fix: CVE-2023-45288 ensure golang/x/net is 0.23+, container to ubi9

Signed-off-by: Subbarao Meduri <smeduri@redhat.com>
stolostron · Jun 19, 2024 · e7e6b38 · e7e6b38
1 parent 442f714
commit e7e6b38
Show file tree

Hide file tree

Showing 12 changed files with 163 additions and 49 deletions.
diff --git a/collectors/metrics/Dockerfile b/collectors/metrics/Dockerfile
@@ -1,6 +1,6 @@
 # Copyright Contributors to the Open Cluster Management project
 
-FROM registry.ci.openshift.org/stolostron/builder:go1.20-linux AS builder
+FROM registry.ci.openshift.org/stolostron/builder:go1.21-linux AS builder
 
 WORKDIR /workspace
 COPY go.sum go.mod ./
@@ -9,7 +9,7 @@ COPY ./operators/pkg ./operators/pkg
 COPY ./operators/multiclusterobservability/api ./operators/multiclusterobservability/api
 RUN CGO_ENABLED=1 go build -a -installsuffix cgo -v -o metrics-collector ./collectors/metrics/cmd/metrics-collector/main.go
 
-FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
+FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
 
 ARG VCS_REF
 ARG VCS_URL

diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/stolostron/multicluster-observability-operator
 
-go 1.20
+go 1.21
 
 require (
  github.com/IBM/controller-filtered-cache v0.3.6
@@ -90,7 +90,7 @@ require (
  github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
  github.com/google/certificate-transparency-go v1.0.21 // indirect
  github.com/google/gnostic v0.6.9 // indirect
- github.com/google/go-cmp v0.5.9 // indirect
+ github.com/google/go-cmp v0.6.0 // indirect
  github.com/google/gofuzz v1.2.0 // indirect
  github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
  github.com/google/uuid v1.3.0 // indirect
@@ -142,16 +142,16 @@ require (
  go.uber.org/atomic v1.10.0 // indirect
  go.uber.org/goleak v1.2.0 // indirect
  go.uber.org/multierr v1.11.0 // indirect
- golang.org/x/crypto v0.14.0 // indirect
- golang.org/x/mod v0.10.0 // indirect
- golang.org/x/net v0.17.0 // indirect
+ golang.org/x/crypto v0.24.0 // indirect
+ golang.org/x/mod v0.17.0 // indirect
+ golang.org/x/net v0.26.0 // indirect
  golang.org/x/oauth2 v0.10.0 // indirect
- golang.org/x/sync v0.5.0 // indirect
- golang.org/x/sys v0.15.0 // indirect
- golang.org/x/term v0.15.0 // indirect
- golang.org/x/text v0.14.0 // indirect
+ golang.org/x/sync v0.7.0 // indirect
+ golang.org/x/sys v0.21.0 // indirect
+ golang.org/x/term v0.21.0 // indirect
+ golang.org/x/text v0.16.0 // indirect
  golang.org/x/time v0.3.0 // indirect
- golang.org/x/tools v0.9.3 // indirect
+ golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
  gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
  google.golang.org/appengine v1.6.7 // indirect
  google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
@@ -181,7 +181,6 @@ replace (
  github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring => github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.53.1
  github.com/prometheus/common => github.com/prometheus/common v0.37.1
  github.com/prometheus/prometheus => github.com/prometheus/prometheus v0.40.1
- golang.org/x/net => golang.org/x/net v0.17.0
  k8s.io/api => k8s.io/api v0.26.4
  k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.26.4
  k8s.io/apimachinery => k8s.io/apimachinery v0.26.4

diff --git a/go.sum b/go.sum
diff --git a/loaders/dashboards/Dockerfile b/loaders/dashboards/Dockerfile
@@ -1,14 +1,14 @@
 # Copyright Contributors to the Open Cluster Management project
 
-FROM registry.ci.openshift.org/stolostron/builder:go1.20-linux AS builder
+FROM registry.ci.openshift.org/stolostron/builder:go1.21-linux AS builder
 
 WORKDIR /workspace
 COPY go.sum go.mod ./loaders/dashboards ./
 COPY ./loaders/dashboards ./loaders/dashboards
 
 RUN CGO_ENABLED=1 go build -a -installsuffix cgo -v -o main loaders/dashboards/cmd/main.go
 
-FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
+FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
 
 ARG VCS_REF
 ARG VCS_URL

diff --git a/operators/endpointmetrics/Dockerfile b/operators/endpointmetrics/Dockerfile
@@ -1,6 +1,6 @@
 # Copyright (c) 2021 Red Hat, Inc.
 # Copyright Contributors to the Open Cluster Management project.
-FROM registry.ci.openshift.org/stolostron/builder:go1.20-linux AS builder
+FROM registry.ci.openshift.org/stolostron/builder:go1.21-linux AS builder
 
 WORKDIR /workspace
 COPY go.sum go.mod ./
@@ -10,7 +10,7 @@ COPY ./operators/pkg ./operators/pkg
 
