Skip to content

Commit

Permalink
upgrade fixes for CVE-CVE-2023-3978 (#28)
Browse files Browse the repository at this point in the history
* upgrade fixes CVE-CVE-2023-3978

* upgrade golang version

* upgrade golang docker image

* some modules from 1.21 needed upgrade

---------

Co-authored-by: ajardim <[email protected]>
  • Loading branch information
alexanderjardim and ajardimTM authored Oct 13, 2023
1 parent d99aad7 commit faa5546
Show file tree
Hide file tree
Showing 4 changed files with 96 additions and 189 deletions.
4 changes: 2 additions & 2 deletions Dockerfile-builder
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# 1.20.5-alpine3.18
FROM golang@sha256:6b6fd1071edb52b61f79aec51281c55050f58dd58e2080b4e24556607c98086f as builder
# 1.21.1-alpine3.18
FROM golang@sha256:0c860c7ceba62231d0f99fb92e9d7c1577f26fea794a12c75756a8f64b146e45 as builder

RUN ln -s /usr/local/go/bin/go /usr/local/bin/go

Expand Down
4 changes: 2 additions & 2 deletions Dockerfile-builder_distroless
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# 1.20.5-alpine3.18
FROM golang@sha256:6b6fd1071edb52b61f79aec51281c55050f58dd58e2080b4e24556607c98086f as builder
# 1.21.1-alpine3.18
FROM golang@sha256:0c860c7ceba62231d0f99fb92e9d7c1577f26fea794a12c75756a8f64b146e45 as builder

RUN ln -s /usr/local/go/bin/go /usr/local/bin/go

Expand Down
47 changes: 23 additions & 24 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,36 +1,35 @@
module github/thought-machine/prometheus-cardinality-exporter

go 1.19
go 1.21

require (
github.com/cenkalti/backoff v2.2.1+incompatible
github.com/golang/mock v1.6.0
github.com/jessevdk/go-flags v1.5.0
github.com/prometheus/client_golang v1.15.1
github.com/prometheus/client_golang v1.17.0
github.com/sirupsen/logrus v1.9.3
github.com/stretchr/testify v1.8.4
github.com/thought-machine/prometheus-cardinality-exporter v0.0.0-20230313093022-b8c023b1c120
gopkg.in/yaml.v3 v3.0.1
k8s.io/apimachinery v0.27.2
k8s.io/client-go v0.27.2
k8s.io/apimachinery v0.28.2
k8s.io/client-go v0.28.2
)

require (
github.com/beorn7/perks v1.0.1 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/emicklei/go-restful/v3 v3.10.2 // indirect
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
github.com/go-logr/logr v1.2.4 // indirect
github.com/go-openapi/jsonpointer v0.19.6 // indirect
github.com/go-openapi/jsonpointer v0.20.0 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
github.com/go-openapi/swag v0.22.3 // indirect
github.com/go-openapi/swag v0.22.4 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/google/gnostic v0.6.9 // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/go-cmp v0.5.9 // indirect
github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/google/uuid v1.3.1 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
Expand All @@ -39,24 +38,24 @@ require (
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/prometheus/client_model v0.4.0 // indirect
github.com/prometheus/client_model v0.5.0 // indirect
github.com/prometheus/common v0.44.0 // indirect
github.com/prometheus/procfs v0.10.1 // indirect
golang.org/x/net v0.10.0 // indirect
golang.org/x/oauth2 v0.8.0 // indirect
golang.org/x/sys v0.8.0 // indirect
golang.org/x/term v0.8.0 // indirect
golang.org/x/text v0.9.0 // indirect
github.com/prometheus/procfs v0.12.0 // indirect
golang.org/x/net v0.17.0 // indirect
golang.org/x/oauth2 v0.13.0 // indirect
golang.org/x/sys v0.13.0 // indirect
golang.org/x/term v0.13.0 // indirect
golang.org/x/text v0.13.0 // indirect
golang.org/x/time v0.3.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/protobuf v1.30.0 // indirect
google.golang.org/appengine v1.6.8 // indirect
google.golang.org/protobuf v1.31.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
k8s.io/api v0.27.2 // indirect
k8s.io/api v0.28.2 // indirect
k8s.io/klog/v2 v2.100.1 // indirect
k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
k8s.io/utils v0.0.0-20230505201702-9f6742963106 // indirect
k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
)
Loading

0 comments on commit faa5546

Please sign in to comment.