From a64649dd05e26c0af3e7a35eae0d47b428efc565 Mon Sep 17 00:00:00 2001
From: "Tais P. Hansen" <taisph@users.noreply.github.com>
Date: Tue, 16 Apr 2024 11:54:36 +0200
Subject: [PATCH] chore: upgrade redis to 7.0.15 (#17668)

Upgrade to latest stable 7.0.x version to fix CVEs:

CVE-2023-41056
CVE-2023-45145
CVE-2023-41053
CVE-2022-24834
CVE-2023-36824

Signed-off-by: Tais P. Hansen <taishansen@gmail.com>
---
 .github/workflows/ci-build.yaml                   | 2 +-
 manifests/base/redis/argocd-redis-deployment.yaml | 2 +-
 manifests/core-install.yaml                       | 2 +-
 manifests/ha/base/redis-ha/chart/upstream.yaml    | 8 ++++----
 manifests/ha/base/redis-ha/chart/values.yaml      | 2 +-
 manifests/ha/install.yaml                         | 8 ++++----
 manifests/ha/namespace-install.yaml               | 8 ++++----
 manifests/install.yaml                            | 2 +-
 manifests/namespace-install.yaml                  | 2 +-
 9 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
index 0ee9cb2f7155d..1d7f0515f1f3b 100644
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -428,7 +428,7 @@ jobs:
         run: |
           docker pull ghcr.io/dexidp/dex:v2.37.0
           docker pull argoproj/argo-cd-ci-builder:v1.0.0
-          docker pull redis:7.0.11-alpine
+          docker pull redis:7.0.15-alpine
       - name: Create target directory for binaries in the build-process
         run: |
           mkdir -p dist
diff --git a/manifests/base/redis/argocd-redis-deployment.yaml b/manifests/base/redis/argocd-redis-deployment.yaml
index 8d649e3995ebc..bcbe729ac6d00 100644
--- a/manifests/base/redis/argocd-redis-deployment.yaml
+++ b/manifests/base/redis/argocd-redis-deployment.yaml
@@ -23,7 +23,7 @@ spec:
       serviceAccountName: argocd-redis        
       containers:
       - name: redis
-        image: redis:7.0.11-alpine
+        image: redis:7.0.15-alpine
         imagePullPolicy: Always
         args:
         - "--save"
diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml
index a7bf78aad323b..669e88045aef7 100644
--- a/manifests/core-install.yaml
+++ b/manifests/core-install.yaml
@@ -18969,7 +18969,7 @@ spec:
         - ""
         - --appendonly
         - "no"
-        image: redis:7.0.11-alpine
+        image: redis:7.0.15-alpine
         imagePullPolicy: Always
         name: redis
         ports:
diff --git a/manifests/ha/base/redis-ha/chart/upstream.yaml b/manifests/ha/base/redis-ha/chart/upstream.yaml
index 004c8773f284f..a94bba0f09062 100644
--- a/manifests/ha/base/redis-ha/chart/upstream.yaml
+++ b/manifests/ha/base/redis-ha/chart/upstream.yaml
@@ -1191,7 +1191,7 @@ spec:
       automountServiceAccountToken: false
       initContainers:
       - name: config-init
-        image: redis:7.0.11-alpine
+        image: redis:7.0.15-alpine
         imagePullPolicy: IfNotPresent
         resources:
           {}
@@ -1225,7 +1225,7 @@ spec:
 
       containers:
       - name: redis
-        image: redis:7.0.11-alpine
+        image: redis:7.0.15-alpine
         imagePullPolicy: IfNotPresent
         command:
         - redis-server
@@ -1282,7 +1282,7 @@ spec:
               - /bin/sh
               - /readonly-config/trigger-failover-if-master.sh
       - name: sentinel
-        image: redis:7.0.11-alpine
+        image: redis:7.0.15-alpine
         imagePullPolicy: IfNotPresent
         command:
           - redis-sentinel
@@ -1333,7 +1333,7 @@ spec:
           {}
 
       - name: split-brain-fix
-        image: redis:7.0.11-alpine
+        image: redis:7.0.15-alpine
         imagePullPolicy: IfNotPresent
         command:
           - sh
diff --git a/manifests/ha/base/redis-ha/chart/values.yaml b/manifests/ha/base/redis-ha/chart/values.yaml
index d30c4bc31bb80..3fe3647c0b4a4 100644
--- a/manifests/ha/base/redis-ha/chart/values.yaml
+++ b/manifests/ha/base/redis-ha/chart/values.yaml
@@ -18,7 +18,7 @@ redis-ha:
       client: 6m
     checkInterval: 3s
   image:
-    tag: 7.0.11-alpine
+    tag: 7.0.15-alpine
   containerSecurityContext: null
   sentinel:
     bind: "0.0.0.0"
diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml
index a7215bc769b0a..4f2b70e7ef264 100644
--- a/manifests/ha/install.yaml
+++ b/manifests/ha/install.yaml
@@ -21318,7 +21318,7 @@ spec:
         - /data/conf/redis.conf
         command:
         - redis-server
-        image: redis:7.0.11-alpine
+        image: redis:7.0.15-alpine
         imagePullPolicy: IfNotPresent
         lifecycle:
           preStop:
@@ -21372,7 +21372,7 @@ spec:
         - /data/conf/sentinel.conf
         command:
         - redis-sentinel
-        image: redis:7.0.11-alpine
+        image: redis:7.0.15-alpine
         imagePullPolicy: IfNotPresent
         lifecycle: {}
         livenessProbe:
@@ -21425,7 +21425,7 @@ spec:
           value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
         - name: SENTINEL_ID_2
           value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
-        image: redis:7.0.11-alpine
+        image: redis:7.0.15-alpine
         imagePullPolicy: IfNotPresent
         name: split-brain-fix
         resources: {}
@@ -21455,7 +21455,7 @@ spec:
           value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
         - name: SENTINEL_ID_2
           value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
-        image: redis:7.0.11-alpine
+        image: redis:7.0.15-alpine
         imagePullPolicy: IfNotPresent
         name: config-init
         securityContext:
diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml
index 1b1d99695cc31..c6bc2b2fa892c 100644
--- a/manifests/ha/namespace-install.yaml
+++ b/manifests/ha/namespace-install.yaml
@@ -2830,7 +2830,7 @@ spec:
         - /data/conf/redis.conf
         command:
         - redis-server
-        image: redis:7.0.11-alpine
+        image: redis:7.0.15-alpine
         imagePullPolicy: IfNotPresent
         lifecycle:
           preStop:
@@ -2884,7 +2884,7 @@ spec:
         - /data/conf/sentinel.conf
         command:
         - redis-sentinel
-        image: redis:7.0.11-alpine
+        image: redis:7.0.15-alpine
         imagePullPolicy: IfNotPresent
         lifecycle: {}
         livenessProbe:
@@ -2937,7 +2937,7 @@ spec:
           value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
         - name: SENTINEL_ID_2
           value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
-        image: redis:7.0.11-alpine
+        image: redis:7.0.15-alpine
         imagePullPolicy: IfNotPresent
         name: split-brain-fix
         resources: {}
@@ -2967,7 +2967,7 @@ spec:
           value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
         - name: SENTINEL_ID_2
           value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
-        image: redis:7.0.11-alpine
+        image: redis:7.0.15-alpine
         imagePullPolicy: IfNotPresent
         name: config-init
         securityContext:
diff --git a/manifests/install.yaml b/manifests/install.yaml
index 70ca5b2b80341..aad22c38a7fa9 100644
--- a/manifests/install.yaml
+++ b/manifests/install.yaml
@@ -19500,7 +19500,7 @@ spec:
         - ""
         - --appendonly
         - "no"
-        image: redis:7.0.11-alpine
+        image: redis:7.0.15-alpine
         imagePullPolicy: Always
         name: redis
         ports:
diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml
index 19884213f0f67..e7c880e73f785 100644
--- a/manifests/namespace-install.yaml
+++ b/manifests/namespace-install.yaml
@@ -1012,7 +1012,7 @@ spec:
         - ""
         - --appendonly
         - "no"
-        image: redis:7.0.11-alpine
+        image: redis:7.0.15-alpine
         imagePullPolicy: Always
         name: redis
         ports: