Skip to content
This repository has been archived by the owner on Nov 1, 2022. It is now read-only.

Update dependencies #654

Merged
merged 6 commits into from
Jul 27, 2022
Merged

Update dependencies #654

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
6041e94
build: fix Makefile
pjbgf Jul 26, 2022
d1ad980
build: update base image to alpine:3.15
pjbgf Jul 26, 2022
9464e4d
build: to a supported circleci image
pjbgf Jul 26, 2022
dc69f13
update to Go 1.16
pjbgf Jul 26, 2022
1969bba
Update helm and kubectl binaries
pjbgf Jul 26, 2022
ecd2a19
update dependencies
pjbgf Jul 26, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .circleci/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ jobs:
build:
working_directory: /home/circleci/go/src/github.com/fluxcd/helm-operator
machine:
image: ubuntu-1604:201903-01
image: ubuntu-2004:2022.04.2
resource_class: large
environment:
GO_VERSION: 1.14.2
GO_VERSION: 1.16.15
# We don't need a GOPATH but CircleCI defines it, so we override it
GOPATH: /home/circleci/go
GOPROXY: https://proxy.golang.org
Expand Down
7 changes: 4 additions & 3 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,8 @@ ifeq ($(ARCH),)
ARCH=amd64
endif
CURRENT_OS_ARCH=$(shell echo `go env GOOS`-`go env GOARCH`)
GOBIN?=$(shell echo `go env GOPATH`/bin)
# GOPATH may include multiple locations in colon separated format.
GOBIN?=$(shell echo $$GOPATH | cut -d ":" -f 1)/bin

MAIN_GO_MODULE:=$(shell go list -mod=readonly -m -f '{{ .Path }}')
LOCAL_GO_MODULES:=$(shell go list -mod=readonly -m -f '{{ .Path }}' all | grep $(MAIN_GO_MODULE))
Expand All @@ -32,7 +33,7 @@ IMAGE_TAG:=$(shell ./docker/image-tag)
VCS_REF:=$(shell git rev-parse HEAD)
BUILD_DATE:=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ')

all: $(GOBIN)/bin/helm-operator build/.helm-operator.done
all: $(GOBIN)/helm-operator build/.helm-operator.done

clean:
go clean ./cmd/helm-operator
Expand Down Expand Up @@ -110,7 +111,7 @@ cache/%/helm-$(HELM3_VERSION): docker/helm3.version
tar -m -C ./cache -xzf cache/$*/helm-$(HELM3_VERSION).tar.gz $*/helm
mv cache/$*/helm $@

$(GOBIN)/bin/helm-operator: $(HELM_OPERATOR_DEPS)
$(GOBIN)/helm-operator: $(HELM_OPERATOR_DEPS)
go install ./cmd/helm-operator

pkg/install/generated_templates.gogen.go: pkg/install/templates/*
Expand Down
2 changes: 1 addition & 1 deletion docker/Dockerfile.helm-operator
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM alpine:3.13
FROM alpine:3.15

