Merge pull request #1881 from justaugustus/cleanup

Update image versions, add release notes block, update guidance on reporting security issues

Merge pull request #1881 from justaugustus/cleanup
0f9e2888 · Stephen Augustus · GitHub · 324b1c88 · 8ed9ef8a · 0f9e2888
Unverified Commit 0f9e2888 authored 4 years ago by Stephen Augustus Committed by GitHub 4 years ago
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -7,10 +7,12 @@ Thank you for sending a pull request! Here some tips for contributors:
 4. If the Pull Request is a work in progress, make use of GitHub's "Draft PR" feature and mark it as such.
 -->

-**Overview**:
+#### Overview
+
 <!-- Describe your changes briefly here. -->

-**What problem does it solve?**:
+#### What this PR does / why we need it
+
 <!--
 - Please state in detail why we need this PR and what it solves.
 - If your PR closes some of the existing issues, please add links to them here.
@@ -18,4 +20,16 @@ Thank you for sending a pull request! Here some tips for contributors:
  Usage: "Closes #<issue number>", or "Closes (paste link of issue)"
 -->

-**Special notes for a reviewer**:
+#### Special notes for your reviewer
+
+#### Does this PR introduce a user-facing change?
+
+<!--
+If no, just write "NONE" in the release-note block below.
+If yes, a release note is required:
+Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
+-->
+
+```release-note
+
+```
--- a/Dockerfile
+++ b/Dockerfile
-FROM golang:1.15-alpine
+FROM golang:1.15.6-alpine3.12

 ARG TARGETOS
 ARG TARGETARCH

--- a/README.md
+++ b/README.md
@@ -103,7 +103,11 @@ All changes or deprecations of connector features will be announced in the [rele

 ## Reporting a security vulnerability

-Due to their public nature, GitHub and mailing lists are NOT appropriate places for reporting vulnerabilities. Please refer to CoreOS's [security disclosure][disclosure] process when reporting issues that may be security related.
+Due to their public nature, GitHub and mailing lists are NOT appropriate places
+for reporting vulnerabilities.
+
+Please email the [maintainers list][maintainers-list] to report issues that may
+be security-related.

 ## Getting help

@@ -126,4 +130,4 @@ on the Kubernetes Slack, or join the [dex-dev][dex-dev] mailing list.
 [issues]: https://github.com/dexidp/dex/issues
 [dex-dev]: https://groups.google.com/forum/#!forum/dex-dev
 [slack]: slack://channel?team=T09NY5SBT&id=C011URMR41W
-[disclosure]: https://coreos.com/security/disclosure/
+[maintainers-list]: mailto:cncf-dex-maintainers@lists.cncf.io
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -19,7 +19,7 @@ services:
      - "127.0.0.1:3306:3306"

  postgres:
-    image: postgres:10.8
+    image: postgres:10.15
    environment:
      POSTGRES_DB: dex
      POSTGRES_USER: postgres
@@ -28,7 +28,7 @@ services:
      - "127.0.0.1:5432:5432"

  etcd:
-    image: gcr.io/etcd-development/etcd:v3.2.9
+    image: gcr.io/etcd-development/etcd:v3.4.9
    environment:
      ETCD_LISTEN_CLIENT_URLS: http://0.0.0.0:2379
      ETCD_ADVERTISE_CLIENT_URLS: http://0.0.0.0:2379