @kflynn
chore: Upgrade many dependencies to resolve CVEs, after work by bharg…
da1411b 
…av joshi <bhargav.joshi@gmail.com> -- thanks!

This version holds the K8s client libraries at 0.30.2 rather than going to 0.30.3, since our code-generator is based on 0.30.2.
It also goes to Python 3.13.5, since uv doesn't have 3.12.12 ready.

Signed-off-by: Flynn <emissary@flynn.kodachi.com>
@kflynn
chore: Mention dependency upgrades in CHANGELOG
c11e8f0 
Signed-off-by: Flynn <emissary@flynn.kodachi.com>
@kflynn
chore: Another dependency-update round, triggered by needing to go ge…
1e94918 
…t github.com/golangci/golangci-lint/pkg/config@v1.64.8

Signed-off-by: Flynn <emissary@flynn.kodachi.com>
@kflynn kflynn force-pushed the dev/v4/zencircle-cvefix branch from c006a06 to 1e94918 Compare March 6, 2026 03:23
@kflynn kflynn mentioned this pull request Mar 6, 2026
Closed
6 tasks
kflynn added 2 commits March 5, 2026 22:31
@kflynn
chore: Fix imports for golangci-lint specially.
d8a376d 
Signed-off-by: Flynn <emissary@flynn.kodachi.com>
@kflynn
chore: Fix imports for ct specifically!
59879f8 
Signed-off-by: Flynn <emissary@flynn.kodachi.com>
@dosubot dosubot bot added size:XL This PR changes 500-999 lines, ignoring generated files. and removed size:L This PR changes 100-499 lines, ignoring generated files. labels Mar 6, 2026
@kflynn kflynn requested review from Alice-Lilith and ppeble March 6, 2026 03:46
@emissary-ingress emissary-ingress deleted a comment from cocogitto-bot bot Mar 6, 2026
ppeble
ppeble approved these changes Mar 6, 2026
View reviewed changes
Copy link
Member

@ppeble ppeble left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚢

@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Mar 6, 2026
@the-wondersmith
Copy link

the-wondersmith commented Mar 6, 2026

@kflynn kflynn merged commit 8fdf9e2 into emissary-ingress:dev/v4/main Mar 6, 2026
10 checks passed
@kflynn kflynn deleted the dev/v4/zencircle-cvefix branch March 6, 2026 15:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ppeble ppeble ppeble approved these changes

@the-wondersmith the-wondersmith the-wondersmith approved these changes

@Alice-Lilith Alice-Lilith Awaiting requested review from Alice-Lilith

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code lgtm This PR has been approved by a maintainer python Pull requests that update Python code size:XL This PR changes 500-999 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kflynn @the-wondersmith @ppeble @zencircle