From 59c6ea10c33ac9fe06bdac26b066fcee0d116917 Mon Sep 17 00:00:00 2001 From: Davanum Srinivas Date: Tue, 2 Dec 2025 15:43:48 -0500 Subject: [PATCH 1/3] fix: update dependencies to address security vulnerabilities - Update toolchain from go1.24.0 to go1.25.5 (GO-2025-4155: crypto/x509) - Update github.com/opencontainers/runc v1.3.0 to v1.3.3 (GO-2025-4098) - Update github.com/docker/docker v28.2.2 to v28.3.3 (GO-2025-3830) Signed-off-by: Davanum Srinivas --- go.mod | 10 +++++----- go.sum | 16 ++++++++-------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/go.mod b/go.mod index 24187e5b8b..50f1e135b7 100644 --- a/go.mod +++ b/go.mod @@ -2,7 +2,7 @@ module github.com/google/cadvisor go 1.23.0 -toolchain go1.24.0 +toolchain go1.25.5 require ( cloud.google.com/go/compute/metadata v0.7.0 @@ -15,15 +15,15 @@ require ( github.com/containerd/errdefs/pkg v0.3.0 github.com/containerd/ttrpc v1.2.7 github.com/containerd/typeurl/v2 v2.2.3 - github.com/docker/docker v28.2.2+incompatible + github.com/docker/docker v28.3.3+incompatible github.com/docker/go-connections v0.5.0 github.com/docker/go-units v0.5.0 github.com/euank/go-kmsg-parser v2.0.0+incompatible github.com/karrick/godirwalk v1.17.0 github.com/mistifyio/go-zfs v2.1.1+incompatible github.com/moby/sys/mountinfo v0.7.2 - github.com/opencontainers/cgroups v0.0.2 - github.com/opencontainers/runc v1.3.0 + github.com/opencontainers/cgroups v0.0.4 + github.com/opencontainers/runc v1.3.3 github.com/opencontainers/runtime-spec v1.2.1 github.com/prometheus/client_golang v1.22.0 github.com/prometheus/client_model v0.6.2 @@ -53,7 +53,7 @@ require ( github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/containerd/log v0.1.0 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect - github.com/cyphar/filepath-securejoin v0.4.1 // indirect + github.com/cyphar/filepath-securejoin v0.5.1 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/distribution/reference v0.6.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect diff --git a/go.sum b/go.sum index e5f39bce04..6d8ddd8b0d 100644 --- a/go.sum +++ b/go.sum @@ -52,15 +52,15 @@ github.com/containerd/typeurl/v2 v2.2.3 h1:yNA/94zxWdvYACdYO8zofhrTVuQY73fFU1y++ github.com/containerd/typeurl/v2 v2.2.3/go.mod h1:95ljDnPfD3bAbDJRugOiShd/DlAAsxGtUBhJxIn7SCk= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s= -github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= +github.com/cyphar/filepath-securejoin v0.5.1 h1:eYgfMq5yryL4fbWfkLpFFy2ukSELzaJOTaUTuh+oF48= +github.com/cyphar/filepath-securejoin v0.5.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/docker v28.2.2+incompatible h1:CjwRSksz8Yo4+RmQ339Dp/D2tGO5JxwYeqtMOEe0LDw= -github.com/docker/docker v28.2.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v28.3.3+incompatible h1:Dypm25kh4rmk49v1eiVbsAtpAsYURjYkaKubwuBdxEI= +github.com/docker/docker v28.3.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= @@ -116,14 +116,14 @@ github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/opencontainers/cgroups v0.0.2 h1:A+mAPPMfgKNCEZUUtibESFx06uvhAmvo8sSz3Abwk7o= -github.com/opencontainers/cgroups v0.0.2/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs= +github.com/opencontainers/cgroups v0.0.4 h1:XVj8P/IHVms/j+7eh8ggdkTLAxjz84ZzuFyGoE28DR4= +github.com/opencontainers/cgroups v0.0.4/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M= -github.com/opencontainers/runc v1.3.0 h1:cvP7xbEvD0QQAs0nZKLzkVog2OPZhI/V2w3WmTmUSXI= -github.com/opencontainers/runc v1.3.0/go.mod h1:9wbWt42gV+KRxKRVVugNP6D5+PQciRbenB4fLVsqGPs= +github.com/opencontainers/runc v1.3.3 h1:qlmBbbhu+yY0QM7jqfuat7M1H3/iXjju3VkP9lkFQr4= +github.com/opencontainers/runc v1.3.3/go.mod h1:D7rL72gfWxVs9cJ2/AayxB0Hlvn9g0gaF1R7uunumSI= github.com/opencontainers/runtime-spec v1.2.1 h1:S4k4ryNgEpxW1dzyqffOmhI1BHYcjzU8lpJfSlR0xww= github.com/opencontainers/runtime-spec v1.2.