Merge pull request #353 from Jonsy13/vuln-fixes

Added vulnerability fixes for k8s & litmus-checker Images
litmuschaos · May 26, 2023 · 7c275f4 · 7c275f4
2 parents 35eff9e + 6e18e9b
commit 7c275f4
Show file tree

Hide file tree

Showing 4 changed files with 308 additions and 134 deletions.
diff --git a/custom/k8s/Dockerfile b/custom/k8s/Dockerfile
@@ -1,16 +1,15 @@
-FROM alpine:3.15.0
+FROM alpine:3.18.0
 ARG TARGETARCH
 
-ENV KUBECTL_VERSION="v1.19.0"
+ENV KUBECTL_VERSION="v1.27.2"
 
 LABEL maintainer="LitmusChaos"
 
 #Installing minimal packages
 RUN apk update && \
-    apk upgrade --update-cache --available 
+    apk upgrade --update-cache --available
 RUN apk --no-cache add curl &&\
     rm -rf /var/cache/apk/*
 
 #Installing kubectl
-RUN curl -sLO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl" && chmod +x kubectl && mv kubectl /usr/bin/kubectl
-
+RUN curl -sLO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl" && chmod +x kubectl && mv kubectl /usr/bin/kubectl
diff --git a/custom/litmus-checker/Dockerfile b/custom/litmus-checker/Dockerfile
@@ -1,5 +1,5 @@
 #Build Stage
-FROM golang:1.14 AS builder
+FROM golang:1.19 AS builder
 
 LABEL maintainer="LitmusChaos"
 
@@ -17,7 +17,7 @@ RUN go env
 RUN CGO_ENABLED=0 go build -o /output/checker -v
 
 #Deploy Stage
-FROM alpine:latest
+FROM alpine:3.18.0
 
 LABEL maintainer="LitmusChaos"
 

diff --git a/custom/litmus-checker/go.mod b/custom/litmus-checker/go.mod
@@ -1,17 +1,42 @@
 module github.com/gdsoumya/resourceChecker
 
-go 1.14
+go 1.19
 
 require (
-	github.com/evanphx/json-patch v4.5.0+incompatible // indirect
-	github.com/fsnotify/fsnotify v1.4.9 // indirect
-	github.com/googleapis/gnostic v0.3.1 // indirect
+	k8s.io/apimachinery v0.21.2
+	k8s.io/client-go v0.21.2
+)
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/go-logr/logr v0.4.0 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.4.3 // indirect
+	github.com/google/go-cmp v0.5.4 // indirect
+	github.com/google/gofuzz v1.1.0 // indirect
+	github.com/googleapis/gnostic v0.4.1 // indirect
+	github.com/imdario/mergo v0.3.5 // indirect
 	github.com/json-iterator/go v1.1.10 // indirect
-	github.com/onsi/gomega v1.10.1 // indirect
-	github.com/pkg/errors v0.8.1 // indirect
-	golang.org/x/text v0.3.3 // indirect
-	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
-	k8s.io/apimachinery v0.18.6
-	k8s.io/client-go v0.18.6
-	k8s.io/utils v0.0.0-20200603063816-c1c6865ac451 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.1 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect
+	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d // indirect
+	golang.org/x/sys v0.5.0 // indirect
+	golang.org/x/term v0.5.0 // indirect
+	golang.org/x/text v0.7.0 // indirect
+	golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba // indirect
+	google.golang.org/appengine v1.6.5 // indirect
+	google.golang.org/protobuf v1.25.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	k8s.io/api v0.21.2 // indirect
+	k8s.io/klog/v2 v2.8.0 // indirect
+	k8s.io/utils v0.0.0-20201110183641-67b214c5f920 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.1.0 // indirect
+	sigs.k8s.io/yaml v1.2.0 // indirect
 )
+
+replace golang.org/x/net => golang.org/x/net v0.7.0
+
+replace golang.org/x/sys => golang.org/x/sys v0.0.0-20220412211240-33da011f77ad