Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): bumped dependencies versions to resolve CVEs #13789

Merged
merged 2 commits into from
Aug 7, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .devcontainer/devcontainer.json
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"image": "grafana/loki-build-image:0.33.1",
"image": "grafana/loki-build-image:0.33.5",
"containerEnv": {
"BUILD_IN_CONTAINER": "false"
},
Expand Down
6 changes: 3 additions & 3 deletions .drone/drone.yml
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@ steps:
depends_on:
- clone
environment: {}
image: grafana/loki-build-image:0.33.3
image: grafana/loki-build-image:0.33.5
name: documentation-helm-reference-check
trigger:
ref:
Expand Down Expand Up @@ -1085,7 +1085,7 @@ steps:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
image: grafana/loki-build-image:0.33.3
image: grafana/loki-build-image:0.33.5
name: build and push
privileged: true
volumes:
Expand Down Expand Up @@ -1308,6 +1308,6 @@ kind: secret
name: gpg_private_key
---
kind: signature
hmac: 33b9d2962b6dfcf1136ef7602d29e3f32f03b0d90dfd579652cbaf0a4ef2de4b
hmac: 8a2db8460244184bb92d99cfe9a366e0a1cce91034cfe3784436a2f178b976c7

...
2 changes: 1 addition & 1 deletion .github/workflows/check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"check":
"uses": "grafana/loki-release/.github/workflows/check.yml@main"
"with":
"build_image": "grafana/loki-build-image:0.33.3"
"build_image": "grafana/loki-build-image:0.33.5"
"golang_ci_lint_version": "v1.55.1"
"release_lib_ref": "main"
"skip_validation": false
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/minor-release-pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
check:
uses: "grafana/loki-release/.github/workflows/check.yml@main"
with:
build_image: "grafana/loki-build-image:0.33.3"
build_image: "grafana/loki-build-image:0.33.5"
golang_ci_lint_version: "v1.55.1"
release_lib_ref: "main"
skip_validation: false
Expand Down Expand Up @@ -141,7 +141,7 @@ jobs:
--env SKIP_ARM \
--volume .:/src/loki \
--workdir /src/loki \
--entrypoint /bin/sh "grafana/loki-build-image:0.33.3"
--entrypoint /bin/sh "grafana/loki-build-image:0.33.5"
git config --global --add safe.directory /src/loki
echo "${NFPM_SIGNING_KEY}" > $NFPM_SIGNING_KEY_FILE
make dist packages
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/patch-release-pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
check:
uses: "grafana/loki-release/.github/workflows/check.yml@main"
with:
build_image: "grafana/loki-build-image:0.33.3"
build_image: "grafana/loki-build-image:0.33.5"
golang_ci_lint_version: "v1.55.1"
release_lib_ref: "main"
skip_validation: false
Expand Down Expand Up @@ -141,7 +141,7 @@ jobs:
--env SKIP_ARM \
--volume .:/src/loki \
--workdir /src/loki \
--entrypoint /bin/sh "grafana/loki-build-image:0.33.3"
--entrypoint /bin/sh "grafana/loki-build-image:0.33.5"
git config --global --add safe.directory /src/loki
echo "${NFPM_SIGNING_KEY}" > $NFPM_SIGNING_KEY_FILE
make dist packages
Expand Down
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ DOCKER_IMAGE_DIRS := $(patsubst %/Dockerfile,%,$(DOCKERFILES))
BUILD_IN_CONTAINER ?= true

# ensure you run `make drone` and `make release-workflows` after changing this
BUILD_IMAGE_VERSION ?= 0.33.3
BUILD_IMAGE_VERSION ?= 0.33.5

# Docker image info
IMAGE_PREFIX ?= grafana
Expand Down
4 changes: 2 additions & 2 deletions clients/cmd/docker-driver/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
ARG BUILD_IMAGE=grafana/loki-build-image:0.33.2
ARG BUILD_IMAGE=grafana/loki-build-image:0.33.5
# Directories in this file are referenced from the root of the project not this folder
# This file is intended to be called from the root like so:
# docker build -t grafana/loki -f cmd/loki/Dockerfile .
Expand All @@ -9,7 +9,7 @@ COPY . /src/loki
WORKDIR /src/loki
RUN make clean && make BUILD_IN_CONTAINER=false clients/cmd/docker-driver/docker-driver

