From cd592f15165db6b5a5153eb3f7f0adf38a47569a Mon Sep 17 00:00:00 2001 From: Masashi Honma Date: Fri, 31 Jan 2025 13:22:54 +0900 Subject: [PATCH] Bump golang from 1.23.4 to 1.23.5 to fix vulnerabilities. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is the scan result of Trivy. usr/local/bin/kube-bench (gobinary) Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 0) ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────────────────┬──────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├─────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ stdlib │ CVE-2024-45336 │ MEDIUM │ fixed │ v1.23.4 │ 1.22.11, 1.23.5, 1.24.0-rc2 │ golang: net/http: net/http: sensitive headers incorrectly │ │ │ │ │ │ │ │ sent after cross-domain redirect │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-45336 │ │ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤ │ │ CVE-2024-45341 │ │ │ │ │ golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can │ │ │ │ │ │ │ │ bypass URI name... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-45341 │ └─────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────────────────┴──────────────────────────────────────────────────────────────┘ Signed-off-by: Masashi Honma --- .github/workflows/build.yml | 2 +- Dockerfile | 2 +- Dockerfile.fips.ubi | 2 +- Dockerfile.ubi | 2 +- go.mod | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8bdbc0782..718384277 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,7 +14,7 @@ on: - "LICENSE" - "NOTICE" env: - GO_VERSION: "1.23.4" + GO_VERSION: "1.23.5" KIND_VERSION: "v0.11.1" KIND_IMAGE: "kindest/node:v1.21.1@sha256:69860bda5563ac81e3c0057d654b5253219618a22ec3a346306239bba8cfa1a6" diff --git a/Dockerfile b/Dockerfile index bbf5e909b..95a2c8735 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.4 AS build +FROM golang:1.23.5 AS build WORKDIR /go/src/github.com/aquasecurity/kube-bench/ COPY makefile makefile COPY go.mod go.sum ./ diff --git a/Dockerfile.fips.ubi b/Dockerfile.fips.ubi index 336818ce2..01a8dd198 100644 --- a/Dockerfile.fips.ubi +++ b/Dockerfile.fips.ubi @@ -1,4 +1,4 @@ -FROM golang:1.23.4 AS build +FROM golang:1.23.5 AS build WORKDIR /go/src/github.com/aquasecurity/kube-bench/ COPY makefile makefile COPY go.mod go.sum ./ diff --git a/Dockerfile.ubi b/Dockerfile.ubi index 5fd1fbd3a..eec99d188 100644 --- a/Dockerfile.ubi +++ b/Dockerfile.ubi @@ -1,4 +1,4 @@ -FROM golang:1.23.4 AS build +FROM golang:1.23.5 AS build WORKDIR /go/src/github.com/aquasecurity/kube-bench/ COPY makefile makefile COPY go.mod go.sum ./ diff --git a/go.mod b/go.mod index 7d65387e2..b1568689e 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/aquasecurity/kube-bench -go 1.23.4 +go 1.23.5 require ( github.com/aws/aws-sdk-go-v2 v1.32.8