Skip to content

Commit 182962b

Browse files
masapmasap
authored
Fix vulnerabilities (#2005)
* Bump some Github Actions Because CI failed with trailing error. This request has been automatically failed because it uses a deprecated version of `actions/upload-artifact: v3`. This request has been automatically failed because it uses a deprecated version of `actions/download-artifact: v3`. Signed-off-by: Masashi Honma <[email protected]> * Bump golang.org/x/net from v0.23.0 to v0.33.0 This patch fixes trailing vulnerability. sonobuoy (gobinary) Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) ┌──────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├──────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤ │ golang.org/x/net │ CVE-2024-45338 │ HIGH │ fixed │ v0.23.0 │ 0.33.0 │ golang.org/x/net/html: Non-linear parsing of │ │ │ │ │ │ │ │ case-insensitive content in golang.org/x/net/html │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-45338 │ └──────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘ Signed-off-by: Masashi Honma <[email protected]> * Bump golang from 1.23.1 to 1.23.6 to fix vulnerabilities ┌──────────────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────────────────┬──────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├──────────────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ stdlib │ CVE-2024-45336 │ MEDIUM │ │ v1.23.1 │ 1.22.11, 1.23.5, 1.24.0-rc2 │ golang: net/http: net/http: sensitive headers incorrectly │ │ │ │ │ │ │ │ sent after cross-domain redirect │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-45336 │ │ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤ │ │ CVE-2024-45341 │ │ │ │ │ golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can │ │ │ │ │ │ │ │ bypass URI name... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-45341 │ └──────────────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────────────────┴──────────────────────────────────────────────────────────────┘ ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬──────────────────────────────┬──────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├─────────┼────────────────┼──────────┼────────┼───────────────────┼──────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ stdlib │ CVE-2025-22866 │ MEDIUM │ fixed │ v1.23.5 │ 1.22.12, 1.23.6, 1.24.0-rc.3 │ crypto/internal/nistec: golang: Timing sidechannel for P-256 │ │ │ │ │ │ │ │ on ppc64le in crypto/internal/nistec │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-22866 │ └─────────┴────────────────┴──────────┴────────┴───────────────────┴──────────────────────────────┴──────────────────────────────────────────────────────────────┘ Signed-off-by: Masashi Honma <[email protected]> --------- Signed-off-by: Masashi Honma <[email protected]>
1 parent f2eeedc commit 182962b

File tree

5 files changed

+26
-26
lines changed

5 files changed

+26
-26
lines changed

.github/workflows/ci-test.yaml

+7-7
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ jobs:
3232
source ./scripts/build.sh
3333
save_images_to_tar
3434
- name: Save artifacts
35-
uses: actions/upload-artifact@v3
35+
uses: actions/upload-artifact@v4
3636
with:
3737
name: sonobuoy-build-linux-${{ github.run_id }}
3838
path: |
@@ -61,7 +61,7 @@ jobs:
6161
build_binary_GOOS_GOARCH windows amd64
6262
windows_containers
6363
- name: Save artifacts
64-
uses: actions/upload-artifact@v3
64+
uses: actions/upload-artifact@v4
6565
with:
6666
name: sonobuoy-build-windows-${{ github.run_id }}
6767
path: |
@@ -80,7 +80,7 @@ jobs:
8080
needs: [build-linux, unit-test-linux]
8181
steps:
8282
- name: Download binaries and prebuilt images
83-
uses: actions/download-artifact@v3
83+
uses: actions/download-artifact@v4
8484
with:
8585
name: sonobuoy-build-linux-${{ github.run_id }}
8686
path: build
@@ -108,7 +108,7 @@ jobs:
108108
clean
109109
setup_kind_cluster
110110
- name: Download binaries and prebuilt images
111-
uses: actions/download-artifact@v3
111+
uses: actions/download-artifact@v4
112112
with:
113113
name: sonobuoy-build-linux-${{ github.run_id }}
114114
path: build
@@ -130,7 +130,7 @@ jobs:
130130
VERBOSE=true SONOBUOY_CLI=../../build/linux/amd64/sonobuoy integration
131131
- name: Save artifacts
132132
if: ${{ always() }}
133-
uses: actions/upload-artifact@v3
133+
uses: actions/upload-artifact@v4
134134
with:
135135
name: sonobuoy-test-archives-${{ github.run_id }}
136136
path: |
@@ -142,12 +142,12 @@ jobs:
142142
steps:
143143
- uses: actions/checkout@v3
144144
- name: Download binaries and prebuilt images
145-
uses: actions/download-artifact@v3
145+
uses: actions/download-artifact@v4
146146
with:
147147
name: sonobuoy-build-linux-${{ github.run_id }}
148148
path: build
149149
- name: Download binaries and prebuilt images
150-
uses: actions/download-artifact@v3
150+
uses: actions/download-artifact@v4
151151
with:
152152
name: sonobuoy-build-windows-${{ github.run_id }}
153153
path: build