FROM alpine:3.18.5
FROM alpine:3.20.2
RUN apk add --update --no-cache ca-certificates tzdata
COPY --from=build /src/loki/clients/cmd/docker-driver/docker-driver /bin/docker-driver
WORKDIR /bin/
Expand Down
2 changes: 1 addition & 1 deletion clients/cmd/promtail/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.22.2-bookworm as build
FROM golang:1.22.5-bookworm as build

COPY . /src/loki
WORKDIR /src/loki
Expand Down
2 changes: 1 addition & 1 deletion clients/cmd/promtail/Dockerfile.arm32
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.22.2-bookworm as build
FROM golang:1.22.5-bookworm as build

COPY . /src/loki
WORKDIR /src/loki
Expand Down
2 changes: 1 addition & 1 deletion clients/cmd/promtail/Dockerfile.cross
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
ARG BUILD_IMAGE=grafana/loki-build-image:0.33.2
ARG BUILD_IMAGE=grafana/loki-build-image:0.33.5
# Directories in this file are referenced from the root of the project not this folder
# This file is intended to be called from the root like so:
# docker build -t grafana/promtail -f clients/cmd/promtail/Dockerfile .
Expand Down
4 changes: 2 additions & 2 deletions clients/cmd/promtail/Dockerfile.debug
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@
# This file is intended to be called from the root like so:
# docker build -t grafana/promtail -f clients/cmd/promtail/Dockerfile.debug .

FROM grafana/loki-build-image:0.33.2 as build
FROM grafana/loki-build-image:0.33.5 as build
ARG GOARCH="amd64"
COPY . /src/loki
WORKDIR /src/loki
RUN make clean && make BUILD_IN_CONTAINER=false PROMTAIL_JOURNAL_ENABLED=true promtail-debug


FROM alpine:3.18.5
FROM alpine:3.20.2
RUN apk add --update --no-cache ca-certificates tzdata
COPY --from=build /src/loki/clients/cmd/promtail/promtail-debug /usr/bin/promtail-debug
COPY --from=build /usr/bin/dlv /usr/bin/dlv
Expand Down
4 changes: 2 additions & 2 deletions cmd/logcli/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
FROM golang:1.22.2 as build
FROM golang:1.22.5 as build

COPY . /src/loki
WORKDIR /src/loki
RUN make clean && make BUILD_IN_CONTAINER=false logcli

FROM alpine:3.18.5
FROM alpine:3.20.2

RUN apk add --no-cache ca-certificates

Expand Down
4 changes: 2 additions & 2 deletions cmd/logql-analyzer/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
FROM golang:1.22.2 as build
FROM golang:1.22.5 as build

COPY . /src/loki
WORKDIR /src/loki
RUN make clean && CGO_ENABLED=0 go build ./cmd/logql-analyzer/

FROM alpine:3.18.5
FROM alpine:3.20.2

RUN apk add --no-cache ca-certificates

Expand Down
4 changes: 2 additions & 2 deletions cmd/loki-canary-boringcrypto/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
FROM golang:1.22.2 as build
FROM golang:1.22.5 as build

COPY . /src/loki
WORKDIR /src/loki
RUN go env GOARCH > /goarch
RUN make clean && make GOARCH=$(cat /goarch) BUILD_IN_CONTAINER=true GOEXPERIMENT=boringcrypto loki-canary-boringcrypto

FROM alpine:3.18.5
FROM alpine:3.20.2
RUN apk add --update --no-cache ca-certificates
RUN apk add --no-cache libc6-compat
COPY --from=build /src/loki/cmd/loki-canary-boringcrypto/loki-canary-boringcrypto /usr/bin/loki-canary
Expand Down
4 changes: 2 additions & 2 deletions cmd/loki-canary/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
FROM golang:1.22.2 as build
FROM golang:1.22.5 as build

COPY . /src/loki
WORKDIR /src/loki
RUN make clean && make BUILD_IN_CONTAINER=false loki-canary

