security: bump golang 1.21.10 to fix GO-2024-2824

Fixes: #1825 Signed-off-by: Qi Feng Huo <huoqif@cn.ibm.com>
confidential-containers · May 8, 2024 · 16768ab · 16768ab
1 parent 1345716
commit 16768ab
Show file tree

Hide file tree

Showing 10 changed files with 15 additions and 15 deletions.
diff --git a/hack/Dockerfile.golang b/hack/Dockerfile.golang
@@ -5,11 +5,11 @@ FROM --platform=$TARGETPLATFORM ${BASE_IMAGE} as base
 
 # DO NOT UPDATE THIS BY HAND !!
 # Use hack/update-go-container.sh to update the version and hashes.
-ARG GO_VERSION=1.21.9
-ARG GO_LINUX_ARM64_SHA256=4d169d9cf3dde1692b81c0fd9484fa28d8bc98f672d06bf9db9c75ada73c5fbc
-ARG GO_LINUX_AMD64_SHA256=f76194c2dc607e0df4ed2e7b825b5847cb37e34fc70d780e2f6c7e805634a7ea
-ARG GO_LINUX_PPC64LE_SHA256=6eadde4149c36dae7d9a9bd9385285db1d0e2988350822f4c72a5eb11ffbfffc
-ARG GO_LINUX_S390X_SHA256=05daee44fc4771b2a2471b678a812de2488f05110976faeb8bbbae740e01e7ae
+ARG GO_VERSION=1.21.10
+ARG GO_LINUX_ARM64_SHA256=428e0b9ecab5762b7c2be000ad1be6f432dccfcd99bb8b8aeeb757d987bfda9d
+ARG GO_LINUX_AMD64_SHA256=e330e5d977bf4f3bdc157bc46cf41afa5b13d66c914e12fd6b694ccda65fcf92
+ARG GO_LINUX_PPC64LE_SHA256=069869a483e1e4823dd125ef1a30c2f4c4be7c290e50ed3b4bb0e78614c1e69c
+ARG GO_LINUX_S390X_SHA256=527ad992ec891626e5a46406a89ad877e1a547cca9ecf93542eb0595261e5080
 
 FROM base AS base-amd64
 ADD --checksum=sha256:${GO_LINUX_AMD64_SHA256} https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz .

diff --git a/src/cloud-api-adaptor/Dockerfile b/src/cloud-api-adaptor/Dockerfile
@@ -1,5 +1,5 @@
 ARG BUILD_TYPE=dev
-ARG BUILDER_BASE=quay.io/confidential-containers/golang-fedora:1.21.9-38
+ARG BUILDER_BASE=quay.io/confidential-containers/golang-fedora:1.21.10-38
 ARG BASE=registry.fedoraproject.org/fedora:38
 
