Skip to content

Commit 813d9c0

Browse files
jdesouzajdesouza
authored
INS-1097: Fix CVE-2025-22874 for polaris (#1122)
* Bumping polaris libs * Fixing lint * Fixed vuln * Fixed vuln * Fixed vuln * Fixed vuln
1 parent d7d30ac commit 813d9c0

File tree

7 files changed

+120
-122
lines changed

7 files changed

+120
-122
lines changed

.circleci/config.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -120,7 +120,7 @@ jobs:
120120

121121
test:
122122
docker:
123-
- image: cimg/go:1.22
123+
- image: cimg/go:1.24.4
124124
steps:
125125
- checkout
126126
- *set_environment_variables
@@ -136,7 +136,7 @@ jobs:
136136
# The goreleaser image tag determins the version of Go.
137137
# Manually check goreleaser images for their version of Go.
138138
# Ref: https://hub.docker.com/r/goreleaser/goreleaser/tags
139-
- image: goreleaser/goreleaser:v2.3.2
139+
- image: goreleaser/goreleaser:v2.10.2
140140
steps:
141141
- checkout
142142
- setup_remote_docker

.github/actions/setup-polaris/Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# The action uses an own Dockerfile on purpose because the root Dockerfile takes way too long to build for an action
22

3-
FROM alpine:3.17
3+
FROM alpine:3.22
44

55
RUN apk add --no-cache \
66
bash \

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
FROM alpine:3.21
1+
FROM alpine:3.22
22

33
LABEL org.opencontainers.image.authors="FairwindsOps, Inc." \
44
org.opencontainers.image.vendor="FairwindsOps, Inc." \

go.mod

Lines changed: 33 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -1,83 +1,78 @@
11
module github.com/fairwindsops/polaris
22

3-
go 1.23.0
4-
5-
toolchain go1.23.4
3+
go 1.24.4
64

75
require (
86
github.com/AlecAivazis/survey/v2 v2.3.7
97
github.com/fairwindsops/controller-utils v0.3.4
10-
github.com/fairwindsops/insights-plugins/plugins/workloads v0.0.0-20241211185107-d14f77fb8b16
8+
github.com/fairwindsops/insights-plugins/plugins/workloads v0.0.0-20250613143236-883a20aaf1f1
119
github.com/fatih/color v1.18.0
1210
github.com/gorilla/mux v1.8.1
1311
github.com/pkg/errors v0.9.1
1412
github.com/qri-io/jsonschema v0.1.2
1513
github.com/sirupsen/logrus v1.9.3
16-
github.com/spf13/cobra v1.8.1
14+
github.com/spf13/cobra v1.9.1
1715
github.com/stretchr/testify v1.10.0
1816
github.com/thoas/go-funk v0.9.3
19-
gomodules.xyz/jsonpatch/v2 v2.4.0
17+
gomodules.xyz/jsonpatch/v2 v2.5.0
2018
gopkg.in/yaml.v3 v3.0.1
21-
k8s.io/api v0.32.3
22-
k8s.io/apimachinery v0.32.3
23-
k8s.io/client-go v0.32.3
24-
sigs.k8s.io/controller-runtime v0.20.4
19+
k8s.io/api v0.33.1
20+
k8s.io/apimachinery v0.33.1
21+
k8s.io/client-go v0.33.1
22+
sigs.k8s.io/controller-runtime v0.21.0
2523
sigs.k8s.io/yaml v1.4.0
2624
)
2725

