Fix Critical CVE (#161)

* chore: update go version from 1.19 to 1.21.11 * update Dockerfile to use golang:1.22.5-alpine3.19 and update go.mod file * update the version to v1.2.4 in Chart.yaml and Makefile
warm-metal · Jul 24, 2024 · 6b10664 · 6b10664
1 parent e6e93b3
commit 6b10664
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 6 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.io/library/golang:1.20.4-alpine3.17 as builder
+FROM docker.io/library/golang:1.22.5-alpine3.19 as builder
 RUN apk add --no-cache btrfs-progs-dev lvm2-dev make build-base
 WORKDIR /go/src/container-image-csi-driver
 COPY go.mod go.sum ./
@@ -12,7 +12,7 @@ RUN make install-util
 FROM scratch as install-util
 COPY --from=builder /go/src/container-image-csi-driver/_output/warm-metal-csi-image-install /
 
-FROM alpine:3.17
+FROM alpine:3.19
 RUN apk add --no-cache btrfs-progs-dev lvm2-dev
 WORKDIR /
 COPY --from=builder /go/src/container-image-csi-driver/_output/csi-image-plugin /usr/bin/

diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-VERSION ?= v1.2.3
+VERSION ?= v1.2.4
 
 IMAGE_BUILDER ?= docker
 IMAGE_BUILD_CMD ?= buildx

diff --git a/charts/warm-metal-csi-driver/Chart.yaml b/charts/warm-metal-csi-driver/Chart.yaml
@@ -15,9 +15,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.2.3
+version: 1.2.4
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: v1.2.3
+appVersion: v1.2.4
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/warm-metal/container-image-csi-driver
 
-go 1.19
+go 1.22.5
 
 require (
 	github.com/BurntSushi/toml v1.2.0

diff --git a/go.sum b/go.sum
@@ -1490,6 +1490,7 @@ gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
 gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY=
+gotest.tools/v3 v3.5.0/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=