astefanutti commented on pull request #3119: URL: https://github.com/apache/camel-k/pull/3119#issuecomment-1073779030
> > > The PR #2845 is not aligned and it's not updated from a while, not sure it will be merged soon. @astefanutti can we switch to go 1.17? > > > > > > Generally, the Go version is driven by the version that is used by the Kubernetes dependencies we have. It could be possible to upgrade to 1.17, but if there is no special requirement, it's generally safer to follow Kubernetes. > > That being said, I fail to see the relationship between this PR and #2845. > > The original issue was related to some CVE in reported in Azure while deploying camel-k, updating to go 1.17 seems to be the fix for them. So, I asked the reporter to write a guide on how to deploy on AKS, he opened this PR, and then commented here about waiting for the Go upgrading. I see, this relates to #3113. If there are no incompatibility, we can upgrade Go even if the Kubernetes version that's currently use still uses 1.16. I can see it could possibly solve CVE-2022-24407, but for CVE-2022-24407 it's difficult to correlate the fix to a Go upgrade. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@camel.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
