From 079724a8e59630c9cc509d045a72734f160c2333 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 19 Feb 2024 14:13:51 +0100 Subject: [PATCH 1/8] update to go1.21.7 go1.21.7 (released 2024-02-06) includes fixes to the compiler, the go command, the runtime, and the crypto/x509 package. See the Go 1.21.7 milestone on our issue tracker for details: - https://github.com/golang/go/issues?q=milestone%3AGo1.21.7+label%3ACherryPickApproved - full diff: https://github.com/golang/go/compare/go1.21.6...go1.21.7 Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 20b9d489e044b7e1d65d3c568a147fb9a91a5113) Signed-off-by: Austin Vazquez --- .github/workflows/test.yml | 2 +- Dockerfile | 2 +- docker-bake.hcl | 2 +- dockerfiles/Dockerfile.dev | 2 +- dockerfiles/Dockerfile.lint | 2 +- dockerfiles/Dockerfile.vendor | 2 +- e2e/testdata/Dockerfile.gencerts | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 96c1d61b36f2..2def3d73534b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -63,7 +63,7 @@ jobs: name: Set up Go uses: actions/setup-go@v3 with: - go-version: 1.20.13 + go-version: 1.21.7 - name: Test run: | diff --git a/Dockerfile b/Dockerfile index 5316fc3b6071..78fed8bd83e1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 ARG BASE_VARIANT=alpine -ARG GO_VERSION=1.20.13 +ARG GO_VERSION=1.21.7 ARG ALPINE_VERSION=3.18 ARG XX_VERSION=1.1.1 ARG GOVERSIONINFO_VERSION=v1.3.0 diff --git a/docker-bake.hcl b/docker-bake.hcl index 058b75bb9f07..2be99233f39a 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -1,5 +1,5 @@ variable "GO_VERSION" { - default = "1.20.13" + default = "1.21.7" } variable "VERSION" { default = "" diff --git a/dockerfiles/Dockerfile.dev b/dockerfiles/Dockerfile.dev index 4612c1b0cb5c..0217fdf80e56 100644 --- a/dockerfiles/Dockerfile.dev +++ b/dockerfiles/Dockerfile.dev @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.20.13 +ARG GO_VERSION=1.21.7 ARG ALPINE_VERSION=3.18 ARG BUILDX_VERSION=0.11.2 diff --git a/dockerfiles/Dockerfile.lint b/dockerfiles/Dockerfile.lint index f3e927ae4c43..d64f419ce179 100644 --- a/dockerfiles/Dockerfile.lint +++ b/dockerfiles/Dockerfile.lint @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.20.13 +ARG GO_VERSION=1.21.7 ARG ALPINE_VERSION=3.18 ARG GOLANGCI_LINT_VERSION=v1.52.2 diff --git a/dockerfiles/Dockerfile.vendor b/dockerfiles/Dockerfile.vendor index d8a0fab08d10..1fc74d9535e4 100644 --- a/dockerfiles/Dockerfile.vendor +++ b/dockerfiles/Dockerfile.vendor @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.20.13 +ARG GO_VERSION=1.21.7 ARG ALPINE_VERSION=3.18 ARG MODOUTDATED_VERSION=v0.8.0 diff --git a/e2e/testdata/Dockerfile.gencerts b/e2e/testdata/Dockerfile.gencerts index 054ced337d3e..7a3590f43e74 100644 --- a/e2e/testdata/Dockerfile.gencerts +++ b/e2e/testdata/Dockerfile.gencerts @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.20.13 +ARG GO_VERSION=1.21.7 FROM golang:${GO_VERSION}-alpine AS generated RUN go install github.com/dmcgowan/quicktls@master From d803935e23cf5ba32754db24de83951e6a64f009 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 28 Aug 2023 23:21:03 +0200 Subject: [PATCH 2/8] update golangci-lint to v1.54.2 Signed-off-by: Sebastiaan van Stijn (cherry picked from commit db6209abdddf2da9cc1bcdb8d2aa478cd5e6ba39) Signed-off-by: Austin Vazquez --- .golangci.yml | 11 +++++------ cli/command/service/opts.go | 2 +- dockerfiles/Dockerfile.lint | 2 +- e2e/internal/fixtures/fixtures.go | 4 ++-- 4 files changed, 9 insertions(+), 10 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 32ad73a065ac..5553fb533792 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -32,12 +32,11 @@ run: linters-settings: depguard: - list-type: blacklist - include-go-root: true - packages: - # The io/ioutil package has been deprecated. - # https://go.dev/doc/go1.16#ioutil - - io/ioutil + rules: + main: + deny: + - pkg: io/ioutil + desc: The io/ioutil package has been deprecated, see https://go.dev/doc/go1.16#ioutil gocyclo: min-complexity: 16 govet: diff --git a/cli/command/service/opts.go b/cli/command/service/opts.go index 97201fd432de..2149241af26b 100644 --- a/cli/command/service/opts.go +++ b/cli/command/service/opts.go @@ -1001,7 +1001,7 @@ const ( flagTTY = "tty" flagUpdateDelay = "update-delay" flagUpdateFailureAction = "update-failure-action" - flagUpdateMaxFailureRatio = "update-max-failure-ratio" + flagUpdateMaxFailureRatio = "update-max-failure-ratio" // #nosec G101 -- ignoring: Potential hardcoded credentials (gosec) flagUpdateMonitor = "update-monitor" flagUpdateOrder = "update-order" flagUpdateParallelism = "update-parallelism" diff --git a/dockerfiles/Dockerfile.lint b/dockerfiles/Dockerfile.lint index d64f419ce179..c98c559f65dd 100644 --- a/dockerfiles/Dockerfile.lint +++ b/dockerfiles/Dockerfile.lint @@ -2,7 +2,7 @@ ARG GO_VERSION=1.21.7 ARG ALPINE_VERSION=3.18 -ARG GOLANGCI_LINT_VERSION=v1.52.2 +ARG GOLANGCI_LINT_VERSION=v1.54.2 FROM golangci/golangci-lint:${GOLANGCI_LINT_VERSION}-alpine AS golangci-lint diff --git a/e2e/internal/fixtures/fixtures.go b/e2e/internal/fixtures/fixtures.go index 7672c033b5d1..700928b03b8e 100644 --- a/e2e/internal/fixtures/fixtures.go +++ b/e2e/internal/fixtures/fixtures.go @@ -17,11 +17,11 @@ const ( // AlpineImage is an image in the test registry AlpineImage = "registry:5000/alpine:3.6" // AlpineSha is the sha of the alpine image - AlpineSha = "641b95ddb2ea9dc2af1a0113b6b348ebc20872ba615204fbe12148e98fd6f23d" + AlpineSha = "641b95ddb2ea9dc2af1a0113b6b348ebc20872ba615204fbe12148e98fd6f23d" // #nosec G101 -- ignoring: Potential hardcoded credentials (gosec) // BusyboxImage is an image in the test registry BusyboxImage = "registry:5000/busybox:1.27.2" // BusyboxSha is the sha of the busybox image - BusyboxSha = "030fcb92e1487b18c974784dcc110a93147c9fc402188370fbfd17efabffc6af" + BusyboxSha = "030fcb92e1487b18c974784dcc110a93147c9fc402188370fbfd17efabffc6af" // #nosec G101 -- ignoring: Potential hardcoded credentials (gosec) ) // SetupConfigFile creates a config.json file for testing From 40e9c14c5f45957b0b982b5b6c2728bf8de9b233 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Tue, 5 Mar 2024 22:04:00 +0100 Subject: [PATCH 3/8] update to go1.21.8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit go1.21.8 (released 2024-03-05) includes 5 security fixes: - crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783, https://go.dev/issue/65390) - net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290, https://go.dev/issue/65383) - net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289, https://go.dev/issue/65065) - html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785, https://go.dev/issue/65697) - net/mail: comments in display names are incorrectly handled (CVE-2024-24784, https://go.dev/issue/65083) View the release notes for more information: https://go.dev/doc/devel/release#go1.21.8 - https://github.com/golang/go/issues?q=milestone%3AGo1.21.8+label%3ACherryPickApproved - full diff: https://github.com/golang/go/compare/go1.21.6...go1.21.8 Signed-off-by: Paweł Gronowski (cherry picked from commit 3b7747794392e448a9b5ea9cef85972258e0aa2b) Signed-off-by: Austin Vazquez --- .github/workflows/test.yml | 2 +- Dockerfile | 2 +- docker-bake.hcl | 2 +- dockerfiles/Dockerfile.dev | 2 +- dockerfiles/Dockerfile.lint | 2 +- dockerfiles/Dockerfile.vendor | 2 +- e2e/testdata/Dockerfile.gencerts | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2def3d73534b..6e5f550c8c5e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -63,7 +63,7 @@ jobs: name: Set up Go uses: actions/setup-go@v3 with: - go-version: 1.21.7 + go-version: 1.21.8 - name: Test run: | diff --git a/Dockerfile b/Dockerfile index 78fed8bd83e1..f7adec96afe5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 ARG BASE_VARIANT=alpine -ARG GO_VERSION=1.21.7 +ARG GO_VERSION=1.21.8 ARG ALPINE_VERSION=3.18 ARG XX_VERSION=1.1.1 ARG GOVERSIONINFO_VERSION=v1.3.0 diff --git a/docker-bake.hcl b/docker-bake.hcl index 2be99233f39a..fccd07088827 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -1,5 +1,5 @@ variable "GO_VERSION" { - default = "1.21.7" + default = "1.21.8" } variable "VERSION" { default = "" diff --git a/dockerfiles/Dockerfile.dev b/dockerfiles/Dockerfile.dev index 0217fdf80e56..ae3b7153bcbc 100644 --- a/dockerfiles/Dockerfile.dev +++ b/dockerfiles/Dockerfile.dev @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.21.7 +ARG GO_VERSION=1.21.8 ARG ALPINE_VERSION=3.18 ARG BUILDX_VERSION=0.11.2 diff --git a/dockerfiles/Dockerfile.lint b/dockerfiles/Dockerfile.lint index c98c559f65dd..4c9a246fa9ce 100644 --- a/dockerfiles/Dockerfile.lint +++ b/dockerfiles/Dockerfile.lint @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.21.7 +ARG GO_VERSION=1.21.8 ARG ALPINE_VERSION=3.18 ARG GOLANGCI_LINT_VERSION=v1.54.2 diff --git a/dockerfiles/Dockerfile.vendor b/dockerfiles/Dockerfile.vendor index 1fc74d9535e4..897176a5a2f5 100644 --- a/dockerfiles/Dockerfile.vendor +++ b/dockerfiles/Dockerfile.vendor @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.21.7 +ARG GO_VERSION=1.21.8 ARG ALPINE_VERSION=3.18 ARG MODOUTDATED_VERSION=v0.8.0 diff --git a/e2e/testdata/Dockerfile.gencerts b/e2e/testdata/Dockerfile.gencerts index 7a3590f43e74..f47d3d695677 100644 --- a/e2e/testdata/Dockerfile.gencerts +++ b/e2e/testdata/Dockerfile.gencerts @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.21.7 +ARG GO_VERSION=1.21.8 FROM golang:${GO_VERSION}-alpine AS generated RUN go install github.com/dmcgowan/quicktls@master From a7b12f7e2a64715fc4c1978774b542863eb564d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Fri, 5 Apr 2024 12:39:50 +0200 Subject: [PATCH 4/8] update to go1.21.9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit go1.21.9 (released 2024-04-03) includes a security fix to the net/http package, as well as bug fixes to the linker, and the go/types and net/http packages. See the Go 1.21.9 milestone on our issue tracker for details. - https://github.com/golang/go/issues?q=milestone%3AGo1.21.9+label%3ACherryPickApproved - full diff: https://github.com/golang/go/compare/go1.21.8...go1.21.9 **- Description for the changelog** ```markdown changelog Update Go runtime to 1.21.9 ``` Signed-off-by: Paweł Gronowski (cherry picked from commit 0a5bd6c75b8b70a74478d1f679516114213f0a6e) Signed-off-by: Austin Vazquez --- .github/workflows/test.yml | 2 +- Dockerfile | 2 +- docker-bake.hcl | 2 +- dockerfiles/Dockerfile.dev | 2 +- dockerfiles/Dockerfile.lint | 2 +- dockerfiles/Dockerfile.vendor | 2 +- e2e/testdata/Dockerfile.gencerts | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 6e5f550c8c5e..2ac9ca7c465a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -63,7 +63,7 @@ jobs: name: Set up Go uses: actions/setup-go@v3 with: - go-version: 1.21.8 + go-version: 1.21.9 - name: Test run: | diff --git a/Dockerfile b/Dockerfile index f7adec96afe5..7204dabe4789 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 ARG BASE_VARIANT=alpine -ARG GO_VERSION=1.21.8 +ARG GO_VERSION=1.21.9 ARG ALPINE_VERSION=3.18 ARG XX_VERSION=1.1.1 ARG GOVERSIONINFO_VERSION=v1.3.0 diff --git a/docker-bake.hcl b/docker-bake.hcl index fccd07088827..68d4bba69618 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -1,5 +1,5 @@ variable "GO_VERSION" { - default = "1.21.8" + default = "1.21.9" } variable "VERSION" { default = "" diff --git a/dockerfiles/Dockerfile.dev b/dockerfiles/Dockerfile.dev index ae3b7153bcbc..fdeb5ffe85d6 100644 --- a/dockerfiles/Dockerfile.dev +++ b/dockerfiles/Dockerfile.dev @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.21.8 +ARG GO_VERSION=1.21.9 ARG ALPINE_VERSION=3.18 ARG BUILDX_VERSION=0.11.2 diff --git a/dockerfiles/Dockerfile.lint b/dockerfiles/Dockerfile.lint index 4c9a246fa9ce..91635d63e85b 100644 --- a/dockerfiles/Dockerfile.lint +++ b/dockerfiles/Dockerfile.lint @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.21.8 +ARG GO_VERSION=1.21.9 ARG ALPINE_VERSION=3.18 ARG GOLANGCI_LINT_VERSION=v1.54.2 diff --git a/dockerfiles/Dockerfile.vendor b/dockerfiles/Dockerfile.vendor index 897176a5a2f5..39d8e96ff70d 100644 --- a/dockerfiles/Dockerfile.vendor +++ b/dockerfiles/Dockerfile.vendor @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.21.8 +ARG GO_VERSION=1.21.9 ARG ALPINE_VERSION=3.18 ARG MODOUTDATED_VERSION=v0.8.0 diff --git a/e2e/testdata/Dockerfile.gencerts b/e2e/testdata/Dockerfile.gencerts index f47d3d695677..367a9f059aa1 100644 --- a/e2e/testdata/Dockerfile.gencerts +++ b/e2e/testdata/Dockerfile.gencerts @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.21.8 +ARG GO_VERSION=1.21.9 FROM golang:${GO_VERSION}-alpine AS generated RUN go install github.com/dmcgowan/quicktls@master From 77e983016830aa5cca17febfee806db019ed8618 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Wed, 8 May 2024 09:50:01 +0200 Subject: [PATCH 5/8] update to go1.21.10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These minor releases include 2 security fixes following the security policy: - cmd/go: arbitrary code execution during build on darwin On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive. Thanks to Juho Forsén of Mattermost for reporting this issue. This is CVE-2024-24787 and Go issue https://go.dev/issue/67119. - net: malformed DNS message can cause infinite loop A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. Thanks to long-name-let-people-remember-you on GitHub for reporting this issue, and to Mateusz Poliwczak for bringing the issue to our attention. This is CVE-2024-24788 and Go issue https://go.dev/issue/66754. View the release notes for more information: https://go.dev/doc/devel/release#go1.22.3 - https://github.com/golang/go/issues?q=milestone%3AGo1.21.10+label%3ACherryPickApproved - full diff: https://github.com/golang/go/compare/go1.21.9...go1.21.10 **- Description for the changelog** ```markdown changelog Update Go runtime to 1.21.10 ``` Signed-off-by: Paweł Gronowski (cherry picked from commit eb99994c75752c78e08c902ea02e7f359bad1af7) Signed-off-by: Austin Vazquez --- .github/workflows/test.yml | 2 +- Dockerfile | 2 +- docker-bake.hcl | 2 +- dockerfiles/Dockerfile.dev | 2 +- dockerfiles/Dockerfile.lint | 2 +- dockerfiles/Dockerfile.vendor | 2 +- e2e/testdata/Dockerfile.gencerts | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2ac9ca7c465a..c38788493cfc 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -63,7 +63,7 @@ jobs: name: Set up Go uses: actions/setup-go@v3 with: - go-version: 1.21.9 + go-version: 1.21.10 - name: Test run: | diff --git a/Dockerfile b/Dockerfile index 7204dabe4789..ed8ba001d398 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 ARG BASE_VARIANT=alpine -ARG GO_VERSION=1.21.9 +ARG GO_VERSION=1.21.10 ARG ALPINE_VERSION=3.18 ARG XX_VERSION=1.1.1 ARG GOVERSIONINFO_VERSION=v1.3.0 diff --git a/docker-bake.hcl b/docker-bake.hcl index 68d4bba69618..48061ed05851 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -1,5 +1,5 @@ variable "GO_VERSION" { - default = "1.21.9" + default = "1.21.10" } variable "VERSION" { default = "" diff --git a/dockerfiles/Dockerfile.dev b/dockerfiles/Dockerfile.dev index fdeb5ffe85d6..a1cc51d9b76b 100644 --- a/dockerfiles/Dockerfile.dev +++ b/dockerfiles/Dockerfile.dev @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.21.9 +ARG GO_VERSION=1.21.10 ARG ALPINE_VERSION=3.18 ARG BUILDX_VERSION=0.11.2 diff --git a/dockerfiles/Dockerfile.lint b/dockerfiles/Dockerfile.lint index 91635d63e85b..9c4d43f4ddfc 100644 --- a/dockerfiles/Dockerfile.lint +++ b/dockerfiles/Dockerfile.lint @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.21.9 +ARG GO_VERSION=1.21.10 ARG ALPINE_VERSION=3.18 ARG GOLANGCI_LINT_VERSION=v1.54.2 diff --git a/dockerfiles/Dockerfile.vendor b/dockerfiles/Dockerfile.vendor index 39d8e96ff70d..dd8098dd9e13 100644 --- a/dockerfiles/Dockerfile.vendor +++ b/dockerfiles/Dockerfile.vendor @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.21.9 +ARG GO_VERSION=1.21.10 ARG ALPINE_VERSION=3.18 ARG MODOUTDATED_VERSION=v0.8.0 diff --git a/e2e/testdata/Dockerfile.gencerts b/e2e/testdata/Dockerfile.gencerts index 367a9f059aa1..ba9cc033e854 100644 --- a/e2e/testdata/Dockerfile.gencerts +++ b/e2e/testdata/Dockerfile.gencerts @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.21.9 +ARG GO_VERSION=1.21.10 FROM golang:${GO_VERSION}-alpine AS generated RUN go install github.com/dmcgowan/quicktls@master From 0f6efefb24c1f9f3d11fd4771e12b32bfa6ab4c2 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sun, 26 May 2024 11:37:01 +0200 Subject: [PATCH 6/8] Dockerfile: update ALPINE_VERSION to 3.20 Update to the current version of Alpine, which is also the default for the golang:alpine image Signed-off-by: Sebastiaan van Stijn (cherry picked from commit e70f68595d26d935a09ead0f0fe6dd1c6c518d80) Signed-off-by: Austin Vazquez --- Dockerfile | 2 +- dockerfiles/Dockerfile.authors | 2 +- dockerfiles/Dockerfile.dev | 2 +- dockerfiles/Dockerfile.lint | 2 +- dockerfiles/Dockerfile.vendor | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index ed8ba001d398..57d9230d2c39 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ ARG BASE_VARIANT=alpine ARG GO_VERSION=1.21.10 -ARG ALPINE_VERSION=3.18 +ARG ALPINE_VERSION=3.20 ARG XX_VERSION=1.1.1 ARG GOVERSIONINFO_VERSION=v1.3.0 ARG GOTESTSUM_VERSION=v1.10.0 diff --git a/dockerfiles/Dockerfile.authors b/dockerfiles/Dockerfile.authors index 278ad769fea1..321a752c47ef 100644 --- a/dockerfiles/Dockerfile.authors +++ b/dockerfiles/Dockerfile.authors @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG ALPINE_VERSION=3.18 +ARG ALPINE_VERSION=3.20 FROM alpine:${ALPINE_VERSION} AS gen RUN apk add --no-cache bash git diff --git a/dockerfiles/Dockerfile.dev b/dockerfiles/Dockerfile.dev index a1cc51d9b76b..4060b586f094 100644 --- a/dockerfiles/Dockerfile.dev +++ b/dockerfiles/Dockerfile.dev @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 ARG GO_VERSION=1.21.10 -ARG ALPINE_VERSION=3.18 +ARG ALPINE_VERSION=3.20 ARG BUILDX_VERSION=0.11.2 FROM docker/buildx-bin:${BUILDX_VERSION} AS buildx diff --git a/dockerfiles/Dockerfile.lint b/dockerfiles/Dockerfile.lint index 9c4d43f4ddfc..11355039f066 100644 --- a/dockerfiles/Dockerfile.lint +++ b/dockerfiles/Dockerfile.lint @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 ARG GO_VERSION=1.21.10 -ARG ALPINE_VERSION=3.18 +ARG ALPINE_VERSION=3.20 ARG GOLANGCI_LINT_VERSION=v1.54.2 FROM golangci/golangci-lint:${GOLANGCI_LINT_VERSION}-alpine AS golangci-lint diff --git a/dockerfiles/Dockerfile.vendor b/dockerfiles/Dockerfile.vendor index dd8098dd9e13..62f3d5b0a31a 100644 --- a/dockerfiles/Dockerfile.vendor +++ b/dockerfiles/Dockerfile.vendor @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 ARG GO_VERSION=1.21.10 -ARG ALPINE_VERSION=3.18 +ARG ALPINE_VERSION=3.20 ARG MODOUTDATED_VERSION=v0.8.0 FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS base From e24d8b71027ccee4653385c8d8bf9a3d2bcce6a5 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 4 Jun 2024 23:39:27 +0200 Subject: [PATCH 7/8] update to go1.21.11 go1.21.11 (released 2024-06-04) includes security fixes to the archive/zip and net/netip packages, as well as bug fixes to the compiler, the go command, the runtime, and the os package. See the Go 1.21.11 milestone on our issue tracker for details; - https://github.com/golang/go/issues?q=milestone%3AGo1.21.11+label%3ACherryPickApproved - full diff: https://github.com/golang/go/compare/go1.21.10...go1.21.11 From the security announcement; We have just released Go versions 1.22.4 