Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bump helm client to v0.12.10 #788

Merged
merged 1 commit into from
Jun 26, 2024
Merged

bump helm client to v0.12.10 #788

merged 1 commit into from
Jun 26, 2024

Conversation

tariq1890
Copy link
Contributor

@tariq1890 tariq1890 commented Jun 26, 2024

This fixes some CVEs that were found in the helm.sh/helm dependency

P.S: I am not sure why dependabot isn't raising PRs for most of the gpu-operator deps

@cdesiniotis
Copy link
Contributor

P.S: I am not sure why dependabot isn't raising PRs for most of the gpu-operator deps

I believe dependabot is currently configured to only update our k8s.io dependencies:

    groups:
      k8sio:
        patterns:
          - k8s.io/*
        exclude-patterns:
          - k8s.io/klog/*

@tariq1890
Copy link
Contributor Author

@cdesiniotis I think that's only the group settings. The stanza however enables all of the go dep bumps. The same config works fine in the other repos

Verified

This commit was signed with the committer’s verified signature.
tariq1890 Tariq
Signed-off-by: Tariq Ibrahim <[email protected]>
@tariq1890 tariq1890 merged commit 58348b5 into main Jun 26, 2024
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants