Skip to content

Upgrade nats to 2.9.x version with new on-disk storage and patch security vulnerabilties#2242

Merged
ddelnano merged 1 commit intopixie-io:mainfrom
ddelnano:ddelnano/upgrade-nats-to-new-storage
Jul 23, 2025
Merged

Upgrade nats to 2.9.x version with new on-disk storage and patch security vulnerabilties#2242
ddelnano merged 1 commit intopixie-io:mainfrom
ddelnano:ddelnano/upgrade-nats-to-new-storage

Conversation

@ddelnano
Copy link
Member

Summary: Upgrade nats to 2.9.x version with new on-disk storage and patch security vulnerabilities.

This change aims to prepare for a seamless upgrade to a more recent NATS version while addressing some security vulnerabilities. As mentioned in the NATS release notes, the v2.9.22+ release is aware of the on-disk storage changes introduced in v2.10.x. This makes it possible to downgrade from v2.10.x safely should the next, more ambitious upgrade result in issues.

Relevant Issues: N/A

Type of change: /kind dependencies

Test Plan: Skaffold'ed a cloud and vizier and acceptance tested common flows end to end

  • trivy scan for this image is clean
trivy image --scanners vuln ghcr.io/pixie-io/nats:2.9.25-scratch@sha256:869605f46ad21b76be1998e89345640671dbe46714105cf67676ddb0b78d3b85 -v
2025-07-23T05:25:23.173Z        INFO    Vulnerability scanning is enabled
2025-07-23T05:25:23.177Z        INFO    Number of language-specific files: 1
2025-07-23T05:25:23.177Z        INFO    Detecting gobinary vulnerabilities...

Changelog Message: Upgrade Cloud and Vizier NATS to v2.9.25. This upgrades NATS on-disk format to the one introduced in the v2.10.x series. Please see the NATS release notes for more details on this upgrade.

…rity vulnerabilities

Signed-off-by: Dom Del Nano <ddelnano@gmail.com>
(cherry picked from commit 16842c8)
@ddelnano ddelnano requested review from a team as code owners July 23, 2025 05:34
RUN git clone --depth 1 https://github.com/nats-io/nats-server.git
WORKDIR /src/nats-server
RUN git checkout $NATS_VERSION
RUN git fetch --tags && git checkout $NATS_VERSION
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was needed to avoid the following error:

 => ERROR [linux/amd64 build  7/11] RUN git checkout v2.9.25                                                                                                                                        0.2s
 => ERROR [linux/amd64->arm64 build  7/11] RUN git checkout v2.9.25                                                                                                                                 0.2s
------
 > [linux/amd64 build  7/11] RUN git checkout v2.9.25:
#0 0.215 error: pathspec 'v2.9.25' did not match any file(s) known to git
------
------
 > [linux/amd64->arm64 build  7/11] RUN git checkout v2.9.25:
#0 0.214 error: pathspec 'v2.9.25' did not match any file(s) known to git
------
Dockerfile:32
--------------------

@ddelnano ddelnano merged commit 3d2c6ef into pixie-io:main Jul 23, 2025
20 checks passed
@ddelnano ddelnano deleted the ddelnano/upgrade-nats-to-new-storage branch July 23, 2025 12:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants

Comments