build(deps): Bump golangci/golangci-lint from v1.52.2-alpine to v1.53…

….2-alpine in /gomplate-ci-build (#674) * build(deps): Bump golangci/golangci-lint in /gomplate-ci-build Bumps golangci/golangci-lint from v1.52.2-alpine to v1.53.2-alpine. --- updated-dependencies: - dependency-name: golangci/golangci-lint dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * updating trivyignore and dockerfiles Signed-off-by: Dave Henderson <dhenderson@gmail.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Dave Henderson <dhenderson@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dave Henderson <dhenderson@gmail.com>
hairyhenderson · Jun 6, 2023 · bb93513 · bb93513
1 parent 6f0a487
commit bb93513
Show file tree

Hide file tree

Showing 11 changed files with 36 additions and 20 deletions.
diff --git a/.trivyignore b/.trivyignore
@@ -1,18 +1,5 @@
-# consul 1.12 - bug not relevant in this usage
-CVE-2022-21698
-# cc-test-reporter - golang.org/x/crypto/ssh bugs, not relevant here
-CVE-2020-29652
-CVE-2020-7919
-CVE-2020-9283
-CVE-2022-27191
 # irrelevant for this usage (it's about HTTP servers)
 CVE-2022-41721
-# golang.org/x/crypto/ssh bug, not relevant here
-CVE-2021-43565
-# buildx vuln due to containerd being out of date - not relevant here
-CVE-2023-25173
-# buildx & consul vulns - not relevant here
-CVE-2022-41723
 
 # vulns being picked up (improperly, I think?) from the base golang:1.20 image
 CVE-2021-33194
@@ -21,6 +8,21 @@ CVE-2021-44716
 CVE-2022-27664
 CVE-2022-32149
 
+# cc-test-reporter - golang.org/x/crypto/ssh bugs, not relevant here
+CVE-2020-29652
+CVE-2020-7919
+CVE-2020-9283
+CVE-2022-27191
+
+# golang.org/x/crypto/ssh bug, not relevant here
+CVE-2021-43565
+
+# buildx vuln - fixed upstream, no release yet
+CVE-2023-2253
+
+# buildx & consul vulns - not relevant here
+CVE-2022-41723
+
 # bashbrew - github.com/opencontainers/runc vulns - not relevant here
 CVE-2023-27561
 CVE-2023-28642
diff --git a/bashbrew/Dockerfile b/bashbrew/Dockerfile
@@ -2,6 +2,10 @@ FROM alpine:3.18
 
 LABEL org.opencontainers.image.source https://github.com/hairyhenderson/dockerfiles
 
+RUN apk --no-cache upgrade \
+	libssl3 \
+	libcrypto3
+
 RUN set -eux; \
 	apkArch="$(apk --print-arch)"; \
 	case "$apkArch" in \

diff --git a/ci-builder/Dockerfile b/ci-builder/Dockerfile
@@ -1,9 +1,9 @@
 FROM vault:1.13.2 AS vault
-FROM consul:1.15.2 AS consul
+FROM consul:1.15.3 AS consul
 FROM docker:24.0 AS docker
 FROM ghcr.io/hairyhenderson/bashbrew:latest AS bashbrew
 FROM docker/buildx-bin:0.10.5 AS buildx-plugin
-FROM golangci/golangci-lint:v1.52.2-alpine AS golangci-lint
+FROM golangci/golangci-lint:v1.53.2-alpine AS golangci-lint
 
 FROM alpine:3.18 AS cc-test-reporter
 
@@ -32,6 +32,9 @@ RUN mkdir -p /tmp/test-results
 RUN apk --no-cache add \
 	unzip jq git \
 	build-base
+RUN apk --no-cache upgrade \
+	libssl3 \
+	libcrypto3
 
 ENV DOCKER_BUILDKIT=1
 ENV GOFLAGS=-buildvcs=false

diff --git a/dockerfiles-builder/Dockerfile b/dockerfiles-builder/Dockerfile
@@ -9,6 +9,8 @@ FROM alpine:3.18 AS runtime
 LABEL org.opencontainers.image.source https://github.com/hairyhenderson/dockerfiles
 