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= From 6ffcad08738f3fdb91b942ec4a870b40b256781d Mon Sep 17 00:00:00 2001 From: Davanum Srinivas Date: Tue, 2 Dec 2025 15:45:38 -0500 Subject: [PATCH 2/3] ci: update Go version to 1.25 in GitHub Actions workflows Update Go version from 1.24 to 1.25 across all build configurations: - GitHub Actions workflows (test.yml, release-binaries.yml) - Dockerfiles (deploy/Dockerfile, deploy/canary/Dockerfile) - Build scripts (integration-in-docker.sh, unit-in-container.sh) - Makefile docker-build target - cmd/go.mod toolchain directive Also update golangci-lint from v1.64.5 to v2.6.2 for Go 1.25 compatibility, and migrate .golangci.yml to v2 format with appropriate exclusions for pre-existing code style issues. Signed-off-by: Davanum Srinivas --- .github/workflows/release-binaries.yml | 2 +- .github/workflows/test.yml | 4 +- .golangci.yml | 56 +++++++++++++++++++++----- Makefile | 4 +- build/integration-in-docker.sh | 2 +- build/unit-in-container.sh | 2 +- cmd/go.mod | 10 ++--- cmd/go.sum | 16 ++++---- deploy/Dockerfile | 2 +- deploy/canary/Dockerfile | 2 +- 10 files changed, 67 insertions(+), 33 deletions(-) diff --git a/.github/workflows/release-binaries.yml b/.github/workflows/release-binaries.yml index 77a4bb7e99..9c7f955b31 100644 --- a/.github/workflows/release-binaries.yml +++ b/.github/workflows/release-binaries.yml @@ -49,7 +49,7 @@ jobs: # Create a Docker container with the appropriate architecture docker run --rm -v ${PWD}:/go/src/github.com/google/cadvisor \ --platform linux/${{ matrix.arch }} \ - golang:1.24 \ + golang:1.25 \ /bin/bash -c "cd /go/src/github.com/google/cadvisor && GOARCH=${{ matrix.arch }} OUTPUT_NAME_WITH_ARCH=true VERSION=${{ env.VERSION }} GO_FLAGS='-buildvcs=false -tags=netgo' ./build/build.sh" - name: Generate SHA256 checksums diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 75a564393f..59b8b550ac 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -4,7 +4,7 @@ jobs: test: strategy: matrix: - go-versions: ['1.24'] + go-versions: ['1.25'] platform: [ubuntu-22.04] environment-variables: [build/config/plain.sh, build/config/libpfm4.sh, build/config/libipmctl.sh] runs-on: ${{ matrix.platform }} @@ -31,7 +31,7 @@ jobs: test-integration: strategy: matrix: - go-versions: ['1.24'] + go-versions: ['1.25'] platform: [ubuntu-22.04] environment-variables: [build/config/plain.sh, build/config/libpfm4.sh, build/config/libipmctl.sh] runs-on: ${{ matrix.platform }} diff --git a/.golangci.yml b/.golangci.yml index 80f1d5465c..a7c836a6a1 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,24 +1,58 @@ +version: "2" + run: timeout: 5m - linters-settings: - govet: - enable-all: true - gofmt: - simplify: true - goimports: - local-prefixes: github.com/google/cadvisor + linters: - disable-all: true + default: none enable: - govet - errcheck - staticcheck - unused - - gosimple - ineffassign - - typecheck + settings: + govet: + disable: + - fieldalignment + - buildtag # old +build lines still present alongside //go:build + errcheck: + exclude-functions: + - (io.Closer).Close + - (net.Conn).Close + - (*os.File).Close + - (net/http.ResponseWriter).Write + - os.Remove + - os.RemoveAll + - os.Setenv + - fmt.Fprint + - fmt.Fprintf + - fmt.Fprintln + - syscall.Close + staticcheck: + checks: + - "all" + - "-ST*" # disable all style checks (ST1000, ST1003, ST1005, etc.) + - "-QF*" # disable all quickfix suggestions + exclusions: + rules: + # Exclude errcheck in test files for cleaner test code + - linters: + - errcheck + path: "_test\\.go$" + # Exclude errcheck for Close() calls on any type + - linters: + - errcheck + text: "Error return value of .