From 77a22047a37e974b7a12535f9d3b7667261c3a7a Mon Sep 17 00:00:00 2001 From: Ye Cao Date: Sun, 17 Mar 2024 18:01:11 +0800 Subject: [PATCH] Bump up golang to v1.22 and fix security issues. (#112) --- .github/workflows/go.yml | 26 +++++++++++++------------- CHANGES.md | 2 ++ adapter/Dockerfile | 2 +- adapter/dist/LICENSE | 2 +- adapter/go.mod | 6 +++--- adapter/go.sum | 4 ++-- hack/build/module.mk | 2 +- operator/Dockerfile | 2 +- operator/dist/LICENSE | 6 +++--- operator/go.mod | 10 +++++----- operator/go.sum | 12 ++++++------ 11 files changed, 38 insertions(+), 36 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 0e52030a..e647d9a4 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -34,7 +34,7 @@ jobs: - name: Install Go uses: actions/setup-go@v3 with: - go-version: '1.21' + go-version: '1.22' id: go - name: Check out code into the Go module directory uses: actions/checkout@v3 @@ -49,7 +49,7 @@ jobs: - name: Install Go uses: actions/setup-go@v3 with: - go-version: '1.21' + go-version: '1.22' - name: Check out code into the Go module directory uses: actions/checkout@v3 - name: Build @@ -63,7 +63,7 @@ jobs: - name: Install Go uses: actions/setup-go@v3 with: - go-version: '1.21' + go-version: '1.22' id: go - name: Check out code into the Go module directory uses: actions/checkout@v3 @@ -78,7 +78,7 @@ jobs: - name: Install Go uses: actions/setup-go@v3 with: - go-version: '1.21' + go-version: '1.22' id: go - name: Check out code into the Go module directory uses: actions/checkout@v3 @@ -93,7 +93,7 @@ jobs: - name: Install Go uses: actions/setup-go@v3 with: - go-version: '1.21' + go-version: '1.22' id: go - name: Check out code into the Go module directory uses: actions/checkout@v3 @@ -108,7 +108,7 @@ jobs: - name: Install Go uses: actions/setup-go@v3 with: - go-version: '1.21' + go-version: '1.22' id: go - name: Check out code into the Go module directory uses: actions/checkout@v3 @@ -123,7 +123,7 @@ jobs: - name: Install Go uses: actions/setup-go@v3 with: - go-version: '1.21' + go-version: '1.22' id: go - name: Check out code into the Go module directory uses: actions/checkout@v3 @@ -144,7 +144,7 @@ jobs: - name: Install Go uses: actions/setup-go@v3 with: - go-version: '1.21' + go-version: '1.22' id: go - name: Check out code into the Go module directory uses: actions/checkout@v3 @@ -159,7 +159,7 @@ jobs: - name: Install Go uses: actions/setup-go@v3 with: - go-version: '1.21' + go-version: '1.22' id: go - name: Check out code into the Go module directory uses: actions/checkout@v3 @@ -174,7 +174,7 @@ jobs: - name: Install Go uses: actions/setup-go@v3 with: - go-version: '1.21' + go-version: '1.22' id: go - name: Check out code into the Go module directory uses: actions/checkout@v3 @@ -189,7 +189,7 @@ jobs: - name: Install Go uses: actions/setup-go@v3 with: - go-version: '1.21' + go-version: '1.22' id: go - name: Check out code into the Go module directory uses: actions/checkout@v3 @@ -204,7 +204,7 @@ jobs: - name: Install Go uses: actions/setup-go@v3 with: - go-version: '1.21' + go-version: '1.22' id: go - name: Check out code into the Go module directory uses: actions/checkout@v3 @@ -219,7 +219,7 @@ jobs: - name: Install Go uses: actions/setup-go@v3 with: - go-version: '1.21' + go-version: '1.22' id: go - name: Check out code into the Go module directory uses: actions/checkout@v3 diff --git a/CHANGES.md b/CHANGES.md index ac97a96e..b2bff9e0 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -15,6 +15,8 @@ Release Notes. #### Chores - Bump up custom-metrics-apiserver +- Bump up golang to v1.22 +- Bump up controller-gen to v0.14.0 0.8.0 ------------------ diff --git a/adapter/Dockerfile b/adapter/Dockerfile index f4a0f2e1..4af2f219 100644 --- a/adapter/Dockerfile +++ b/adapter/Dockerfile @@ -14,7 +14,7 @@ # limitations under the License. # Build the manager binary -FROM golang:1.21 as builder +FROM golang:1.22 as builder WORKDIR /workspace # Copy the Go Modules manifests diff --git a/adapter/dist/LICENSE b/adapter/dist/LICENSE index 13a71790..a4862c47 100644 --- a/adapter/dist/LICENSE +++ b/adapter/dist/LICENSE @@ -105,7 +105,7 @@ BSD-3-Clause licenses golang.org/x/text v0.14.0 BSD-3-Clause golang.org/x/time v0.5.0 BSD-3-Clause golang.org/x/tools v0.17.0 BSD-3-Clause - google.golang.org/protobuf v1.32.0 BSD-3-Clause + google.golang.org/protobuf v1.33.0 BSD-3-Clause gopkg.in/inf.v0 v0.9.1 BSD-3-Clause ======================================================================== diff --git a/adapter/go.mod b/adapter/go.mod index bd96aeae..3f300305 100644 --- a/adapter/go.mod +++ b/adapter/go.mod @@ -1,8 +1,8 @@ module github.com/apache/skywalking-swck/adapter -go 1.21 +go 1.22 -toolchain go1.21.1 +toolchain go1.22.1 require ( github.com/apache/skywalking-cli v0.0.0-20210209032327-04a0ce08990f @@ -98,7 +98,7 @@ require ( google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe // indirect google.golang.org/grpc v1.61.0 // indirect - google.golang.org/protobuf v1.32.0 // indirect + google.golang.org/protobuf v1.33.