Make new v2.2.2 release of devfile/library

[michael-valdron]

Which area/kind this issue is related to?

/kind task

/area library
/area releng

Issue Description

A few steps to be done before a new v2.2.2 release of devfile/library can be made.

Acceptance Criteria

• Create new release on GitHub
• Make announcement about new version

[michael-valdron]

#1454 should be completed before v2.2.2 is released.

[Jdubrick]

@michael-valdron is this still blocked? Also, since the vulnerability fix went into registry-support we probably need to update the commit being used in library so that it can be apart of this release. wdyt?

[michael-valdron]

@Jdubrick

is this still blocked?

No, this should be unblocked now.

Also, since the vulnerability fix went into registry-support we probably need to update the commit being used in library so that it can be apart of this release. wdyt?

Yeah the devfile/library dependencies should be updated to use the release after v2.2.2 is cut 👍

[Jdubrick]

@Jdubrick

is this still blocked?

No, this should be unblocked now.

Also, since the vulnerability fix went into registry-support we probably need to update the commit being used in library so that it can be apart of this release. wdyt?

Yeah the devfile/library dependencies should be updated to use the release after v2.2.2 is cut 👍

@michael-valdron since in library it uses the registry-library portion of registry-support, should we not include the update to the dependencies on the library side before v2.2.2 is cut so that release contains the vulnerability fix upstream?
https://github.com/search?q=repo%3Adevfile%2Flibrary%20registry-support&type=code

[michael-valdron]

@Jdubrick

is this still blocked?

No, this should be unblocked now.

Also, since the vulnerability fix went into registry-support we probably need to update the commit being used in library so that it can be apart of this release. wdyt?

Yeah the devfile/library dependencies should be updated to use the release after v2.2.2 is cut 👍

@michael-valdron since in library it uses the registry-library portion of registry-support, should we not include the update to the dependencies on the library side before v2.2.2 is cut so that release contains the vulnerability fix upstream? https://github.com/search?q=repo%3Adevfile%2Flibrary%20registry-support&type=code

I believe it was already done by me last sprint under a dependabot PR devfile/library#204.

Unless there were other vulnerabilities raised and addressed since then.

[Jdubrick]

@Jdubrick

is this still blocked?

No, this should be unblocked now.

Also, since the vulnerability fix went into registry-support we probably need to update the commit being used in library so that it can be apart of this release. wdyt?

Yeah the devfile/library dependencies should be updated to use the release after v2.2.2 is cut 👍

@michael-valdron since in library it uses the registry-library portion of registry-support, should we not include the update to the dependencies on the library side before v2.2.2 is cut so that release contains the vulnerability fix upstream? https://github.com/search?q=repo%3Adevfile%2Flibrary%20registry-support&type=code

I believe it was already done by me last sprint under a dependabot PR devfile/library#204.

Unless there were other vulnerabilities raised and addressed since then.

No you're right I didn't properly check the commit hash to make sure it was one that contained the fix! I just wanted to make sure to take care of a ping I got regarding the library needing the registry-support changes for the vulnerability fix in next release.

[Jdubrick]

All work is completed on this other than the merge from main to v2.2.x release branch as PR checks are failing due to a token error. Going to move this issue into new sprint anyway to track it. Also assigned story points as all work is completed.

[Jdubrick]

Release branch PR: devfile/library#210

[Jdubrick]

Currently blocked by: #1495