Bump up minio/pkg to v3

[donatello]

No description provided.

[shtripat]

I remember Ramon has a PR (#3353) for below error

yarn audit v1.22.22
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ PDF.js vulnerable to arbitrary JavaScript execution upon     │
│               │ opening a malicious PDF                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ pdfjs-dist                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.2.67                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ react-pdf                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ react-pdf > pdfjs-dist                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1097244                     │
└───────────────┴──────────────────────────────────────────────────────────────┘
1 vulnerabilities found - Packages audited: [5](https://github.com/minio/console/actions/runs/9194814291/job/25289147192?pr=3349#step:4:6)40
Severity: 1 High
Done in 1.21s.

[harshavardhana]

@donatello PTAL

Building minio binary to './minio'
# github.com/minio/minio/cmd
Error: cmd/common-main.go:249:127: cannot use globalTLSCerts (variable of type *"github.com/minio/pkg/v2/certs".Manager) as *"github.com/minio/pkg/v3/certs".Manager value in assignment
make: *** [Makefile:162: build] Error 1
Error: Process completed with exit code 2.

[donatello]

@donatello PTAL

Building minio binary to './minio'
# github.com/minio/minio/cmd
Error: cmd/common-main.go:249:127: cannot use globalTLSCerts (variable of type *"github.com/minio/pkg/v2/certs".Manager) as *"github.com/minio/pkg/v3/certs".Manager value in assignment
make: *** [Makefile:162: build] Error 1
Error: Process completed with exit code 2.

This is because the test is pulling minio master branch and building, but minio also needs the pkg/V3 bump change. This test has a circular dep and can't run for this change.

[harshavardhana]

This is because the test is pulling minio master branch and building, but minio also needs the pkg/V3 bump change. This test has a circular dep and can't run for this change.

why can't it use go install -v github.com/minio/minio@latest ?

[donatello]

why can't it use go install -v github.com/minio/minio@latest ?

Because master doesn't have pkg/v3 yet. And console does in this pr. So they are kind of incompatible. Both repos need to be updated together and then this test will pass.

The merge-base changed after approval.

[ramondeklein]

I remember Ramon has a PR (#3353) for below error

Has been fixed and merged (see #3353).

[harshavardhana]

I think silly style of cyclical dependency we must remove.

[ramondeklein]

I think silly style of cyclical dependency we must remove.

@harshavardhana The most effective option would be to merge the console into this repository, but that will probably be a huge task.

A less intrusive method would be to try to change jobs.yaml. After cloning github.com/minio/minio, we could try to checkout the console branch in the minio repository:

      - name: Switch to the proper branch
        run: |
          git checkout "${{ github.head_ref || github.ref_name }}" || echo "Okay, we'll stay on the master branch"

You need to make sure the github.com/minio/minio repository should have the same branch-name as the console (and of course, make sure that it compiles with the console). The only drawback is that we normally create branches on our private account. But we could also try to clone minio from the same account. Would you like me to persue that option?

[harshavardhana]

yeah @ramondeklein lets try.