Fix CVE-2022-41723 by updating golang.org/x/net dependency and upgrading Go to version 1.21 (#256)

akhateeb22 · web-flow · commit 4df125b601d9 · 2023-09-10T12:57:33.000+01:00
* Fix CVE-2022-41723 by updating golang.org/x/net dependency and upgrading Go to version 1.21 * Update version of Go used in github workflow
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -17,7 +17,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v3
       with:
-        go-version: 1.18
+        go-version: 1.21
 
     - name: Check out code
       uses: actions/checkout@v3.0.2
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
 ########################
 ### Builder          ###
 ########################
-FROM golang:1.18 as builder
+FROM golang:1.21 as builder
 RUN mkdir -p /kube-monkey
 COPY ./ /kube-monkey/
 WORKDIR /kube-monkey
diff --git a/go.mod b/go.mod
@@ -1,31 +1,32 @@
 module kube-monkey
 
-go 1.18
+go 1.21
 
 require (
 	github.com/fsnotify/fsnotify v1.6.0
-	github.com/golang/glog v1.0.0
+	github.com/golang/glog v1.1.2
 	github.com/pkg/errors v0.9.1
-	github.com/spf13/viper v1.15.0
-	github.com/stretchr/testify v1.8.1
-	k8s.io/api v0.26.1
-	k8s.io/apimachinery v0.26.1
-	k8s.io/client-go v0.26.1
+	github.com/spf13/viper v1.16.0
+	github.com/stretchr/testify v1.8.4
+	k8s.io/api v0.28.1
+	k8s.io/apimachinery v0.28.1
+	k8s.io/client-go v0.28.1
 )
 
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
-	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
-	github.com/go-logr/logr v1.2.3 // indirect
-	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
+	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/go-openapi/jsonpointer v0.20.0 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
-	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/go-openapi/swag v0.22.4 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/google/gnostic v0.6.9 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/uuid v1.3.1 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
@@ -35,31 +36,30 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/pelletier/go-toml v1.9.5 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
+	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/spf13/afero v1.9.3 // indirect
-	github.com/spf13/cast v1.5.0 // indirect
+	github.com/spf13/afero v1.9.5 // indirect
+	github.com/spf13/cast v1.5.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/stretchr/objx v0.5.0 // indirect
-	github.com/subosito/gotenv v1.4.2 // indirect
-	golang.org/x/net v0.5.0 // indirect
-	golang.org/x/oauth2 v0.4.0 // indirect
-	golang.org/x/sys v0.4.0 // indirect
-	golang.org/x/term v0.4.0 // indirect
-	golang.org/x/text v0.6.0 // indirect
+	github.com/stretchr/objx v0.5.1 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
+	golang.org/x/net v0.15.0 // indirect
+	golang.org/x/oauth2 v0.12.0 // indirect
+	golang.org/x/sys v0.12.0 // indirect
+	golang.org/x/term v0.12.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.28.1 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/klog/v2 v2.90.0 // indirect
-	k8s.io/kube-openapi v0.0.0-20230123231816-1cb3ae25d79a // indirect
-	k8s.io/utils v0.0.0-20230115233650-391b47cb4029 // indirect
+	k8s.io/klog/v2 v2.100.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20230905202853-d090da108d2f // indirect
+	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
 )
diff --git a/go.sum b/go.sum

-Original file line number
+Diff line change
 module kube-monkey
 -go 1.18
 +go 1.21
 require (
 	github.com/fsnotify/fsnotify v1.6.0
 -	github.com/golang/glog v1.0.0
 +	github.com/golang/glog v1.1.2
 	github.com/pkg/errors v0.9.1
 -	github.com/spf13/viper v1.15.0
 -	github.com/stretchr/testify v1.8.1
 -	k8s.io/api v0.26.1
 -	k8s.io/apimachinery v0.26.1
 -	k8s.io/client-go v0.26.1
 +	github.com/spf13/viper v1.16.0
 +	github.com/stretchr/testify v1.8.4
 +	k8s.io/api v0.28.1
 +	k8s.io/apimachinery v0.28.1
 +	k8s.io/client-go v0.28.1
+)
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 -	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
 -	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
 -	github.com/go-logr/logr v1.2.3 // indirect
 -	github.com/go-openapi/jsonpointer v0.19.6 // indirect
 +	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 +	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 +	github.com/go-logr/logr v1.2.4 // indirect
 +	github.com/go-openapi/jsonpointer v0.20.0 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
 -	github.com/go-openapi/swag v0.22.3 // indirect
 +	github.com/go-openapi/swag v0.22.4 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 -	github.com/golang/protobuf v1.5.2 // indirect
 -	github.com/google/gnostic v0.6.9 // indirect
 +	github.com/golang/protobuf v1.5.3 // indirect
 +	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 +	github.com/google/uuid v1.3.1 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 -	github.com/pelletier/go-toml v1.9.5 // indirect
 -	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
 +	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 -	github.com/spf13/afero v1.9.3 // indirect
 -	github.com/spf13/cast v1.5.0 // indirect
 +	github.com/spf13/afero v1.9.5 // indirect
 +	github.com/spf13/cast v1.5.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 -	github.com/stretchr/objx v0.5.0 // indirect
 -	github.com/subosito/gotenv v1.4.2 // indirect
 -	golang.org/x/net v0.5.0 // indirect
 -	golang.org/x/oauth2 v0.4.0 // indirect
 -	golang.org/x/sys v0.4.0 // indirect
 -	golang.org/x/term v0.4.0 // indirect
 -	golang.org/x/text v0.6.0 // indirect
 +	github.com/stretchr/objx v0.5.1 // indirect
 +	github.com/subosito/gotenv v1.6.0 // indirect
 +	golang.org/x/net v0.15.0 // indirect
 +	golang.org/x/oauth2 v0.12.0 // indirect
 +	golang.org/x/sys v0.12.0 // indirect
 +	golang.org/x/term v0.12.0 // indirect
 +	golang.org/x/text v0.13.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 -	google.golang.org/appengine v1.6.7 // indirect
 -	google.golang.org/protobuf v1.28.1 // indirect
 +	google.golang.org/appengine v1.6.8 // indirect
 +	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 -	k8s.io/klog/v2 v2.90.0 // indirect
 -	k8s.io/kube-openapi v0.0.0-20230123231816-1cb3ae25d79a // indirect
 -	k8s.io/utils v0.0.0-20230115233650-391b47cb4029 // indirect
 +	k8s.io/klog/v2 v2.100.1 // indirect
 +	k8s.io/kube-openapi v0.0.0-20230905202853-d090da108d2f // indirect
 +	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 -	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 +	sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
+)