FROM alpine:3.18.5
FROM alpine:3.20.2
RUN apk add --update --no-cache ca-certificates
COPY --from=build /src/loki/cmd/loki-canary/loki-canary /usr/bin/loki-canary
ENTRYPOINT [ "/usr/bin/loki-canary" ]
6 changes: 3 additions & 3 deletions cmd/loki-canary/Dockerfile.cross
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
ARG BUILD_IMAGE=grafana/loki-build-image:0.33.2
ARG BUILD_IMAGE=grafana/loki-build-image:0.33.5
# Directories in this file are referenced from the root of the project not this folder
# This file is intended to be called from the root like so:
# docker build -t grafana/promtail -f cmd/promtail/Dockerfile .
FROM golang:1.22.2-alpine as goenv
FROM golang:1.22.5-alpine as goenv
RUN go env GOARCH > /goarch && \
go env GOARM > /goarm

Expand All @@ -12,7 +12,7 @@ COPY . /src/loki
WORKDIR /src/loki
RUN make clean && GOARCH=$(cat /goarch) GOARM=$(cat /goarm) make BUILD_IN_CONTAINER=false loki-canary

FROM alpine:3.18.5
FROM alpine:3.20.2
RUN apk add --update --no-cache ca-certificates
COPY --from=build /src/loki/cmd/loki-canary/loki-canary /usr/bin/loki-canary
ENTRYPOINT [ "/usr/bin/loki-canary" ]
4 changes: 2 additions & 2 deletions cmd/loki/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
FROM golang:1.22.2 as build
FROM golang:1.22.5 as build

COPY . /src/loki
WORKDIR /src/loki
RUN make clean && make BUILD_IN_CONTAINER=false loki

FROM alpine:3.18.5
FROM alpine:3.20.2

RUN apk add --no-cache ca-certificates libcap

Expand Down
6 changes: 3 additions & 3 deletions cmd/loki/Dockerfile.cross
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
ARG BUILD_IMAGE=grafana/loki-build-image:0.33.2
ARG BUILD_IMAGE=grafana/loki-build-image:0.33.5
# Directories in this file are referenced from the root of the project not this folder
# This file is intended to be called from the root like so:
# docker build -t grafana/loki -f cmd/loki/Dockerfile .
FROM golang:1.22.2-alpine as goenv
FROM golang:1.22.5-alpine as goenv
RUN go env GOARCH > /goarch && \
go env GOARM > /goarm

Expand All @@ -12,7 +12,7 @@ COPY . /src/loki
WORKDIR /src/loki
RUN make clean && GOARCH=$(cat /goarch) GOARM=$(cat /goarm) make BUILD_IN_CONTAINER=false loki

FROM alpine:3.18.5
FROM alpine:3.20.2

RUN apk add --no-cache ca-certificates

Expand Down
6 changes: 3 additions & 3 deletions cmd/loki/Dockerfile.debug
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
ARG BUILD_IMAGE=grafana/loki-build-image:0.33.2
ARG BUILD_IMAGE=grafana/loki-build-image:0.33.5
# Directories in this file are referenced from the root of the project not this folder
# This file is intended to be called from the root like so:
# docker build -t grafana/loki -f cmd/loki/Dockerfile.debug .

FROM golang:1.22.2-alpine as goenv
FROM golang:1.22.5-alpine as goenv
RUN go env GOARCH > /goarch && \
go env GOARM > /goarm && \
go install github.com/go-delve/delve/cmd/dlv@latest
Expand All @@ -15,7 +15,7 @@ WORKDIR /src/loki
RUN make clean && \
GOARCH=$(cat /goarch) GOARM=$(cat /goarm) make BUILD_IN_CONTAINER=false loki-debug

FROM alpine:3.18.5
FROM alpine:3.20.2
RUN apk add --update --no-cache ca-certificates
COPY --from=build /src/loki/cmd/loki/loki-debug /usr/bin/loki-debug
COPY --from=goenv /go/bin/dlv /usr/bin/dlv
Expand Down
4 changes: 2 additions & 2 deletions cmd/migrate/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
FROM golang:1.22.2 as build
FROM golang:1.22.5 as build
COPY . /src/loki
WORKDIR /src/loki
RUN make clean && make BUILD_IN_CONTAINER=false migrate

FROM alpine:3.18.5
FROM alpine:3.20.2
RUN apk add --update --no-cache ca-certificates
COPY --from=build /src/loki/cmd/migrate/migrate /usr/bin/migrate
#ENTRYPOINT [ "/usr/bin/migrate" ]
Expand Down
4 changes: 2 additions & 2 deletions cmd/querytee/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
FROM golang:1.22.2 as build
FROM golang:1.22.5 as build

COPY . /src/loki
WORKDIR /src/loki
RUN make clean && make BUILD_IN_CONTAINER=false loki-querytee

FROM alpine:3.18.5
FROM alpine:3.20.2
RUN apk add --update --no-cache ca-certificates
COPY --from=build /src/loki/cmd/querytee/querytee /usr/bin/querytee
ENTRYPOINT [ "/usr/bin/querytee" ]
6 changes: 3 additions & 3 deletions cmd/querytee/Dockerfile.cross
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
ARG BUILD_IMAGE=grafana/loki-build-image:0.33.2
ARG BUILD_IMAGE=grafana/loki-build-image:0.33.5
# Directories in this file are referenced from the root of the project not this folder
# This file is intended to be called from the root like so:
# docker build -t grafana/promtail -f cmd/promtail/Dockerfile .
FROM golang:1.22.2-alpine as goenv
FROM golang:1.22.5-alpine as goenv
RUN go env GOARCH > /goarch && \
go env GOARM > /goarm

Expand All @@ -12,7 +12,7 @@ COPY . /src/loki
WORKDIR /src/loki
RUN make clean && GOARCH=$(cat /goarch) GOARM=$(cat /goarm) make BUILD_IN_CONTAINER=false loki-querytee

FROM alpine:3.18.5
FROM alpine:3.20.2
RUN apk add --update --no-cache ca-certificates
COPY --from=build /src/loki/cmd/querytee/querytee /usr/bin/querytee
ENTRYPOINT [ "/usr/bin/querytee" ]
26 changes: 13 additions & 13 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -99,10 +99,10 @@ require (
go.etcd.io/bbolt v1.3.6
go.uber.org/atomic v1.11.0
go.uber.org/goleak v1.3.0
golang.org/x/crypto v0.21.0
golang.org/x/net v0.23.0
golang.org/x/sync v0.6.0
golang.org/x/sys v0.20.0
golang.org/x/crypto v0.24.0
golang.org/x/net v0.26.0
golang.org/x/sync v0.7.0
golang.org/x/sys v0.21.0
golang.org/x/time v0.5.0
google.golang.org/api v0.168.0
google.golang.org/grpc v1.62.1
Expand Down Expand Up @@ -142,7 +142,7 @@ require (
go4.org/netipx v0.0.0-20230125063823-8449b0a6169f
golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8
golang.org/x/oauth2 v0.18.0
golang.org/x/text v0.15.0
golang.org/x/text v0.16.0
google.golang.org/protobuf v1.33.0
gotest.tools v2.2.0+incompatible
k8s.io/apimachinery v0.29.2
Expand All @@ -169,9 +169,9 @@ require (
cloud.google.com/go/iam v1.1.6 // indirect
cloud.google.com/go/longrunning v0.5.5 // indirect
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 // indirect
github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 // indirect
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.5.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4 v4.3.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.5.1 // indirect
Expand All @@ -181,7 +181,7 @@ require (
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
github.com/Azure/go-autorest/logger v0.2.1 // indirect
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect
github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
github.com/Code-Hex/go-generics-cache v1.3.1 // indirect
github.com/Masterminds/goutils v1.1.1 // indirect
github.com/Masterminds/semver/v3 v3.2.0 // indirect
Expand Down Expand Up @@ -248,7 +248,7 @@ require (
github.com/go-zookeeper/zk v1.0.3 // indirect
github.com/gofrs/flock v0.8.1 // indirect
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
github.com/golang-jwt/jwt/v5 v5.2.0 // indirect
github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/google/btree v1.1.2 // indirect
github.com/google/gnostic-models v0.6.8 // indirect
Expand Down Expand Up @@ -337,9 +337,9 @@ require (
go.opentelemetry.io/otel/trace v1.24.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.21.0 // indirect
golang.org/x/mod v0.16.0 // indirect
golang.org/x/term v0.18.0 // indirect
golang.org/x/tools v0.19.0 // indirect
golang.org/x/mod v0.17.0 // indirect
golang.org/x/term v0.21.0 // indirect
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
google.golang.org/appengine v1.6.8 // indirect
google.golang.org/genproto v0.0.0-20240205150955-31a09d347014 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240304212257-790db918fca8 // indirect
Expand Down
Loading
Loading