Skip to content

Commit

Permalink
fix(vuln): Updating event-exporter from 0.4.3 -> 0.4.4
Browse files Browse the repository at this point in the history
- bump bulder golang image to 1.20 to address various vuln;
- bump gopkg.in/yaml.v3 to 3.0.1 to address
  https://security-tracker.debian.org/tracker/CVE-2022-28948
  • Loading branch information
erain committed Sep 18, 2023
1 parent 63b0223 commit 81559f8
Show file tree
Hide file tree
Showing 7 changed files with 80 additions and 20 deletions.
2 changes: 1 addition & 1 deletion event-exporter/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

FROM --platform=$BUILDPLATFORM golang:1.19 as builder
FROM --platform=$BUILDPLATFORM golang:1.20 as builder
WORKDIR ${GOPATH}/src/github.com/GoogleCloudPlatform/k8s-stackdriver/event-exporter
COPY . ./

Expand Down
2 changes: 1 addition & 1 deletion event-exporter/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ ALL_ARCH=amd64 arm64
IMAGE_NAME = event-exporter

PREFIX ?= staging-k8s.gcr.io
TAG ?= v0.4.3
TAG ?= v0.4.4

IMAGE=$(PREFIX)/$(IMAGE_NAME)

Expand Down
2 changes: 1 addition & 1 deletion event-exporter/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ require (
google.golang.org/protobuf v1.27.1 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/klog/v2 v2.40.1 // indirect
k8s.io/kube-openapi v0.0.0-20220124234850-424119656bbf // indirect
k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect
Expand Down
3 changes: 2 additions & 1 deletion event-exporter/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -785,8 +785,9 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
Expand Down
78 changes: 64 additions & 14 deletions event-exporter/vendor/gopkg.in/yaml.v3/decode.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

11 changes: 10 additions & 1 deletion event-exporter/vendor/gopkg.in/yaml.v3/parserc.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion event-exporter/vendor/modules.txt
Original file line number Diff line number Diff line change
Expand Up @@ -256,7 +256,7 @@ gopkg.in/inf.v0
# gopkg.in/yaml.v2 v2.4.0
## explicit; go 1.15
gopkg.in/yaml.v2
# gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
# gopkg.in/yaml.v3 v3.0.1
## explicit
gopkg.in/yaml.v3
# k8s.io/api v0.23.4
Expand Down

0 comments on commit 81559f8

Please sign in to comment.