Skip to content
This repository has been archived by the owner on Nov 1, 2022. It is now read-only.

Commit

Permalink
Merge pull request #654 from pjbgf/update-deps
Browse files Browse the repository at this point in the history 
Update dependencies
  • Loading branch information
@pjbgf
pjbgf committed Jul 27, 2022
2 parents a2872bd + ecd2a19 commit e816395
Show file tree
Hide file tree
Showing 10 changed files with 146 additions and 336 deletions.
4 changes: 2 additions & 2 deletions .circleci/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ jobs:
build:
working_directory: /home/circleci/go/src/github.com/fluxcd/helm-operator
machine:
image: ubuntu-1604:201903-01
image: ubuntu-2004:2022.04.2
resource_class: large
environment:
GO_VERSION: 1.14.2
GO_VERSION: 1.16.15
# We don't need a GOPATH but CircleCI defines it, so we override it
GOPATH: /home/circleci/go
GOPROXY: https://proxy.golang.org
Expand Down
7 changes: 4 additions & 3 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,8 @@ ifeq ($(ARCH),)
ARCH=amd64
endif
CURRENT_OS_ARCH=$(shell echo `go env GOOS`-`go env GOARCH`)
GOBIN?=$(shell echo `go env GOPATH`/bin)
# GOPATH may include multiple locations in colon separated format.
GOBIN?=$(shell echo $$GOPATH | cut -d ":" -f 1)/bin

MAIN_GO_MODULE:=$(shell go list -mod=readonly -m -f '{{ .Path }}')
LOCAL_GO_MODULES:=$(shell go list -mod=readonly -m -f '{{ .Path }}' all | grep $(MAIN_GO_MODULE))
Expand All @@ -32,7 +33,7 @@ IMAGE_TAG:=$(shell ./docker/image-tag)
VCS_REF:=$(shell git rev-parse HEAD)
BUILD_DATE:=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ')

all: $(GOBIN)/bin/helm-operator build/.helm-operator.done
all: $(GOBIN)/helm-operator build/.helm-operator.done

clean:
go clean ./cmd/helm-operator
Expand Down Expand Up @@ -110,7 +111,7 @@ cache/%/helm-$(HELM3_VERSION): docker/helm3.version
tar -m -C ./cache -xzf cache/$*/helm-$(HELM3_VERSION).tar.gz $*/helm
mv cache/$*/helm $@

$(GOBIN)/bin/helm-operator: $(HELM_OPERATOR_DEPS)
$(GOBIN)/helm-operator: $(HELM_OPERATOR_DEPS)
go install ./cmd/helm-operator

pkg/install/generated_templates.gogen.go: pkg/install/templates/*
Expand Down
2 changes: 1 addition & 1 deletion docker/Dockerfile.helm-operator
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM alpine:3.13
FROM alpine:3.15

