-
Notifications
You must be signed in to change notification settings - Fork 493
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
host-ctr
: Upgrades go-restful
dependency used by containerd
#2813
host-ctr
: Upgrades go-restful
dependency used by containerd
#2813
Conversation
Signed-off-by: John McBride <jpmmcb@amazon.com>
Tests look good! 😄 ECS variant:Built a ECS variant off this branch and deployed a machine that attached to my default ECS cluster. Host containers status:
Starting a workload manually:
K8s variantBuilt and deployed an AMI to my existing cluster's launch group. Host-containers status:
Launching a container:
|
Looks like the replace could be removed when updating containerd to the latest 1.6.x version: https://github.com/containerd/containerd/releases/tag/v1.6.20 |
Gave it a go: #3062 |
Issue number:
N/a related to: emicklei/go-restful#489
host-ctr
orcontainerd
. The containerd code does not use CORS in it's restful API which is the main avenue for thego-restful
CVE. For more information: containerd/containerd#7117Description of changes:
Upgrades the
go-restful
library to the most recent v2In the diff, the most important piece is this in the
go.sum
. This effectively removes the v2.9.5 dependency used by containerd in favor of v2.16.0:- github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.16.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
Testing done:
More in depth testing incoming!
Terms of contribution:
By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.