chore: Upgrade shipped version of Redis to 7.0.5 to fix CVE-2022-35951 (

argoproj#10702)

* chore: Upgrade redis to 7.0.5

Signed-off-by: jannfis <jann@mistrust.net>

* Also update Redis version in containerized toolchain

Signed-off-by: jannfis <jann@mistrust.net>

* Update Redis and Dex in CI

Signed-off-by: jannfis <jann@mistrust.net>

* Fix Dex image path

Signed-off-by: jannfis <jann@mistrust.net>

Signed-off-by: jannfis <jann@mistrust.net>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

.github/workflows/ci-build.yaml

@@ -408,7 +408,7 @@ jobs:
         run: |
           docker pull ghcr.io/dexidp/dex:v2.32.1-distroless
           docker pull argoproj/argo-cd-ci-builder:v1.0.0
-          docker pull redis:7.0.4-alpine
+          docker pull redis:7.0.5-alpine
       - name: Create target directory for binaries in the build-process
         run: |
           mkdir -p dist

manifests/base/redis/argocd-redis-deployment.yaml

@@ -23,7 +23,7 @@ spec:
       serviceAccountName: argocd-redis        
       containers:
       - name: redis
-        image: redis:7.0.4-alpine
+        image: redis:7.0.5-alpine
         imagePullPolicy: Always
         args:
         - "--save"

manifests/core-install.yaml

@@ -9714,7 +9714,7 @@ spec:
         - ""
         - --appendonly
         - "no"
-        image: redis:7.0.4-alpine
+        image: redis:7.0.5-alpine
         imagePullPolicy: Always
         name: redis
         ports:

manifests/ha/base/redis-ha/chart/upstream.yaml

@@ -1180,7 +1180,7 @@ spec:
       automountServiceAccountToken: false
       initContainers:
       - name: config-init
-        image: redis:7.0.4-alpine
+        image: redis:7.0.5-alpine
         imagePullPolicy: IfNotPresent
         resources:
           {}
@@ -1205,7 +1205,7 @@ spec:
 
       containers:
       - name: redis
-        image: redis:7.0.4-alpine
+        image: redis:7.0.5-alpine
         imagePullPolicy: IfNotPresent
         command:
         - redis-server
@@ -1253,7 +1253,7 @@ spec:
               - /bin/sh
               - /readonly-config/trigger-failover-if-master.sh
       - name: sentinel
-        image: redis:7.0.4-alpine
+        image: redis:7.0.5-alpine
         imagePullPolicy: IfNotPresent
         command:
           - redis-sentinel
@@ -1295,7 +1295,7 @@ spec:
           {}
 
       - name: split-brain-fix
-        image: redis:7.0.4-alpine
+        image: redis:7.0.5-alpine
         imagePullPolicy: IfNotPresent
         command:
           - sh

manifests/ha/base/redis-ha/chart/values.yaml

@@ -15,6 +15,6 @@ redis-ha:
       client: 6m
     checkInterval: 3s
   image:
-    tag: 7.0.4-alpine
+    tag: 7.0.5-alpine
   sentinel:
     bind: "0.0.0.0"

manifests/ha/install.yaml

@@ -11977,7 +11977,7 @@ spec:
         - /data/conf/redis.conf
         command:
         - redis-server
-        image: redis:7.0.4-alpine
+        image: redis:7.0.5-alpine
         imagePullPolicy: IfNotPresent
         lifecycle:
           preStop:
@@ -12030,7 +12030,7 @@ spec:
         - /data/conf/sentinel.conf
         command:
         - redis-sentinel
-        image: redis:7.0.4-alpine
+        image: redis:7.0.5-alpine
         imagePullPolicy: IfNotPresent
         lifecycle: {}
         livenessProbe:
@@ -12082,7 +12082,7 @@ spec:
           value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
         - name: SENTINEL_ID_2
           value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
-        image: redis:7.0.4-alpine
+        image: redis:7.0.5-alpine
         imagePullPolicy: IfNotPresent
         name: split-brain-fix
         resources: {}
@@ -12104,7 +12104,7 @@ spec:
           value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
         - name: SENTINEL_ID_2
           value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
-        image: redis:7.0.4-alpine
+        image: redis:7.0.5-alpine
         imagePullPolicy: IfNotPresent
         name: config-init
         securityContext:

manifests/ha/namespace-install.yaml

@@ -2646,7 +2646,7 @@ spec:
         - /data/conf/redis.conf
         command:
         - redis-server
-        image: redis:7.0.4-alpine
+        image: redis:7.0.5-alpine
         imagePullPolicy: IfNotPresent
         lifecycle:
           preStop:
@@ -2699,7 +2699,7 @@ spec:
         - /data/conf/sentinel.conf
         command:
         - redis-sentinel
-        image: redis:7.0.4-alpine
+        image: redis:7.0.5-alpine
         imagePullPolicy: IfNotPresent
         lifecycle: {}
         livenessProbe:
@@ -2751,7 +2751,7 @@ spec:
           value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
         - name: SENTINEL_ID_2
           value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
-        image: redis:7.0.4-alpine
+        image: redis:7.0.5-alpine
         imagePullPolicy: IfNotPresent
         name: split-brain-fix
         resources: {}
@@ -2773,7 +2773,7 @@ spec:
           value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
         - name: SENTINEL_ID_2
           value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
-        image: redis:7.0.4-alpine
+        image: redis:7.0.5-alpine
         imagePullPolicy: IfNotPresent
         name: config-init
         securityContext:

manifests/install.yaml

@@ -10192,7 +10192,7 @@ spec:
         - ""
         - --appendonly
         - "no"
-        image: redis:7.0.4-alpine
+        image: redis:7.0.5-alpine
         imagePullPolicy: Always
         name: redis
         ports:

manifests/namespace-install.yaml

@@ -861,7 +861,7 @@ spec:
         - ""
         - --appendonly
         - "no"
-        image: redis:7.0.4-alpine
+        image: redis:7.0.5-alpine
         imagePullPolicy: Always
         name: redis
         ports:

test/container/Dockerfile

@@ -1,4 +1,4 @@
-FROM docker.io/library/redis:7.0.4 as redis
+FROM docker.io/library/redis:7.0.5 as redis
 
 # There are libraries we will want to copy from here in the final stage of the
 # build, but the COPY directive does not have a way to determine system