WORKDIR /home/flux

Expand Down
8 changes: 4 additions & 4 deletions docker/helm3.version
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
HELM3_VERSION=3.6.3
HELM3_CHECKSUM_amd64=07c100849925623dc1913209cd1a30f0a9b80a5b4d6ff2153c609d11b043e262
HELM3_CHECKSUM_arm=6918e573a70c309fbf6385a0a0d18d090c10b44d318724f1f73e47ede4809635
HELM3_CHECKSUM_arm64=6fe647628bc27e7ae77d015da4d5e1c63024f673062ac7bc11453ccc55657713
HELM3_VERSION=3.9.2
HELM3_CHECKSUM_amd64=3f5be38068a1829670440ccf00b3b6656fd90d0d9cfd4367539f3b13e4c20531
HELM3_CHECKSUM_arm=fb9f0c1c9475c66c2b3579b908c181d519761bbfae963ffac860bc683a2253de
HELM3_CHECKSUM_arm64=e4e2f9aad786042d903534e3131bc5300d245c24bbadf64fc46cca1728051dbc
8 changes: 4 additions & 4 deletions docker/kubectl.version
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
KUBECTL_VERSION=v1.15.7
KUBECTL_CHECKSUM_amd64=d815361bdb3a9e8032b8c5c1e0da81d7dd7645cdb0fef6699cab6b379bee59a522a02d361f353f261734bbcd698250135763368b43225f28c7a240bc0e244ef2
KUBECTL_CHECKSUM_arm=6911ad6f772ec7a702399eb2830c11cead2dec9dd39f10fc544a0c1f13b704cb7d17e41964761dcebcf04c0badf46af4111ebfc399aeef65e117081d4d86713b
KUBECTL_CHECKSUM_arm64=82c82040a21d450f487db5e9afc6b4acf7711c6f1a2ac55386f16320f276f4d9c6f0eb0cb5abfcd84b7eb3bef29b4fedaabd34406ebe51ffadd7a2e623d94170
KUBECTL_VERSION=v1.21.14
KUBECTL_CHECKSUM_amd64=52a98cc64abeea4187391cbf0ad5bdd69b6920c2b29b8f9afad194441e642fb8f252e14a91c095ef1e85a23e5bb587916bd319566b6e8d1e03be5505400f44b4
KUBECTL_CHECKSUM_arm=fb204c3494bb7acf59ea0dc2b6f94c5a7d2b7e6d69c05b7a7e77b3fc438e574e9ac5f8720a4ae8f2f660822262aa8c4723bfe269c49ed641031f8259210e5b48
KUBECTL_CHECKSUM_arm64=ed613592035b45c4f4571eed2b739c837def4287aacc7c37665e596484aa6dbd299224ef12ec329cfa8a655e20b6bee6f6fc3204bc79b92d832171073ddde191
74 changes: 46 additions & 28 deletions go.mod
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
module github.com/fluxcd/helm-operator

go 1.14
go 1.16

require (
github.com/bitly/go-simplejson v0.5.0 // indirect
github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 // indirect
github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d // indirect
github.com/bshuster-repo/logrus-logstash-hook v1.0.2 // indirect
github.com/bugsnag/panicwrap v1.2.0 // indirect
github.com/docker/go-metrics v0.0.1 // indirect
Expand All @@ -15,30 +14,31 @@ require (
github.com/garyburd/redigo v1.6.0 // indirect
github.com/go-kit/kit v0.10.0
github.com/gofrs/uuid v3.2.0+incompatible // indirect
github.com/golang/protobuf v1.5.0
github.com/google/go-cmp v0.5.5
github.com/golang/protobuf v1.5.2
github.com/google/go-cmp v0.5.6
github.com/gorilla/mux v1.7.3
github.com/helm/helm-2to3 v0.8.2
github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
github.com/mattn/go-colorable v0.1.6 // indirect
github.com/ncabatoff/go-seq v0.0.0-20180805175032-b08ef85ed833
github.com/pkg/errors v0.9.1
github.com/prometheus/client_golang v1.7.1
github.com/prometheus/client_golang v1.11.1
github.com/shurcooL/vfsgen v0.0.0-20181202132449-6a9ea43bcacd
github.com/spf13/pflag v1.0.5
github.com/stretchr/testify v1.7.0
github.com/yvasiyarov/go-metrics v0.0.0-20150112132944-c25f46c4b940 // indirect
github.com/yvasiyarov/newrelic_platform_go v0.0.0-20160601141957-9c099fbc30e9 // indirect
google.golang.org/grpc v1.27.1
google.golang.org/grpc v1.43.0
helm.sh/helm/v3 v3.6.3
k8s.io/api v0.21.7
k8s.io/apiextensions-apiserver v0.21.7
k8s.io/apimachinery v0.21.7
k8s.io/cli-runtime v0.21.7
k8s.io/api v0.22.5
k8s.io/apiextensions-apiserver v0.21.14
k8s.io/apimachinery v0.22.5
k8s.io/cli-runtime v0.21.14
k8s.io/client-go v11.0.0+incompatible
k8s.io/helm v2.17.0+incompatible
k8s.io/klog v1.0.0
k8s.io/kubectl v0.21.7
k8s.io/utils v0.0.0-20210521133846-da695404a2bc
k8s.io/kubectl v0.21.14
k8s.io/utils v0.0.0-20211116205334-6203023598ed
sigs.k8s.io/yaml v1.2.0
)