WORKDIR /home/flux

Expand Down
8 changes: 4 additions & 4 deletions docker/helm3.version
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
HELM3_VERSION=3.6.3
HELM3_CHECKSUM_amd64=07c100849925623dc1913209cd1a30f0a9b80a5b4d6ff2153c609d11b043e262
HELM3_CHECKSUM_arm=6918e573a70c309fbf6385a0a0d18d090c10b44d318724f1f73e47ede4809635
HELM3_CHECKSUM_arm64=6fe647628bc27e7ae77d015da4d5e1c63024f673062ac7bc11453ccc55657713
HELM3_VERSION=3.9.2
HELM3_CHECKSUM_amd64=3f5be38068a1829670440ccf00b3b6656fd90d0d9cfd4367539f3b13e4c20531
HELM3_CHECKSUM_arm=fb9f0c1c9475c66c2b3579b908c181d519761bbfae963ffac860bc683a2253de
HELM3_CHECKSUM_arm64=e4e2f9aad786042d903534e3131bc5300d245c24bbadf64fc46cca1728051dbc
8 changes: 4 additions & 4 deletions docker/kubectl.version
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
KUBECTL_VERSION=v1.15.7
KUBECTL_CHECKSUM_amd64=d815361bdb3a9e8032b8c5c1e0da81d7dd7645cdb0fef6699cab6b379bee59a522a02d361f353f261734bbcd698250135763368b43225f28c7a240bc0e244ef2
KUBECTL_CHECKSUM_arm=6911ad6f772ec7a702399eb2830c11cead2dec9dd39f10fc544a0c1f13b704cb7d17e41964761dcebcf04c0badf46af4111ebfc399aeef65e117081d4d86713b
KUBECTL_CHECKSUM_arm64=82c82040a21d450f487db5e9afc6b4acf7711c6f1a2ac55386f16320f276f4d9c6f0eb0cb5abfcd84b7eb3bef29b4fedaabd34406ebe51ffadd7a2e623d94170
KUBECTL_VERSION=v1.21.14
KUBECTL_CHECKSUM_amd64=52a98cc64abeea4187391cbf0ad5bdd69b6920c2b29b8f9afad194441e642fb8f252e14a91c095ef1e85a23e5bb587916bd319566b6e8d1e03be5505400f44b4
KUBECTL_CHECKSUM_arm=fb204c3494bb7acf59ea0dc2b6f94c5a7d2b7e6d69c05b7a7e77b3fc438e574e9ac5f8720a4ae8f2f660822262aa8c4723bfe269c49ed641031f8259210e5b48
KUBECTL_CHECKSUM_arm64=ed613592035b45c4f4571eed2b739c837def4287aacc7c37665e596484aa6dbd299224ef12ec329cfa8a655e20b6bee6f6fc3204bc79b92d832171073ddde191
74 changes: 46 additions & 28 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
module github.com/fluxcd/helm-operator

go 1.14
go 1.16

require (
github.com/bitly/go-simplejson v0.5.0 // indirect
github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 // indirect
github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d // indirect
github.com/bshuster-repo/logrus-logstash-hook v1.0.2 // indirect
github.com/bugsnag/panicwrap v1.2.0 // indirect
github.com/docker/go-metrics v0.0.1 // indirect
Expand All @@ -15,30 +14,31 @@ require (
github.com/garyburd/redigo v1.6.0 // indirect
github.com/go-kit/kit v0.10.0
github.com/gofrs/uuid v3.2.0+incompatible // indirect
github.com/golang/protobuf v1.5.0
github.com/google/go-cmp v0.5.5
github.com/golang/protobuf v1.5.2
github.com/google/go-cmp v0.5.6
github.com/gorilla/mux v1.7.3
github.com/helm/helm-2to3 v0.8.2
github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
github.com/mattn/go-colorable v0.1.6 // indirect
github.com/ncabatoff/go-seq v0.0.0-20180805175032-b08ef85ed833
github.com/pkg/errors v0.9.1
github.com/prometheus/client_golang v1.7.1
github.com/prometheus/client_golang v1.11.1
github.com/shurcooL/vfsgen v0.0.0-20181202132449-6a9ea43bcacd
github.com/spf13/pflag v1.0.5
github.com/stretchr/testify v1.7.0
github.com/yvasiyarov/go-metrics v0.0.0-20150112132944-c25f46c4b940 // indirect
github.com/yvasiyarov/newrelic_platform_go v0.0.0-20160601141957-9c099fbc30e9 // indirect
google.golang.org/grpc v1.27.1
google.golang.org/grpc v1.43.0
helm.sh/helm/v3 v3.6.3
k8s.io/api v0.21.7
k8s.io/apiextensions-apiserver v0.21.7
k8s.io/apimachinery v0.21.7
k8s.io/cli-runtime v0.21.7
k8s.io/api v0.22.5
k8s.io/apiextensions-apiserver v0.21.14
k8s.io/apimachinery v0.22.5
k8s.io/cli-runtime v0.21.14
k8s.io/client-go v11.0.0+incompatible
k8s.io/helm v2.17.0+incompatible
k8s.io/klog v1.0.0
k8s.io/kubectl v0.21.7
k8s.io/utils v0.0.0-20210521133846-da695404a2bc
k8s.io/kubectl v0.21.14
k8s.io/utils v0.0.0-20211116205334-6203023598ed
sigs.k8s.io/yaml v1.2.0
)

