Update golang version from 1.19 to 1.21

[blinkeye]

The golang version/base image being used is 1.19 which is EoL since 08 Aug 2023.

docker scout reports 4 CVEs:

    ✗ HIGH CVE-2023-44487
      https://scout.docker.com/v/CVE-2023-44487
      Affected range : <1.20.10
      Fixed version  : 1.20.10

    ✗ HIGH CVE-2023-39325
      https://scout.docker.com/v/CVE-2023-39325
      Affected range : <1.20.10
      Fixed version  : 1.20.10

    ✗ MEDIUM CVE-2023-39319
      https://scout.docker.com/v/CVE-2023-39319
      Affected range : <1.20.8
      Fixed version  : 1.20.8

    ✗ MEDIUM CVE-2023-39318
      https://scout.docker.com/v/CVE-2023-39318
      Affected range : <1.20.8
      Fixed version  : 1.20.8

[dosubot]

🤖

Hello @blinkeye! I'm Dosu, a friendly bot here to assist you. I'm designed to help solve bugs, answer questions, and guide you on your journey to becoming a contributor. While we're waiting for a human maintainer, feel free to ask me anything you need. Rest assured, I'm examining your issue and will have a comprehensive response for you soon.

[dosubot]

🤖

Thank you for bringing this to our attention. You're correct that the Golang version should be updated to address the reported CVEs and the end of life status of the current version.

To update the Golang version in the KSOPS repository, you would need to modify the go.mod file. The Golang version is specified at the top of the file after the go keyword.

Here's how you can do it:

module github.com/viaduct-ai/kustomize-sops

go 1.21

require (
	github.com/getsops/sops/v3 v3.8.1
	github.com/joho/godotenv v1.5.1
	sigs.k8s.io/kustomize/api v0.15.0
	sigs.k8s.io/yaml v1.4.0
)

// ... rest of the file remains the same

After updating the Golang version, you should run go mod tidy to ensure all the dependencies are compatible with the new Golang version. If there are any incompatible dependencies, you may need to update them as well.

Please note that this change should also be reflected in the Dockerfile. The base image should be updated to use the new Golang version. Here's how you can do it:

# Change this line
FROM golang:1.21 as builder

# ... rest of the file remains the same

Please let me know if you need further assistance.

Sources

• go.mod

---

This response is meant to be useful and save you time. It is not meant to be a precise solution, but rather a starting point for your own research.

Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.

If you want to continue the conversation, start your reply with @dosu-bot.