 RUN apk add --no-cache make bash git curl ca-certificates
+RUN apk --no-cache upgrade libssl3 libcrypto3
+
 COPY --from=gomplate /gomplate /bin/gomplate
 COPY --from=bashbrew /bin/bashbrew /bin/bashbrew
 COPY --from=docker /usr/local/bin/docker /bin/docker

diff --git a/figlet/Dockerfile b/figlet/Dockerfile
@@ -3,5 +3,6 @@ FROM alpine:3
 LABEL org.opencontainers.image.source https://github.com/hairyhenderson/dockerfiles
 
 RUN apk add --no-cache figlet
+RUN apk --no-cache upgrade libssl3 libcrypto3
 
 ENTRYPOINT ["figlet"]
diff --git a/gomplate-ci-build/Dockerfile b/gomplate-ci-build/Dockerfile
@@ -1,10 +1,9 @@
-ARG GO_VERSION=1.20
 FROM vault:1.13.2 AS vault
-FROM consul:1.15.2 AS consul
+FROM consul:1.15.3 AS consul
 FROM docker:24.0 AS docker
 FROM ghcr.io/hairyhenderson/bashbrew:latest AS bashbrew
 FROM docker/buildx-bin:0.10.5 AS buildx-plugin
-FROM golangci/golangci-lint:v1.52.2-alpine AS golangci-lint
+FROM golangci/golangci-lint:v1.53.2-alpine AS golangci-lint
 
 FROM alpine:3.18 AS cc-test-reporter
 
@@ -21,10 +20,10 @@ RUN set -eux; \
 	esac; \
 	chmod +x /bin/cc-test-reporter
 
-FROM golang:${GO_VERSION} AS go-junit-report
+FROM golang:1.20 AS go-junit-report
 RUN go install github.com/jstemmer/go-junit-report@latest
 
-FROM golang:${GO_VERSION} AS final
+FROM golang:1.20 AS final
 
 LABEL org.opencontainers.image.source https://github.com/hairyhenderson/dockerfiles
 

diff --git a/man/Dockerfile b/man/Dockerfile
@@ -4,6 +4,7 @@ LABEL org.opencontainers.image.source https://github.com/hairyhenderson/dockerfi
 
 ENV PAGER /usr/bin/less
 RUN apk add --no-cache mandoc man-pages util-linux-doc e2fsprogs-doc
+RUN apk --no-cache upgrade libssl3 libcrypto3
 
 USER 42000:42000
 

diff --git a/pi-blaster/Dockerfile b/pi-blaster/Dockerfile
@@ -16,6 +16,7 @@ RUN make
 
 FROM alpine:3
 
+RUN apk --no-cache upgrade libssl3 libcrypto3
 COPY --from=builder /pi-blaster/pi-blaster /
 
 CMD ["/pi-blaster", "-D"]
diff --git a/sed/Dockerfile b/sed/Dockerfile
@@ -3,5 +3,6 @@ FROM alpine:3.18
 LABEL org.opencontainers.image.source https://github.com/hairyhenderson/dockerfiles
 
 RUN apk --no-cache add sed
+RUN apk --no-cache upgrade libssl3 libcrypto3
 
 ENTRYPOINT ["sed"]
diff --git a/socat/Dockerfile b/socat/Dockerfile
@@ -5,5 +5,6 @@ LABEL org.opencontainers.image.source https://github.com/hairyhenderson/dockerfi
 RUN apk add --no-cache \
   ca-certificates \
   socat
+RUN apk --no-cache upgrade libssl3 libcrypto3
 
 ENTRYPOINT ["socat"]
diff --git a/ssh/Dockerfile b/ssh/Dockerfile
@@ -2,5 +2,6 @@ FROM alpine:3
 
 LABEL org.opencontainers.image.source https://github.com/hairyhenderson/dockerfiles
 RUN apk --no-cache add openssh-client
+RUN apk --no-cache upgrade libssl3 libcrypto3
 
 ENTRYPOINT ["ssh"]