and 1.21.11, minor point releases. These minor releases include 2 security fixes following the security policy: - archive/zip: mishandling of corrupt central directory record The archive/zip package's handling of certain types of invalid zip files differed from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. Thanks to Yufan You for reporting this issue. This is CVE-2024-24789 and Go issue https://go.dev/issue/66869. - net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. Thanks to Enze Wang of Alioth and Jianjun Chen of Zhongguancun Lab for reporting this issue. This is CVE-2024-24790 and Go issue https://go.dev/issue/67680. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 630e1d3e95b18da36dbb53f516c54ee00f2e421f) Signed-off-by: Austin Vazquez --- .github/workflows/test.yml | 2 +- Dockerfile | 2 +- docker-bake.hcl | 2 +- dockerfiles/Dockerfile.dev | 2 +- dockerfiles/Dockerfile.lint | 2 +- dockerfiles/Dockerfile.vendor | 2 +- e2e/testdata/Dockerfile.gencerts | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c38788493cfc..9895e9784978 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -63,7 +63,7 @@ jobs: name: Set up Go uses: actions/setup-go@v3 with: - go-version: 1.21.10 + go-version: 1.21.11 - name: Test run: | diff --git a/Dockerfile b/Dockerfile index 57d9230d2c39..bd359fdcacf6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 ARG BASE_VARIANT=alpine -ARG GO_VERSION=1.21.10 +ARG GO_VERSION=1.21.11 ARG ALPINE_VERSION=3.20 ARG XX_VERSION=1.1.1 ARG GOVERSIONINFO_VERSION=v1.3.0 diff --git a/docker-bake.hcl b/docker-bake.hcl index 48061ed05851..b575ced0bb94 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -1,5 +1,5 @@ variable "GO_VERSION" { - default = "1.21.10" + default = "1.21.11" } variable "VERSION" { default = "" diff --git a/dockerfiles/Dockerfile.dev b/dockerfiles/Dockerfile.dev index 4060b586f094..0a4f6ea3eb3d 100644 --- a/dockerfiles/Dockerfile.dev +++ b/dockerfiles/Dockerfile.dev @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.21.10 +ARG GO_VERSION=1.21.11 ARG ALPINE_VERSION=3.20 ARG BUILDX_VERSION=0.11.2 diff --git a/dockerfiles/Dockerfile.lint b/dockerfiles/Dockerfile.lint index 11355039f066..aa65b7b94f86 100644 --- a/dockerfiles/Dockerfile.lint +++ b/dockerfiles/Dockerfile.lint @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.21.10 +ARG GO_VERSION=1.21.11 ARG ALPINE_VERSION=3.20 ARG GOLANGCI_LINT_VERSION=v1.54.2 diff --git a/dockerfiles/Dockerfile.vendor b/dockerfiles/Dockerfile.vendor index 62f3d5b0a31a..89d095439a42 100644 --- a/dockerfiles/Dockerfile.vendor +++ b/dockerfiles/Dockerfile.vendor @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.21.10 +ARG GO_VERSION=1.21.11 ARG ALPINE_VERSION=3.20 ARG MODOUTDATED_VERSION=v0.8.0 diff --git a/e2e/testdata/Dockerfile.gencerts b/e2e/testdata/Dockerfile.gencerts index ba9cc033e854..0cb21fe6dacc 100644 --- a/e2e/testdata/Dockerfile.gencerts +++ b/e2e/testdata/Dockerfile.gencerts @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.21.10 +ARG GO_VERSION=1.21.11 FROM golang:${GO_VERSION}-alpine AS generated RUN go install github.com/dmcgowan/quicktls@master From 48af47bd515e9bed36837b340e57b40bd0b33404 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Wed, 3 Jul 2024 