*.Close.* is not checked" + # Exclude govet printf check false positives + - linters: + - govet + text: "printf: non-constant format string" + +formatters: + enable: - gofmt - - goimports + issues: max-issues-per-linter: 0 max-same-issues: 0 diff --git a/Makefile b/Makefile index 69956f7e14..42e9abc1bc 100644 --- a/Makefile +++ b/Makefile @@ -13,7 +13,7 @@ # limitations under the License. GO := go -GOLANGCI_VER := 1.64.5 +GOLANGCI_VER := 2.6.2 GO_TEST ?= $(GO) test $(or $(GO_FLAGS),-race) arch ?= $(shell go env GOARCH) @@ -72,7 +72,7 @@ docker-%: @docker build -t cadvisor:$(shell git rev-parse --short HEAD) -f deploy/Dockerfile . docker-build: - @docker run --rm -w /go/src/github.com/google/cadvisor -v ${PWD}:/go/src/github.com/google/cadvisor golang:1.23 make build + @docker run --rm -w /go/src/github.com/google/cadvisor -v ${PWD}:/go/src/github.com/google/cadvisor golang:1.25 make build presubmit: lint @echo ">> checking go mod tidy" diff --git a/build/integration-in-docker.sh b/build/integration-in-docker.sh index c65c9b8256..62b8f86181 100755 --- a/build/integration-in-docker.sh +++ b/build/integration-in-docker.sh @@ -69,5 +69,5 @@ GO_FLAGS=${GO_FLAGS:-"-tags=netgo -race"} PACKAGES=${PACKAGES:-"sudo"} BUILD_PACKAGES=${BUILD_PACKAGES:-} CADVISOR_ARGS=${CADVISOR_ARGS:-} -GOLANG_VERSION=${GOLANG_VERSION:-"1.24"} +GOLANG_VERSION=${GOLANG_VERSION:-"1.25"} run_tests diff --git a/build/unit-in-container.sh b/build/unit-in-container.sh index 558f9ba456..823f7dc90f 100755 --- a/build/unit-in-container.sh +++ b/build/unit-in-container.sh @@ -40,5 +40,5 @@ function run_tests() { GO_FLAGS=${GO_FLAGS:-"-tags=netgo -race"} BUILD_PACKAGES=${BUILD_PACKAGES:-} -GOLANG_VERSION=${GOLANG_VERSION:-"1.24"} +GOLANG_VERSION=${GOLANG_VERSION:-"1.25"} run_tests diff --git a/cmd/go.mod b/cmd/go.mod index 80c3e1eeb9..ec585065bb 100644 --- a/cmd/go.mod +++ b/cmd/go.mod @@ -2,7 +2,7 @@ module github.com/google/cadvisor/cmd go 1.23.0 -toolchain go1.24.0 +toolchain go1.25.5 // Record that the cmd module requires the cadvisor library module. // The github.com/google/cadvisor/cmd module is built using the Makefile @@ -63,10 +63,10 @@ require ( github.com/containerd/ttrpc v1.2.7 // indirect github.com/containerd/typeurl/v2 v2.2.3 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect - github.com/cyphar/filepath-securejoin v0.4.1 // indirect + github.com/cyphar/filepath-securejoin v0.5.1 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/distribution/reference v0.6.0 // indirect - github.com/docker/docker v28.2.2+incompatible // indirect + github.com/docker/docker v28.3.3+incompatible // indirect github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-units v0.5.0 // indirect github.com/eapache/go-resiliency v1.7.0 // indirect @@ -100,10 +100,10 @@ require ( github.com/moby/sys/sequential v0.6.0 // indirect github.com/moby/sys/userns v0.1.0 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/opencontainers/cgroups v0.0.2 // indirect + github.com/opencontainers/cgroups v0.0.4 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.1 // indirect - github.com/opencontainers/runc v1.3.0 // indirect + github.com/opencontainers/runc v1.3.3 // indirect github.com/opencontainers/runtime-spec v1.2.1 // indirect github.com/pierrec/lz4/v4 v4.1.22 // indirect github.com/pkg/errors v0.9.1 // indirect diff --git a/cmd/go.sum b/cmd/go.sum index 8b257ba133..63c68813cd 100644 --- a/cmd/go.sum +++ b/cmd/go.sum @@ -72,15 +72,15 @@ github.com/containerd/typeurl/v2 v2.2.3 h1:yNA/94zxWdvYACdYO8zofhrTVuQY73fFU1y++ github.com/containerd/typeurl/v2 v2.2.3/go.mod h1:95ljDnPfD3bAbDJRugOiShd/DlAAsxGtUBhJxIn7SCk= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s= -github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= +github.com/cyphar/filepath-securejoin v0.5.1 h1:eYgfMq5yryL4fbWfkLpFFy2ukSELzaJOTaUTuh+oF48= +github.com/cyphar/filepath-securejoin v0.5.