go.mod

+5-5
Original file line numberDiff line numberDiff line change
@@ -15,9 +15,9 @@ require (
1515
github.com/spf13/cobra v1.6.1
1616
github.com/spf13/pflag v1.0.5
1717
github.com/spf13/viper v1.18.0
18-
golang.org/x/sync v0.5.0
19-
golang.org/x/term v0.18.0
20-
golang.org/x/text v0.14.0
18+
golang.org/x/sync v0.10.0
19+
golang.org/x/term v0.27.0
20+
golang.org/x/text v0.21.0
2121
gopkg.in/yaml.v2 v2.4.0
2222
gopkg.in/yaml.v3 v3.0.1
2323
k8s.io/api v0.27.1
@@ -69,9 +69,9 @@ require (
6969
go.uber.org/atomic v1.9.0 // indirect
7070
go.uber.org/multierr v1.9.0 // indirect
7171
golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
72-
golang.org/x/net v0.23.0 // indirect
72+
golang.org/x/net v0.33.0 // indirect
7373
golang.org/x/oauth2 v0.15.0 // indirect
74-
golang.org/x/sys v0.18.0 // indirect
74+
golang.org/x/sys v0.28.0 // indirect
7575
golang.org/x/time v0.5.0 // indirect
7676
google.golang.org/appengine v1.6.7 // indirect
7777
google.golang.org/protobuf v1.33.0 // indirect

go.sum

+12-12
Original file line numberDiff line numberDiff line change
@@ -232,8 +232,8 @@ golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81R
232232
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
233233
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
234234
golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
235-
golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
236-
golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
235+
golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
236+
golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
237237
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
238238
golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
239239
golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ=
@@ -244,8 +244,8 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ
244244
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
245245
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
246246
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
247-
golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
248-
golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
247+
golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
248+
golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
249249
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
250250
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
251251
golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -258,18 +258,18 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
258258
golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
259259
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
260260
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
261-
golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
262-
golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
261+
golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
262+
golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
263263
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
264-
golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
265-
golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
264+
golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
265+
golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
266266
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
267267
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
268268
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
269269
golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
270270
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
271-
golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
272-
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
271+
golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
272+
golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
273273
golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
274274
golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
275275
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -280,8 +280,8 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn
280280
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
281281
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
282282
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
283-
golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ=
284-
golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
283+
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
284+
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
285285
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
286286
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
287287
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

scripts/build_funcs.sh

+1-1
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ IMAGE_BRANCH=$(git rev-parse --abbrev-ref HEAD | sed 's/\///g')
2828
GIT_REF_LONG=$(git rev-parse --verify HEAD)
2929

3030
BUILDMNT=/go/src/$GOTARGET
31-
BUILD_IMAGE=golang:1.23.1
31+
BUILD_IMAGE=golang:1.23.6
3232
AMD_IMAGE=gcr.io/distroless/static:nonroot
3333
ARM_IMAGE=gcr.io/distroless/static:nonroot-arm64
3434
PPC64LE_IMAGE=gcr.io/distroless/static:nonroot-ppc64le

test/integration/testImage/Dockerfile

+1-1
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
# See the License for the specific language governing permissions and
1313
# limitations under the License.
1414

15-
FROM golang:1.23.1 AS base
15+
FROM golang:1.23.6 AS base
1616
WORKDIR /src
1717

1818
# Handle the go modules first to take advantage of Docker cache.

0 commit comments

Comments
 (0)