diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 1df1eacac20..afc7b0d2fce 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -37,6 +37,13 @@ enabled: false, }, + // Re-enable vulnerability/security updates for active release branches + { + matchBaseBranches: ["release-2.5", "release-2.4", "release-2.3"], + isVulnerabilityAlert: true, + enabled: true, + }, + // Disable indirect go dependencies updates, resource: https://github.com/renovatebot/renovate/discussions/35225#discussioncomment-13666269 { matchManagers: ["gomod"], @@ -44,6 +51,14 @@ enabled: false, }, + // Re-enable vulnerability/security updates for indirect go dependencies + { + matchManagers: ["gomod"], + matchDepTypes: ["indirect"], + isVulnerabilityAlert: true, + enabled: true, + }, + { matchManagers: ["gomod"], matchBaseBranches: ["main"], diff --git a/go.mod b/go.mod index 5cef4043ed1..cd84deca09f 100644 --- a/go.mod +++ b/go.mod @@ -122,7 +122,7 @@ require ( github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect github.com/containerd/cgroups/v3 v3.0.3 // indirect - github.com/containerd/errdefs v0.3.0 // indirect + github.com/containerd/errdefs v1.0.0 // indirect github.com/containerd/errdefs/pkg v0.3.0 // indirect github.com/containerd/typeurl/v2 v2.2.0 // indirect github.com/contiv/libovsdb v0.0.0-20170227191248-d0061a53e358 // indirect diff --git a/go.sum b/go.sum index 1d2095f4f3d..9c65a3375f1 100644 --- a/go.sum +++ b/go.sum @@ -143,6 +143,8 @@ github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGD github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2WzJmticMgVuz0= github.com/containerd/errdefs v0.3.0 h1:FSZgGOeK4yuT/+DnF07/Olde/q4KBoMsaamhXxIMDp4= github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= +github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= +github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE= github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk= github.com/containerd/typeurl/v2 v2.2.0 h1:6NBDbQzr7I5LHgp34xAXYF5DOTQDn05X58lsPEmzLso= diff --git a/hack/update-renovate-baseBranches.sh b/hack/update-renovate-baseBranches.sh index 12f7aba8c2d..5401e980330 100755 --- a/hack/update-renovate-baseBranches.sh +++ b/hack/update-renovate-baseBranches.sh @@ -31,8 +31,8 @@ echo "Updating renovate configuration with versions: $VERSION1, $VERSION2, $VERS sed -i.bak "s/baseBranches: \[\"main\", \"[^\"]*\", \"[^\"]*\", \"[^\"]*\"\],/baseBranches: [\"main\", \"$VERSION1\", \"$VERSION2\", \"$VERSION3\"],/" "$RENOVATE_CONFIG" -# Update first matchBaseBranches occurrence that disables regular updates for active release branches -sed -i.bak2 "0,/matchBaseBranches: \[\"[^\"]*\", \"[^\"]*\", \"[^\"]*\"\],/{s/matchBaseBranches: \[\"[^\"]*\", \"[^\"]*\", \"[^\"]*\"\],/matchBaseBranches: [\"$VERSION1\", \"$VERSION2\", \"$VERSION3\"],/}" "$RENOVATE_CONFIG" +# Update all matchBaseBranches occurrences that list the active release branches +sed -i.bak2 "s/matchBaseBranches: \[\"release-[^\"]*\", \"release-[^\"]*\", \"release-[^\"]*\"\],/matchBaseBranches: [\"$VERSION1\", \"$VERSION2\", \"$VERSION3\"],/g" "$RENOVATE_CONFIG" rm -f "$RENOVATE_CONFIG.bak" "$RENOVATE_CONFIG.bak2"