 # This dockerfile uses Go cross-compilation to build the binary,

diff --git a/src/cloud-api-adaptor/docs/addnewprovider.md b/src/cloud-api-adaptor/docs/addnewprovider.md
@@ -208,7 +208,7 @@ go mod tidy
 ### Step 4: build the external cloud provider plugin file via docker
 ```bash
 cat > Dockerfile <<EOF
-ARG BUILDER_BASE=quay.io/confidential-containers/golang-fedora:1.21.9-38
+ARG BUILDER_BASE=quay.io/confidential-containers/golang-fedora:1.21.10-38
 FROM --platform="\$TARGETPLATFORM" \$BUILDER_BASE AS builder
 RUN dnf install -y libvirt-devel && dnf clean all
 WORKDIR /work

diff --git a/src/cloud-api-adaptor/ibmcloud-powervs/image/prereq.sh b/src/cloud-api-adaptor/ibmcloud-powervs/image/prereq.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-GO_VERSION="1.21.9"
+GO_VERSION="1.21.10"
 RUST_VERSION="1.72.0"
 SKOPEO_VERSION="1.5.0"
 

diff --git a/src/cloud-api-adaptor/podvm/Dockerfile.podvm_builder b/src/cloud-api-adaptor/podvm/Dockerfile.podvm_builder
@@ -12,7 +12,7 @@ ARG ARCH="amd64"
 ARG YQ_ARCH="amd64"
 # PROTOC_ARCH="x86_64" | "s390x_64"
 ARG PROTOC_ARCH="x86_64"
-ARG GO_VERSION="1.21.9"
+ARG GO_VERSION="1.21.10"
 ARG PROTOC_VERSION="3.15.0"
 ARG RUST_VERSION="1.72.0"
 ARG YQ_VERSION="v4.35.1"

diff --git a/src/cloud-api-adaptor/podvm/Dockerfile.podvm_builder.fedora b/src/cloud-api-adaptor/podvm/Dockerfile.podvm_builder.fedora
@@ -11,7 +11,7 @@ ARG ARCH="amd64"
 ARG YQ_ARCH="amd64"
 # PROTOC_ARCH="x86_64" | "s390x_64"
 ARG PROTOC_ARCH="x86_64"
-ARG GO_VERSION="1.21.9"
+ARG GO_VERSION="1.21.10"
 ARG PROTOC_VERSION="3.15.0"
 ARG RUST_VERSION="1.72.0"
 ARG YQ_VERSION="v4.35.1"

diff --git a/src/cloud-api-adaptor/podvm/README.md b/src/cloud-api-adaptor/podvm/README.md
@@ -61,7 +61,7 @@ currently accepted:
 | CAA\_SRC\_REF     | main                                                         | cloud-api-adaptor repository branch or commit                   |
 | KATA\_SRC         | https://github.com/kata-containers/kata-containers           | The Kata Containers source repository                           |
 | KATA\_SRC\_BRANCH | CCv0                                                         | The Kata Containers repository branch                           |
-| GO\_VERSION       | 1.21.9                                                       | Go version                                                      |
+| GO\_VERSION       | 1.21.10                                                       | Go version                                                      |
 | PROTOC\_VERSION   | 3.15.0                                                       | [Protobuf](https://github.com/protocolbuffers/protobuf) version |
 | RUST\_VERSION     | 1.72.0                                                       | Rust version                                                    |
 | YQ\_VERSION       | v4.35.1                                                      | [yq](https://github.com/mikefarah/yq/) version                  |

diff --git a/src/cloud-api-adaptor/versions.yaml b/src/cloud-api-adaptor/versions.yaml
@@ -20,7 +20,7 @@ cloudimg:
 
 tools:
   bats: 1.10.0
-  golang: 1.21.9
+  golang: 1.21.10
   rust: 1.72.0
   protoc: 3.15.0
   packer: v1.9.4

diff --git a/src/csi-wrapper/Dockerfile.csi_wrappers b/src/csi-wrapper/Dockerfile.csi_wrappers
@@ -7,13 +7,13 @@
 ARG SOURCE_FROM=remote
 
 ##### Builder Dev Image #####
-FROM --platform=${BUILDPLATFORM} quay.io/confidential-containers/golang-fedora:1.21.9-38 AS builder-local
+FROM --platform=${BUILDPLATFORM} quay.io/confidential-containers/golang-fedora:1.21.10-38 AS builder-local
 WORKDIR /src
 COPY csi-wrapper ./cloud-api-adaptor/src/csi-wrapper/
 COPY cloud-api-adaptor ./cloud-api-adaptor/src/cloud-api-adaptor
 
 ##### Builder Release Image #####
-FROM --platform=${BUILDPLATFORM} quay.io/confidential-containers/golang-fedora:1.21.9-38 AS builder-remote
+FROM --platform=${BUILDPLATFORM} quay.io/confidential-containers/golang-fedora:1.21.10-38 AS builder-remote
 ARG BINARY
 ARG CAA_SRC="https://github.com/confidential-containers/cloud-api-adaptor"
 ARG CAA_SRC_REF="main"

diff --git a/src/peerpod-ctrl/Dockerfile b/src/peerpod-ctrl/Dockerfile
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM --platform=$TARGETPLATFORM quay.io/confidential-containers/golang-fedora:1.21.9-38 as builder
+FROM --platform=$TARGETPLATFORM quay.io/confidential-containers/golang-fedora:1.21.10-38 as builder
 ARG TARGETOS
 ARG TARGETARCH
 ARG CGO_ENABLED=1