Skip to content

env(dev): enable SpaceRequestController #1286

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
openshift-merge-bot merged 2 commits into from
Jun 17, 2026
+34 −7
Merged

env(dev): enable SpaceRequestController #1286

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
87aefb5
env(dev): enable SpaceRequestController
xcoulon Jun 17, 2026
e399fe8
update govulncheck exclusions
xcoulon Jun 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 31 additions & 7 deletions .govulncheck.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,40 +4,64 @@ ignored-vulnerabilities:
# Fixed in: net/url@go1.25.8
- id: GO-2026-4601
info: https://pkg.go.dev/vuln/GO-2026-4601
silence-until: 2026-06-18
silence-until: 2026-07-17

@coderabbitai coderabbitai Bot Jun 17, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== go.mod toolchain/go version =="
rg -n '^(go|toolchain)\s+' go.mod || true

echo
echo "== Direct dependency pins relevant to this file =="
rg -n 'golang\.org/x/net|golang\.org/x/text' go.mod || true

echo
echo "== Ignored vuln entries in .govulncheck.yaml =="
rg -n 'id: GO-2026-|silence-until:' .govulncheck.yaml

echo
echo "== Optional: show all fixed-version notes in .govulncheck.yaml =="
rg -n '# Fixed in:' .govulncheck.yaml

Repository: codeready-toolchain/toolchain-e2e

Length of output: 1440

Address unfixed vulnerabilities rather than extending silence dates.

The project is running Go 1.24.4 and golang.org/x/net v0.47.0, which are prior to all fixed versions for the 8 vulnerabilities listed in this file (stdlib fixes in Go 1.25.8–1.25.11; golang.org/x/net fixes in v0.53.0–v0.55.0). Extending silence-until to 2026-07-17 masks active, unfixed security vulnerabilities in the development environment.

Update dependencies to pick up fixes, or document a clear remediation plan before extending silence dates.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.govulncheck.yaml at line 7, Rather than extending the silence-until date in
the govulncheck configuration, update the project dependencies to address the
actual vulnerabilities. Update the Go version from 1.24.4 to at least 1.25.8 or
later (to fix stdlib vulnerabilities) and upgrade golang.org/x/net from v0.47.0
to v0.53.0 or later (to fix golang.org/x/net vulnerabilities). After updating
these dependencies, re-run the vulnerability check and then modify the
silence-until field based on the actual vulnerability status, or remove it
entirely if all vulnerabilities are resolved.

# FileInfo can escape from a Root in os
# Found in: os@go1.24.13
# Fixed in: os@go1.25.8
- id: GO-2026-4602
info: https://pkg.go.dev/vuln/GO-2026-4602
silence-until: 2026-06-18
silence-until: 2026-07-17
# Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
# Found in: crypto/tls@go1.24.13
# Fixed in: crypto/tls@go1.25.9
- id: GO-2026-4870
info: https://pkg.go.dev/vuln/GO-2026-4870
silence-until: 2026-06-18
silence-until: 2026-07-17
# Inefficient policy validation in crypto/x509
# Found in: crypto/x509@go1.24.13
# Fixed in: crypto/x509@go1.25.9
- id: GO-2026-4946
info: https://pkg.go.dev/vuln/GO-2026-4946
silence-until: 2026-06-18
silence-until: 2026-07-17
# Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
# Found in: golang.org/x/net/http2@v0.47.0
# Fixed in: golang.org/x/net/http2@v0.53.0
- id: GO-2026-4918
info: https://pkg.go.dev/vuln/GO-2026-4918
silence-until: 2026-06-18
silence-until: 2026-07-17
# Unexpected work during chain building in crypto/x509
# Found in: crypto/x509@go1.24.13
# Fixed in: crypto/x509@go1.25.9
- id: GO-2026-4947
info: https://pkg.go.dev/vuln/GO-2026-4947
silence-until: 2026-06-18
silence-until: 2026-07-17
# Panic in Dial and LookupPort when handling NUL byte on Windows in net
# Found in: net@go1.24.13
# Fixed in: net@go1.25.10
- id: GO-2026-4971
info: https://pkg.go.dev/vuln/GO-2026-4971
silence-until: 2026-06-18
silence-until: 2026-07-17
# Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
# Found in: golang.org/x/net/idna@v0.47.0
# Fixed in: golang.org/x/net/idna@v0.55.0
- id: GO-2026-5026
info: https://pkg.go.dev/vuln/GO-2026-5026
silence-until: 2026-07-17
# Inefficient candidate hostname parsing in crypto/x509
# Found in: crypto/x509@go1.24.13
# Fixed in: crypto/x509@go1.25.11
- id: GO-2026-5037
info: https://pkg.go.dev/vuln/GO-2026-5037
silence-until: 2026-07-17
# Quadratic complexity in WordDecoder.DecodeHeader in mime
# Found in: mime@go1.24.13
# Fixed in: mime@go1.25.11
- id: GO-2026-5038
info: https://pkg.go.dev/vuln/GO-2026-5038
silence-until: 2026-07-17
# Arbitrary inputs are included in errors without any escaping in net/textproto
# Found in: net/textproto@go1.24.13
# Fixed in: net/textproto@go1.25.11
- id: GO-2026-5039
info: https://pkg.go.dev/vuln/GO-2026-5039
silence-until: 2026-07-17
3 changes: 3 additions & 0 deletions deploy/host-operator/dev/toolchainconfig.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ spec:
deactivationDomainsExcluded: '@redhat.com'
registrationService:
environment: 'dev'
spaceConfig:
spaceBindingRequestEnabled: false
spaceRequestEnabled: true
tiers:
defaultSpaceTier: 'base1ns'
members:
Expand Down
Loading