2826
require (
2927
github.com/beorn7/perks v1.0.1 // indirect
3028
github.com/cespare/xxhash/v2 v2.3.0 // indirect
3129
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
32-
github.com/emicklei/go-restful/v3 v3.12.1 // indirect
30+
github.com/emicklei/go-restful/v3 v3.12.2 // indirect
3331
github.com/evanphx/json-patch/v5 v5.9.11 // indirect
34-
github.com/fsnotify/fsnotify v1.7.0 // indirect
35-
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
36-
github.com/go-logr/logr v1.4.2 // indirect
32+
github.com/fsnotify/fsnotify v1.9.0 // indirect
33+
github.com/fxamacker/cbor/v2 v2.8.0 // indirect
34+
github.com/go-logr/logr v1.4.3 // indirect
3735
github.com/go-logr/stdr v1.2.2 // indirect
38-
github.com/go-openapi/jsonpointer v0.21.0 // indirect
36+
github.com/go-openapi/jsonpointer v0.21.1 // indirect
3937
github.com/go-openapi/jsonreference v0.21.0 // indirect
40-
github.com/go-openapi/swag v0.23.0 // indirect
38+
github.com/go-openapi/swag v0.23.1 // indirect
4139
github.com/gogo/protobuf v1.3.2 // indirect
42-
github.com/golang/protobuf v1.5.4 // indirect
4340
github.com/google/gnostic-models v0.6.9 // indirect
44-
github.com/google/go-cmp v0.6.0 // indirect
45-
github.com/google/gofuzz v1.2.0 // indirect
41+
github.com/google/go-cmp v0.7.0 // indirect
4642
github.com/google/uuid v1.6.0 // indirect
4743
github.com/inconshreveable/mousetrap v1.1.0 // indirect
4844
github.com/josharian/intern v1.0.0 // indirect
4945
github.com/json-iterator/go v1.1.12 // indirect
5046
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
51-
github.com/klauspost/compress v1.17.11 // indirect
5247
github.com/mailru/easyjson v0.9.0 // indirect
53-
github.com/mattn/go-colorable v0.1.13 // indirect
48+
github.com/mattn/go-colorable v0.1.14 // indirect
5449
github.com/mattn/go-isatty v0.0.20 // indirect
5550
github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
5651
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
5752
github.com/modern-go/reflect2 v1.0.2 // indirect
5853
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
5954
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
60-
github.com/prometheus/client_golang v1.20.5 // indirect
61-
github.com/prometheus/client_model v0.6.1 // indirect
62-
github.com/prometheus/common v0.61.0 // indirect
63-
github.com/prometheus/procfs v0.15.1 // indirect
55+
github.com/prometheus/client_golang v1.22.0 // indirect
56+
github.com/prometheus/client_model v0.6.2 // indirect
57+
github.com/prometheus/common v0.64.0 // indirect
58+
github.com/prometheus/procfs v0.16.1 // indirect
6459
github.com/qri-io/jsonpointer v0.1.1 // indirect
65-
github.com/samber/lo v1.47.0 // indirect
66-
github.com/spf13/pflag v1.0.5 // indirect
60+
github.com/samber/lo v1.51.0 // indirect
61+
github.com/spf13/pflag v1.0.6 // indirect
6762
github.com/x448/float16 v0.8.4 // indirect
68-
golang.org/x/net v0.36.0 // indirect
69-
golang.org/x/oauth2 v0.24.0 // indirect
70-
golang.org/x/sys v0.30.0 // indirect
71-
golang.org/x/term v0.29.0 // indirect
72-
golang.org/x/text v0.22.0 // indirect
73-
golang.org/x/time v0.8.0 // indirect
74-
golang.org/x/tools v0.28.0 // indirect
75-
google.golang.org/protobuf v1.35.2 // indirect
63+
golang.org/x/net v0.41.0 // indirect
64+
golang.org/x/oauth2 v0.30.0 // indirect
65+
golang.org/x/sys v0.33.0 // indirect
66+
golang.org/x/term v0.32.0 // indirect
67+
golang.org/x/text v0.26.0 // indirect
68+
golang.org/x/time v0.12.0 // indirect
69+
google.golang.org/protobuf v1.36.6 // indirect
7670
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
7771
gopkg.in/inf.v0 v0.9.1 // indirect
7872
k8s.io/klog/v2 v2.130.1 // indirect
79-
k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect
80-
k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect
73+
k8s.io/kube-openapi v0.0.0-20250610211856-8b98d1ed966a // indirect
74+
k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect
8175
sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
82-
sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect
76+
sigs.k8s.io/randfill v1.0.0 // indirect
77+
sigs.k8s.io/structured-merge-diff/v4 v4.7.0 // indirect
8378
)

0 commit comments

Comments
 (0)