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/adapter/go.sum b/adapter/go.sum index 33e7b254..6e9124f6 100644 --- a/adapter/go.sum +++ b/adapter/go.sum @@ -981,8 +981,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= -google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/hack/build/module.mk b/hack/build/module.mk index d30bfc30..472dfcc2 100644 --- a/hack/build/module.mk +++ b/hack/build/module.mk @@ -23,7 +23,7 @@ tool_bin := $(root_dir)/bin include $(root_dir)/hack/build/base.mk -CONTROLLER_GEN_VERSION := v0.7.0 +CONTROLLER_GEN_VERSION := v0.14.0 KUSTOMIZE_VERSION := v4.5.6 GOLANGCI_LINT_VERSION := v1.53.3 diff --git a/operator/Dockerfile b/operator/Dockerfile index f545ca6e..967a77ee 100644 --- a/operator/Dockerfile +++ b/operator/Dockerfile @@ -14,7 +14,7 @@ # limitations under the License. # Build the manager binary -FROM golang:1.21 as builder +FROM golang:1.22 as builder WORKDIR /workspace # Copy the Go Modules manifests diff --git a/operator/dist/LICENSE b/operator/dist/LICENSE index e23ee600..16b0b7d3 100644 --- a/operator/dist/LICENSE +++ b/operator/dist/LICENSE @@ -234,15 +234,15 @@ BSD-3-Clause licenses github.com/imdario/mergo v0.3.12 BSD-3-Clause github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 BSD-3-Clause github.com/spf13/pflag v1.0.5 BSD-3-Clause - golang.org/x/crypto v0.16.0 BSD-3-Clause + golang.org/x/crypto v0.18.0 BSD-3-Clause golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e BSD-3-Clause golang.org/x/net v0.19.0 BSD-3-Clause golang.org/x/oauth2 v0.12.0 BSD-3-Clause golang.org/x/sys v0.16.0 BSD-3-Clause - golang.org/x/term v0.15.0 BSD-3-Clause + golang.org/x/term v0.16.0 BSD-3-Clause golang.org/x/text v0.14.0 BSD-3-Clause golang.org/x/time v0.3.0 BSD-3-Clause - google.golang.org/protobuf v1.31.0 BSD-3-Clause + google.golang.org/protobuf v1.33.0 BSD-3-Clause gopkg.in/inf.v0 v0.9.1 BSD-3-Clause software.sslmate.com/src/go-pkcs12 v0.0.0-20210415151418-c5206de65a78 BSD-3-Clause diff --git a/operator/go.mod b/operator/go.mod index 4662851e..cfb81980 100644 --- a/operator/go.mod +++ b/operator/go.mod @@ -1,8 +1,8 @@ module github.com/apache/skywalking-swck/operator -go 1.21 +go 1.22 -toolchain go1.21.1 +toolchain go1.22.1 require ( github.com/Masterminds/sprig/v3 v3.1.0 @@ -58,17 +58,17 @@ require ( github.com/spf13/pflag v1.0.5 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect - golang.org/x/crypto v0.16.0 // indirect + golang.org/x/crypto v0.18.0 // indirect golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect golang.org/x/net v0.19.0 // indirect golang.org/x/oauth2 v0.12.0 // indirect golang.org/x/sys v0.16.0 // indirect - golang.org/x/term v0.15.0 // indirect + golang.org/x/term v0.16.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/protobuf v1.31.0 // indirect + google.golang.org/protobuf v1.33.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/apiextensions-apiserver v0.29.0 // indirect diff --git a/operator/go.sum b/operator/go.sum index 6beb1ae1..a81390c0 100644 --- a/operator/go.sum +++ b/operator/go.sum @@ -140,8 +140,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= -golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY= -golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc= +golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e h1:+WEEuIdZHnUeJJmEUjyYC2gfUMj69yZXw17EnHg/otA= golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -166,8 +166,8 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= -golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= -golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= +golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE= +golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -191,8 +191,8 @@ google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= -google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=