 RUN CGO_ENABLED=1 go build -a -installsuffix cgo -o build/_output/bin/endpoint-monitoring-operator operators/endpointmetrics/main.go
 
-FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
+FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
 
 ARG VCS_REF
 ARG VCS_URL

diff --git a/operators/multiclusterobservability/Dockerfile b/operators/multiclusterobservability/Dockerfile
@@ -1,6 +1,6 @@
 # Copyright Contributors to the Open Cluster Management project
 
-FROM registry.ci.openshift.org/stolostron/builder:go1.20-linux AS builder
+FROM registry.ci.openshift.org/stolostron/builder:go1.21-linux AS builder
 
 
 WORKDIR /workspace
@@ -10,7 +10,7 @@ COPY ./operators/pkg ./operators/pkg
 
 RUN CGO_ENABLED=1 go build -a -installsuffix cgo -o bin/manager operators/multiclusterobservability/main.go
 
-FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
+FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
 
 ARG VCS_REF
 ARG VCS_URL

diff --git a/proxy/Dockerfile b/proxy/Dockerfile
@@ -1,14 +1,14 @@
 # Copyright Contributors to the Open Cluster Management project
 
-FROM registry.ci.openshift.org/stolostron/builder:go1.20-linux AS builder
+FROM registry.ci.openshift.org/stolostron/builder:go1.21-linux AS builder
 
 WORKDIR /workspace
 COPY go.sum go.mod ./
 COPY ./proxy ./proxy
 
 RUN CGO_ENABLED=1 go build -a -installsuffix cgo -v -o main proxy/cmd/main.go
 
-FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
+FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
 
 ARG VCS_REF
 ARG VCS_URL

diff --git a/tests/Dockerfile b/tests/Dockerfile
@@ -1,4 +1,4 @@
-FROM registry.ci.openshift.org/stolostron/builder:go1.20-linux AS builder
+FROM registry.ci.openshift.org/stolostron/builder:go1.21-linux AS builder
 
 WORKDIR /workspace
 # copy go tests into build image
@@ -9,7 +9,7 @@ COPY ./tests ./tests
 RUN go install github.com/onsi/ginkgo/ginkgo@v1.14.2 && go mod vendor && ginkgo build ./tests/pkg/tests/
 
 # create new docker image to hold built artifacts
-FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
+FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
 
 # pre-create directories and set permissions
 RUN mkdir -p /resources /results /workspace/.kube && \

diff --git a/tests/run-in-kind/run-e2e-in-kind.sh b/tests/run-in-kind/run-e2e-in-kind.sh
@@ -17,9 +17,9 @@ setup_kubectl_command() {
  if ! command -v kubectl >/dev/null 2>&1; then
  echo "This script will install kubectl (https://kubernetes.io/docs/tasks/tools/install-kubectl/) on your machine"
  if [[ "$(uname)" == "Linux" ]]; then
- curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.18.0/bin/linux/amd64/kubectl
+ curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubectl
  elif [[ "$(uname)" == "Darwin" ]]; then
- curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.18.0/bin/darwin/amd64/kubectl
+ curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/darwin/amd64/kubectl
  fi
  chmod +x ./kubectl
  sudo mv ./kubectl /usr/local/bin/kubectl

diff --git a/tools/simulator/alert-forward/Dockerfile b/tools/simulator/alert-forward/Dockerfile
@@ -1,14 +1,14 @@
 # Copyright Contributors to the Open Cluster Management project
 
-FROM registry.ci.openshift.org/stolostron/builder:go1.20-linux AS builder
+FROM registry.ci.openshift.org/stolostron/builder:go1.21-linux AS builder
 
 WORKDIR /workspace
 COPY go.sum go.mod ./
 COPY tools/simulator/alert-forward/main.go tools/simulator/alert-forward/main.go
 
 RUN CGO_ENABLED=1 go build -a -installsuffix cgo -o bin/alert-forwarder tools/simulator/alert-forward/main.go
 
-FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
+FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
 
 ENV MAIN_BINARY=/usr/local/bin/alert-forwarder \
  USER_UID=1001 \

diff --git a/tools/simulator/metrics-collector/Dockerfile b/tools/simulator/metrics-collector/Dockerfile
@@ -1,3 +1,3 @@
-FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
+FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
 USER 1001:1001
 COPY timeseries.txt /tmp/
diff --git a/tools/simulator/metrics-collector/metrics-extractor/Dockerfile b/tools/simulator/metrics-collector/metrics-extractor/Dockerfile
@@ -1,9 +1,9 @@
-FROM registry.ci.openshift.org/stolostron/builder:go1.20-linux AS builder
+FROM registry.ci.openshift.org/stolostron/builder:go1.21-linux AS builder
 
 RUN GOBIN=/usr/local/bin go install github.com/brancz/gojsontoyaml@latest
 
 
-FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
+FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
 RUN mkdir /metrics-extractor
 RUN mkdir /ocp-tools
 RUN microdnf install wget -y \