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/docker v28.2.2+incompatible h1:CjwRSksz8Yo4+RmQ339Dp/D2tGO5JxwYeqtMOEe0LDw= -github.com/docker/docker v28.2.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v28.3.3+incompatible h1:Dypm25kh4rmk49v1eiVbsAtpAsYURjYkaKubwuBdxEI= +github.com/docker/docker v28.3.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= @@ -220,14 +220,14 @@ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7J github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.24.1 h1:KORJXNNTzJXzu4ScJWssJfJMnJ+2QJqhoQSRwNlze9E= github.com/onsi/gomega v1.24.1/go.mod h1:3AOiACssS3/MajrniINInwbfOOtfZvplPzuRSmvt1jM= -github.com/opencontainers/cgroups v0.0.2 h1:A+mAPPMfgKNCEZUUtibESFx06uvhAmvo8sSz3Abwk7o= -github.com/opencontainers/cgroups v0.0.2/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs= +github.com/opencontainers/cgroups v0.0.4 h1:XVj8P/IHVms/j+7eh8ggdkTLAxjz84ZzuFyGoE28DR4= +github.com/opencontainers/cgroups v0.0.4/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M= -github.com/opencontainers/runc v1.3.0 h1:cvP7xbEvD0QQAs0nZKLzkVog2OPZhI/V2w3WmTmUSXI= -github.com/opencontainers/runc v1.3.0/go.mod h1:9wbWt42gV+KRxKRVVugNP6D5+PQciRbenB4fLVsqGPs= +github.com/opencontainers/runc v1.3.3 h1:qlmBbbhu+yY0QM7jqfuat7M1H3/iXjju3VkP9lkFQr4= +github.com/opencontainers/runc v1.3.3/go.mod h1:D7rL72gfWxVs9cJ2/AayxB0Hlvn9g0gaF1R7uunumSI= github.com/opencontainers/runtime-spec v1.2.1 h1:S4k4ryNgEpxW1dzyqffOmhI1BHYcjzU8lpJfSlR0xww= github.com/opencontainers/runtime-spec v1.2.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= diff --git a/deploy/Dockerfile b/deploy/Dockerfile index 7ab636de82..d67c9f7de0 100644 --- a/deploy/Dockerfile +++ b/deploy/Dockerfile @@ -1,4 +1,4 @@ -FROM registry.hub.docker.com/library/golang:1.24-alpine3.22 AS build +FROM registry.hub.docker.com/library/golang:1.25-alpine3.22 AS build # Install build depdencies for all supported arches RUN apk --no-cache add bash build-base cmake device-mapper findutils git \ diff --git a/deploy/canary/Dockerfile b/deploy/canary/Dockerfile index 22068cdd18..839eac1c7f 100644 --- a/deploy/canary/Dockerfile +++ b/deploy/canary/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.24 +FROM golang:1.25 MAINTAINER dashpole@google.com RUN apt-get update && apt-get install -y git dmsetup && apt-get clean From fc7d267fa6f30a7e4cc659d844105351c4dfe8c2 Mon Sep 17 00:00:00 2001 From: Davanum Srinivas Date: Tue, 2 Dec 2025 16:22:24 -0500 Subject: [PATCH 3/3] fix: handle nil Health state in docker container handler Container.State.Health can be nil when no health check is configured. Check for nil before accessing .Status to prevent panic. Fixes nil pointer dereference in newDockerContainerHandler when inspecting containers without health checks. Signed-off-by: Davanum Srinivas --- container/docker/handler.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container/docker/handler.go b/container/docker/handler.go index 4e0182b1f3..047f02affc 100644 --- a/container/docker/handler.go +++ b/container/docker/handler.go @@ -199,10 +199,13 @@ func newDockerContainerHandler( rootfsStorageDir: rootfsStorageDir, envs: make(map[string]string), labels: ctnr.Config.Labels, - healthStatus: ctnr.State.Health.Status, includedMetrics: metrics, zfsParent: zfsParent, } + // Health status may be nil if no health check is configured + if ctnr.State.Health != nil { + handler.healthStatus = ctnr.State.Health.Status + } // Timestamp returned by Docker is in time.RFC3339Nano format. handler.creationTime, err = time.Parse(time.RFC3339Nano, ctnr.Created) if err != nil {