Expand All @@ -47,7 +47,8 @@ replace github.com/fluxcd/helm-operator/pkg/install => ./pkg/install

// Transitive requirement from Helm: https://github.com/helm/helm/blob/v3.5.2/go.mod#L52-L53
replace (
github.com/docker/distribution => github.com/docker/distribution v2.7.0-rc.0+incompatible
// Mitigating CVE-2017-11468 and GHSA-qq97-vm5h-rrhg
github.com/docker/distribution => github.com/docker/distribution v2.8.1+incompatible

github.com/docker/docker => github.com/moby/moby v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible
)
Expand All @@ -58,12 +59,6 @@ replace (
github.com/fluxcd/flux/pkg/install => github.com/fluxcd/flux/pkg/install v0.0.0-20200206191601-8b676b003ab0
)

// Force upgrade because of a transitive downgrade.
// github.com/fluxcd/helm-operator
// +-> github.com/fluxcd/flux@v1.17.2
// +-> k8s.io/client-go@v11.0.0+incompatible
replace k8s.io/client-go => k8s.io/client-go v0.21.7

// Force upgrade because of a transitive downgrade.
// github.com/fluxcd/flux
// +-> github.com/fluxcd/helm-operator@v1.0.0-rc6
Expand All @@ -74,18 +69,41 @@ replace (
k8s.io/helm => k8s.io/helm v2.17.0+incompatible
)

// Pin specific runc following example of source-controller upstream:
// https://github.com/fluxcd/source-controller/blob/59dc602b2d0a5b0d4625a4a848303fa2d2117e84/go.mod#L62-L77
// github.com/fluxcd/helm-operator
// +-> helm.sh/helm/v3@v3.6.3
// +-> github.com/opencontainers/runc@v1.0.2
replace github.com/opencontainers/runc => github.com/opencontainers/runc v1.0.2
// Mitigating:
// CVE-2019-16884, CVE-2019-19921, CVE-2022-24769,
// CVE-2022-29162, CVE-2021-30465 and CVE-2016-9962.
replace github.com/opencontainers/runc => github.com/opencontainers/runc v1.1.2

// Mitigating: GHSA-5j5w-g665-5m35
replace github.com/containerd/containerd => github.com/containerd/containerd v1.4.12
// Mitigating: GHSA-crp2-qrr5-8pq7
replace github.com/containerd/containerd => github.com/containerd/containerd v1.4.13

// Mitigating: GHSA-77vh-xpmg-72qh
replace github.com/opencontainers/image-spec => github.com/opencontainers/image-spec v1.0.2

// Mitigating: CVE-2021-41092
replace github.com/docker/cli => github.com/docker/cli v20.10.9+incompatible

// Mitigating: CVE-2022-21235
replace github.com/Masterminds/vcs => github.com/Masterminds/vcs v1.13.3

replace github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.7.1

// Pin kubernetes dependencies to 1.21.*
replace (
k8s.io/api => k8s.io/api v0.21.14
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.21.14
k8s.io/apimachinery => k8s.io/apimachinery v0.21.14
k8s.io/cli-runtime => k8s.io/cli-runtime v0.21.14
k8s.io/client-go => k8s.io/client-go v0.21.14
k8s.io/code-generator => k8s.io/code-generator v0.21.14
k8s.io/kubectl => k8s.io/kubectl v0.21.14
)

// Mitigating: CVE-2021-38561
replace golang.org/x/text => golang.org/x/text v0.3.7

// Mitigating: CVE-2022-29526
replace golang.org/x/sys => golang.org/x/sys v0.0.0-20220412211240-33da011f77ad

// Mitigating: CVE-2022-27191
replace golang.org/x/crypto => golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b
Loading

0 comments on commit e816395

Please sign in to comment.