packer-plugin-goss icon indicating copy to clipboard operation
packer-plugin-goss copied to clipboard

Published 20 hours ago verified publisher icon YaleUniversity

Bump packer-plugin-sdk to latest

Open SanikaGawhane opened this issue 2 years ago • 5 comments

Current version of packer-plugin (v0.2.3) has an old go-getter dependency (v2.0.0) that has CVEs - 30323, 30322, 30321

Latest release of packer-plugin-sdk (v0.3.2) has an updated go-getter 2.1.0 that resolves these.

After this is bumped, a new tag will be needed to be included in the image-builder project.

SanikaGawhane avatar Oct 17 '22 17:10 SanikaGawhane

@fishnix @jimmidyson PTAL. Thanks.

SanikaGawhane avatar Oct 17 '22 17:10 SanikaGawhane

@fishnix @jimmidyson Just checking if you got a chance to look at this. Please let me know if there are any other folks that might be more relevant for this PR/cutting a new tag. Thanks again.

SanikaGawhane avatar Oct 19 '22 00:10 SanikaGawhane

Thank you, @jimmidyson. Who would be the right person to get this merged and cut a new tag with these changes?

SanikaGawhane avatar Oct 19 '22 16:10 SanikaGawhane

@SanikaGawhane - I can do that for you. Were you looking to cut a pre release first or just a normal release?

btassone avatar Oct 19 '22 18:10 btassone

Hi @btassone. We need a new tag that includes changes merged with this PR. I'm not sure, what's the difference between pre release and a regular release. Please advise what you think would be the right approach for this. Thank you.

SanikaGawhane avatar Oct 19 '22 19:10 SanikaGawhane

Sorry @SanikaGawhane ignore what I said. Was thinking of a different repository. Merging and cutting a new release v3.1.4 here in a moment.

btassone avatar Oct 20 '22 20:10 btassone

Thanks, @btassone! Appreciate your timely help with this.

SanikaGawhane avatar Oct 20 '22 21:10 SanikaGawhane