Expand All @@ -47,7 +47,8 @@ replace github.com/fluxcd/helm-operator/pkg/install => ./pkg/install

// Transitive requirement from Helm: https://github.com/helm/helm/blob/v3.5.2/go.mod#L52-L53
replace (
github.com/docker/distribution => github.com/docker/distribution v2.7.0-rc.0+incompatible
// Mitigating CVE-2017-11468 and GHSA-qq97-vm5h-rrhg
github.com/docker/distribution => github.com/docker/distribution v2.8.1+incompatible

github.com/docker/docker => github.com/moby/moby v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible
)
Expand All @@ -58,12 +59,6 @@ replace (
github.com/fluxcd/flux/pkg/install => github.com/fluxcd/flux/pkg/install v0.0.0-20200206191601-8b676b003ab0
)

// Force upgrade because of a transitive downgrade.
// github.com/fluxcd/helm-operator
// +-> github.com/fluxcd/flux@v1.17.2
// +-> k8s.io/client-go@v11.0.0+incompatible
replace k8s.io/client-go => k8s.io/client-go v0.21.7

// Force upgrade because of a transitive downgrade.
// github.com/fluxcd/flux
// +-> github.com/fluxcd/helm-operator@v1.0.0-rc6
Expand All @@ -74,18 +69,41 @@ replace (
k8s.io/helm => k8s.io/helm v2.17.0+incompatible
)

// Pin specific runc following example of source-controller upstream:
// https://github.com/fluxcd/source-controller/blob/59dc602b2d0a5b0d4625a4a848303fa2d2117e84/go.mod#L62-L77
// github.com/fluxcd/helm-operator
// +-> helm.sh/helm/v3@v3.6.3
// +-> github.com/opencontainers/runc@v1.0.2
replace github.com/opencontainers/runc => github.com/opencontainers/runc v1.0.2
// Mitigating:
// CVE-2019-16884, CVE-2019-19921, CVE-2022-24769,
// CVE-2022-29162, CVE-2021-30465 and CVE-2016-9962.
replace github.com/opencontainers/runc => github.com/opencontainers/runc v1.1.2

// Mitigating: GHSA-5j5w-g665-5m35
replace github.com/containerd/containerd => github.com/containerd/containerd v1.4.12
// Mitigating: GHSA-crp2-qrr5-8pq7
replace github.com/containerd/containerd => github.com/containerd/containerd v1.4.13

// Mitigating: GHSA-77vh-xpmg-72qh
replace github.com/opencontainers/image-spec => github.com/opencontainers/image-spec v1.0.2

// Mitigating: CVE-2021-41092
replace github.com/docker/cli => github.com/docker/cli v20.10.9+incompatible

// Mitigating: CVE-2022-21235
replace github.com/Masterminds/vcs => github.com/Masterminds/vcs v1.13.3

replace github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.7.1

// Pin kubernetes dependencies to 1.21.*
replace (
k8s.io/api => k8s.io/api v0.21.14
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.21.14
k8s.io/apimachinery => k8s.io/apimachinery v0.21.14
k8s.io/cli-runtime => k8s.io/cli-runtime v0.21.14
k8s.io/client-go => k8s.io/client-go v0.21.14
k8s.io/code-generator => k8s.io/code-generator v0.21.14
k8s.io/kubectl => k8s.io/kubectl v0.21.14
)

// Mitigating: CVE-2021-38561
replace golang.org/x/text => golang.org/x/text v0.3.7

// Mitigating: CVE-2022-29526
replace golang.org/x/sys => golang.org/x/sys v0.0.0-20220412211240-33da011f77ad

// Mitigating: CVE-2022-27191
replace golang.org/x/crypto => golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b
Loading