Merge pull request #49 from kubeslice/hotfix-vuln

fix(): vulnerabilities from trivy scan
kubeslice · Jul 31, 2024 · 3f12a62 · 3f12a62
2 parents 3d3cb04 + 99dbc7f
commit 3f12a62
Show file tree

Hide file tree

Showing 575 changed files with 69,676 additions and 19,047 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -19,7 +19,7 @@
 
 ARG PLATFORM
 
-FROM ${PLATFORM}/golang:1.17.7-alpine3.15 as gobuilder
+FROM ${PLATFORM}/golang:1.22.5-alpine3.20 AS gobuilder
 
 # Install git.
 
@@ -42,7 +42,7 @@ RUN go mod download &&\
 
 # Build reduced image from base alpine
 
-FROM ${PLATFORM}/alpine:3.15
+FROM ${PLATFORM}/alpine:3.20.2
 
 # tc - is needed for traffic control and shaping on the sidecar.  it is part of the iproute2
 

diff --git a/go.mod b/go.mod
@@ -1,24 +1,23 @@
 module github.com/kubeslice/gateway-sidecar
 
-go 1.17
+go 1.22.5
 
 require github.com/lorenzosaino/go-sysctl v0.2.0
 
 require (
 	github.com/BurntSushi/toml v0.4.1 // indirect
 	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect
-	golang.org/x/mod v0.5.0 // indirect
-	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
-	golang.org/x/tools v0.1.6 // indirect
-	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
+	golang.org/x/mod v0.8.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/tools v0.6.0 // indirect
 	honnef.co/go/tools v0.2.1 // indirect
 )
 
 require (
-	github.com/golang/protobuf v1.5.2
+	github.com/golang/protobuf v1.5.3
 	go.uber.org/zap v1.21.0
-	google.golang.org/grpc v1.45.0
-	google.golang.org/protobuf v1.28.0
+	google.golang.org/grpc v1.58.3
+	google.golang.org/protobuf v1.31.0
 )
 
 require (
@@ -29,16 +28,15 @@ require (
 
 require (
 	github.com/go-ping/ping v0.0.0-20211130115550-779d1e919534
-	golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect
-	golang.org/x/text v0.3.7 // indirect
-	google.golang.org/genproto v0.0.0-20200825200019-8632dd797987 // indirect
+	golang.org/x/net v0.17.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
 )
 
 require (
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
-	github.com/google/uuid v1.2.0 // indirect
+	github.com/google/uuid v1.3.0 // indirect
 	github.com/vishvananda/netlink v1.1.0
-	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
+	golang.org/x/sync v0.3.0 // indirect
 )
 
 require (
@@ -48,11 +46,11 @@ require (
 
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cespare/xxhash/v2 v2.1.2 // indirect
-	github.com/google/go-cmp v0.5.8 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect
 	github.com/prometheus/common v0.32.1 // indirect
 	github.com/prometheus/procfs v0.7.3 // indirect
 	github.com/stretchr/testify v1.8.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 // indirect
 )
diff --git a/go.sum b/go.sum
diff --git a/vendor/github.com/cespare/xxhash/v2/README.md b/vendor/github.com/cespare/xxhash/v2/README.md
diff --git a/vendor/github.com/cespare/xxhash/v2/testall.sh b/vendor/github.com/cespare/xxhash/v2/testall.sh
diff --git a/vendor/github.com/cespare/xxhash/v2/xxhash.go b/vendor/github.com/cespare/xxhash/v2/xxhash.go