10:59:37 +0200 Subject: [PATCH 8/8] update to go1.21.12 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - https://github.com/golang/go/issues?q=milestone%3AGo1.21.12+label%3ACherryPickApproved - full diff: https://github.com/golang/go/compare/go1.21.11...go1.21.12 These minor releases include 1 security fixes following the security policy: net/http: denial of service due to improper 100-continue handling The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Thanks to Geoff Franks for reporting this issue. This is CVE-2024-24791 and Go issue https://go.dev/issue/67555. View the release notes for more information: https://go.dev/doc/devel/release#go1.21.12 **- Description for the changelog** ```markdown changelog Update Go runtime to 1.21.12 ``` Signed-off-by: Paweł Gronowski (cherry picked from commit d73d7d4ed3f6211aa157d59a2e6674a1774dabc3) Signed-off-by: Austin Vazquez --- .github/workflows/test.yml | 2 +- Dockerfile | 2 +- docker-bake.hcl | 2 +- dockerfiles/Dockerfile.dev | 2 +- dockerfiles/Dockerfile.lint | 2 +- dockerfiles/Dockerfile.vendor | 2 +- e2e/testdata/Dockerfile.gencerts | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 9895e9784978..030d53e67c6e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -63,7 +63,7 @@ jobs: name: Set up Go uses: actions/setup-go@v3 with: - go-version: 1.21.11 + go-version: 1.21.12 - name: Test run: | diff --git a/Dockerfile b/Dockerfile index bd359fdcacf6..d5af4ef64264 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 ARG BASE_VARIANT=alpine -ARG GO_VERSION=1.21.11 +ARG GO_VERSION=1.21.12 ARG ALPINE_VERSION=3.20 ARG XX_VERSION=1.1.1 ARG GOVERSIONINFO_VERSION=v1.3.0 diff --git a/docker-bake.hcl b/docker-bake.hcl index b575ced0bb94..725ddf73dc05 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -1,5 +1,5 @@ variable "GO_VERSION" { - default = "1.21.11" + default = "1.21.12" } variable "VERSION" { default = "" diff --git a/dockerfiles/Dockerfile.dev b/dockerfiles/Dockerfile.dev index 0a4f6ea3eb3d..5f9406395d6a 100644 --- a/dockerfiles/Dockerfile.dev +++ b/dockerfiles/Dockerfile.dev @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.21.11 +ARG GO_VERSION=1.21.12 ARG ALPINE_VERSION=3.20 ARG BUILDX_VERSION=0.11.2 diff --git a/dockerfiles/Dockerfile.lint b/dockerfiles/Dockerfile.lint index aa65b7b94f86..419956c632e7 100644 --- a/dockerfiles/Dockerfile.lint +++ b/dockerfiles/Dockerfile.lint @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.21.11 +ARG GO_VERSION=1.21.12 ARG ALPINE_VERSION=3.20 ARG GOLANGCI_LINT_VERSION=v1.54.2 diff --git a/dockerfiles/Dockerfile.vendor b/dockerfiles/Dockerfile.vendor index 89d095439a42..c19e4d9b7e1a 100644 --- a/dockerfiles/Dockerfile.vendor +++ b/dockerfiles/Dockerfile.vendor @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.21.11 +ARG GO_VERSION=1.21.12 ARG ALPINE_VERSION=3.20 ARG MODOUTDATED_VERSION=v0.8.0 diff --git a/e2e/testdata/Dockerfile.gencerts b/e2e/testdata/Dockerfile.gencerts index 0cb21fe6dacc..64b55991ef3a 100644 --- a/e2e/testdata/Dockerfile.gencerts +++ b/e2e/testdata/Dockerfile.gencerts @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.21.11 +ARG GO_VERSION=1.21.12 FROM golang:${GO_VERSION}-alpine AS generated RUN go install github.com/dmcgowan/quicktls@master