From f7876aa8f8bc411153fc8e089fe2aefd6d86c60a Mon Sep 17 00:00:00 2001 From: Stuart Hayton Date: Mon, 8 Jan 2024 12:10:52 +0000 Subject: [PATCH] bump go-toolset to 1.20.10-3 bump release to v0.13.11 update golang.org/x/crypto remove delete of "secretnamespace" in Makefile - breaks tests Signed-off-by: Stuart Hayton --- CHANGELOG.md | 9 +++++++++ Dockerfile | 4 ++-- Makefile | 3 +-- go.mod | 8 ++++---- go.sum | 12 ++++++++---- helm/portieris/Chart.yaml | 2 +- helm/portieris/values.yaml | 2 +- 7 files changed, 26 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a6999361..f55a7fe8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,14 @@ This project adheres to [Semantic Versioning](http://semver.org/). ## v-next +## v0.13.11 + +Released 2024-01-09 + +* Update go-toolset:1.20.10-3 +* Rebuild/Package updates to remediate CVE-2023-3446 CVE-2023-3817 CVE-2023-5678 +* golang.org/x/crypto update for CVE-2023-48795 + ## v0.13.10 Released 2023-11-07 @@ -20,6 +28,7 @@ Released 2023-11-07 * Set nonroot user on image iconfig to supress container policy checkers. * Have nancy run from Dockerfile again. * Remediate CVE. + ## v0.13.9 Released 2023-11-01 diff --git a/Dockerfile b/Dockerfile index 8b2bef94..8b54e3eb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # This first stage of the build uses go-toolset to build the portieris binary creates # a simplified operating system image that satisfies vulnerability scanning requirements -FROM --platform=$BUILDPLATFORM registry.access.redhat.com/ubi8/go-toolset:1.19.13-2.1698062273 as builder +FROM --platform=$BUILDPLATFORM registry.access.redhat.com/ubi8/go-toolset:1.20.10-3 as builder ARG PORTIERIS_VERSION=undefined # switch to root user as we need to run yum and rpm to ensure packages are up to date @@ -22,7 +22,7 @@ RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build \ -tags containers_image_openpgp -o /opt/app-root/bin/portieris ./cmd/portieris RUN go version -m -v /opt/app-root/bin/portieris | (grep dep || true) | awk '{print "{\"Path\": \""$2 "\", \"Version\": \"" $3 "\"}"}' > /deps.jsonl -FROM registry.access.redhat.com/ubi8/go-toolset:1.19.13-2.1698062273 as installer +FROM registry.access.redhat.com/ubi8/go-toolset:1.20.10-3 as installer ARG TARGETOS TARGETARCH USER root RUN yum update -y diff --git a/Makefile b/Makefile index 06ae5cc0..9273c579 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ GOFILES=$(shell find . -type f -name '*.go' -not -path "./code-generator/*" -not -path "./pkg/apis/*") GOPACKAGES=$(shell go list ./... | grep -v test/ | grep -v pkg/apis/) -VERSION=v0.13.10 +VERSION=v0.13.11 TAG=$(VERSION) GOTAGS='containers_image_openpgp' @@ -105,7 +105,6 @@ e2e.quick.generic: e2e.quick.simple.clusterimagepolicy: go test -v ./test/e2e --no-install --simple-cluster-image-policy - -kubectl delete namespace secretnamespace -kubectl delete namespace $$(kubectl get namespaces | grep '[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*' | awk '{ print $$1 }' ) e2e.quick.simple.imagepolicy: diff --git a/go.mod b/go.mod index 02accbf3..17567b33 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/prometheus/client_golang v1.12.2 github.com/stretchr/testify v1.8.1 github.com/theupdateframework/notary v0.7.0 - golang.org/x/crypto v0.14.0 + golang.org/x/crypto v0.17.0 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.24.0 k8s.io/apiextensions-apiserver v0.0.0-00010101000000-000000000000 @@ -107,9 +107,9 @@ require ( go.mongodb.org/mongo-driver v1.11.2 // indirect golang.org/x/net v0.17.0 // indirect golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect - golang.org/x/sys v0.13.0 // indirect - golang.org/x/term v0.13.0 // indirect - golang.org/x/text v0.13.0 // indirect + golang.org/x/sys v0.15.0 // indirect + golang.org/x/term v0.15.0 // indirect + golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/protobuf v1.30.0 // indirect diff --git a/go.sum b/go.sum index f13de912..d319bb70 100644 --- a/go.sum +++ b/go.sum @@ -1146,8 +1146,9 @@ golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU= -golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1398,8 +1399,9 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1410,8 +1412,9 @@ golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= -golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= +golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1427,8 +1430,9 @@ golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/helm/portieris/Chart.yaml b/helm/portieris/Chart.yaml index d4b60656..1582da92 100644 --- a/helm/portieris/Chart.yaml +++ b/helm/portieris/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: portieris -version: v0.13.10 +version: v0.13.11 description: Admission Controller webhook for enforcing image trust in your cluster maintainers: - name: Stuart Hayton diff --git a/helm/portieris/values.yaml b/helm/portieris/values.yaml index 1119076f..3e2062ed 100644 --- a/helm/portieris/values.yaml +++ b/helm/portieris/values.yaml @@ -15,7 +15,7 @@ image: host: icr.io/portieris pullSecret: image: portieris - tag: v0.13.10 + tag: v0.13.11 pullPolicy: Always service: