Skip to content

Commit a31488c

Browse files
stefanprodanstefanprodan
authored
Merge pull request #661 from fluxcd/update-deps-cves
Update Alpine to v3.16
2 parents fec5316 + 0539f6f commit a31488c

File tree

4 files changed

+94
-76
lines changed

4 files changed

+94
-76
lines changed

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ COPY internal/ internal/
3131
ENV CGO_ENABLED=0
3232
RUN xx-go build -a -o kustomize-controller main.go
3333

34-
FROM alpine:3.15
34+
FROM alpine:3.16
3535

3636
RUN apk add --no-cache ca-certificates tini git openssh-client gnupg
3737

go.mod

Lines changed: 22 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -11,10 +11,10 @@ require (
1111
github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.13.2
1212
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.4.0
1313
github.com/aws/aws-sdk-go-v2 v1.16.4
14-
github.com/aws/aws-sdk-go-v2/config v1.15.4
15-
github.com/aws/aws-sdk-go-v2/credentials v1.12.0
16-
github.com/aws/aws-sdk-go-v2/service/kms v1.17.1
17-
github.com/aws/aws-sdk-go-v2/service/sts v1.16.4
14+
github.com/aws/aws-sdk-go-v2/config v1.15.7
15+
github.com/aws/aws-sdk-go-v2/credentials v1.12.2
16+
github.com/aws/aws-sdk-go-v2/service/kms v1.17.2
17+
github.com/aws/aws-sdk-go-v2/service/sts v1.16.6
1818
github.com/cyphar/filepath-securejoin v0.2.3
1919
github.com/dimchansky/utfbom v1.1.1
2020
github.com/drone/envsubst v1.0.3
@@ -28,17 +28,17 @@ require (
2828
github.com/fluxcd/pkg/testserver v0.2.0
2929
github.com/fluxcd/pkg/untar v0.1.0
3030
github.com/fluxcd/source-controller/api v0.24.4
31-
github.com/golang/protobuf v1.5.2
3231
github.com/hashicorp/go-retryablehttp v0.7.1
3332
github.com/hashicorp/vault/api v1.5.0
3433
github.com/onsi/gomega v1.19.0
3534
github.com/ory/dockertest v3.3.5+incompatible
3635
github.com/spf13/pflag v1.0.5
3736
go.mozilla.org/sops/v3 v3.7.3
38-
golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4
39-
google.golang.org/api v0.74.0
40-
google.golang.org/genproto v0.0.0-20220405205423-9d709892a2bf
41-
google.golang.org/grpc v1.45.0
37+
golang.org/x/net v0.0.0-20220524220425-1d687d428aca
38+
google.golang.org/api v0.81.0
39+
google.golang.org/genproto v0.0.0-20220525015930-6ca3db687a9d
40+
google.golang.org/grpc v1.46.2
41+
google.golang.org/protobuf v1.28.0
4242
k8s.io/api v0.24.0
4343
k8s.io/apiextensions-apiserver v0.24.0
4444
k8s.io/apimachinery v0.24.0
@@ -49,27 +49,21 @@ require (
4949
sigs.k8s.io/yaml v1.3.0
5050
)
5151

52-
// Fix CVE-2022-27191
53-
replace golang.org/x/crypto => golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4
54-
5552
// Pin kustomize to v4.5.5
5653
replace (
5754
sigs.k8s.io/kustomize/api => sigs.k8s.io/kustomize/api v0.11.5
5855
sigs.k8s.io/kustomize/kyaml => sigs.k8s.io/kustomize/kyaml v0.13.7
5956
)
6057

61-
// Fix CVE-2021-30465
62-
// Fix CVE-2021-43784
63-
// Fix GO-2021-0085
64-
// Fix GO-2021-0087
65-
replace github.com/opencontainers/runc => github.com/opencontainers/runc v1.0.3
58+
// Fix CVE-2022-29162
59+
replace github.com/opencontainers/runc => github.com/opencontainers/runc v1.1.2
6660

67-
// Fix CVE-2021-41190
68-
replace github.com/opencontainers/image-spec => github.com/opencontainers/image-spec v1.0.2
61+
// Fix CVE-2022-27191
62+
replace golang.org/x/crypto => golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898
6963

7064
require (
7165
cloud.google.com/go v0.100.2 // indirect
72-
cloud.google.com/go/compute v1.5.0 // indirect
66+
cloud.google.com/go/compute v1.6.1 // indirect
7367
cloud.google.com/go/iam v0.3.0 // indirect
7468
github.com/Azure/azure-sdk-for-go v63.3.0+incompatible // indirect
7569
github.com/Azure/azure-sdk-for-go/sdk/internal v0.9.1 // indirect
@@ -95,12 +89,12 @@ require (
9589
github.com/armon/go-metrics v0.3.10 // indirect
9690
github.com/armon/go-radix v1.0.0 // indirect
9791
github.com/aws/aws-sdk-go v1.43.43 // indirect
98-
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.4 // indirect
99-
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.10 // indirect
100-
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.4 // indirect
92+
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.5 // indirect
93+
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.11 // indirect
94+
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.5 // indirect
10195
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.12 // indirect
102-
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.4 // indirect
103-
github.com/aws/aws-sdk-go-v2/service/sso v1.11.4 // indirect
96+
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.5 // indirect
97+
github.com/aws/aws-sdk-go-v2/service/sso v1.11.5 // indirect
10498
github.com/aws/smithy-go v1.11.2 // indirect
10599
github.com/beorn7/perks v1.0.1 // indirect
106100
github.com/blang/semver v3.5.1+incompatible // indirect
@@ -127,14 +121,15 @@ require (
127121
github.com/golang-jwt/jwt v3.2.1+incompatible // indirect
128122
github.com/golang-jwt/jwt/v4 v4.3.0 // indirect
129123
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
124+
github.com/golang/protobuf v1.5.2 // indirect
130125
github.com/golang/snappy v0.0.4 // indirect
131126
github.com/google/btree v1.0.1 // indirect
132127
github.com/google/gnostic v0.5.7-v3refs // indirect
133128
github.com/google/go-cmp v0.5.8 // indirect
134129
github.com/google/gofuzz v1.2.0 // indirect
135130
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
136131
github.com/google/uuid v1.3.0 // indirect
137-
github.com/googleapis/gax-go/v2 v2.2.0 // indirect
132+
github.com/googleapis/gax-go/v2 v2.4.0 // indirect
138133
github.com/goware/prefixer v0.0.0-20160118172347-395022866408 // indirect
139134
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect
140135
github.com/hashicorp/errwrap v1.1.0 // indirect
@@ -204,13 +199,12 @@ require (
204199
go.uber.org/zap v1.21.0 // indirect
205200
golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 // indirect
206201
golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 // indirect
207-
golang.org/x/sys v0.0.0-20220513210249-45d2b4557a2a // indirect
202+
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
208203
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
209204
golang.org/x/text v0.3.7 // indirect
210205
golang.org/x/time v0.0.0-20220224211638-0e9765cccd65 // indirect
211206
gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
212207
google.golang.org/appengine v1.6.7 // indirect
213-
google.golang.org/protobuf v1.28.0 // indirect
214208
gopkg.in/inf.v0 v0.9.1 // indirect
215209
gopkg.in/ini.v1 v1.66.4 // indirect
216210
gopkg.in/square/go-jose.v2 v2.6.0 // indirect

0 commit comments

Comments
 (0)