Skip to content

Commit

Permalink
chore: build with keda-tools:1.22.5
Browse files Browse the repository at this point in the history 
to resolve CVE-2024-24790, CVE-2024-24789, and CVE-2024-24791
bump github.com/Azure/azure-sdk-for-go/sdk/azidentity to resolve CVE-2024-35255

Signed-off-by: Paul Yu <[email protected]>
  • Loading branch information
@pauldotyu
pauldotyu committed Jul 22, 2024
1 parent 2b28e52 commit f911a56
Show file tree
Hide file tree
Showing 52 changed files with 961 additions and 215 deletions.
2 changes: 1 addition & 1 deletion .devcontainer/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
#-------------------------------------------------------------------------------------------------------------

FROM golang:1.21.9
FROM golang:1.22.5

# Avoid warnings by switching to noninteractive
ENV DEBIAN_FRONTEND=noninteractive
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/main-build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
id-token: write # needed for signing the images with GitHub OIDC Token **not production ready**

# keda-tools is built from github.com/test-tools/tools/Dockerfile
container: ghcr.io/kedacore/keda-tools:1.21.9
container: ghcr.io/kedacore/keda-tools:1.22.5
steps:
- name: Check out code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/pr-e2e.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ jobs:
needs: triage
runs-on: ubuntu-latest
name: Build images
container: ghcr.io/kedacore/keda-tools:1.21.9
container: ghcr.io/kedacore/keda-tools:1.22.5
if: needs.triage.outputs.run-e2e == 'true'
steps:
- name: Set status in-progress
Expand Down Expand Up @@ -148,7 +148,7 @@ jobs:
needs: [triage, build-test-images]
runs-on: e2e
name: Execute e2e tests
container: ghcr.io/kedacore/keda-tools:1.21.9
container: ghcr.io/kedacore/keda-tools:1.22.5
if: needs.triage.outputs.run-e2e == 'true'
steps:
- name: Set status in-progress
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/pr-validation.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ jobs:
validate:
name: validate - ${{ matrix.name }}
runs-on: ${{ matrix.runner }}
container: ghcr.io/kedacore/keda-tools:1.21.9
container: ghcr.io/kedacore/keda-tools:1.22.5
strategy:
matrix:
include:
Expand Down Expand Up @@ -77,9 +77,9 @@ jobs:
validate-dockerfiles:
name: validate-dockerfiles - ${{ matrix.name }}
runs-on: ${{ matrix.runner }}
container: ghcr.io/kedacore/keda-tools:1.21.9
container: ghcr.io/kedacore/keda-tools:1.22.5
strategy:
matrix:
matrix:
include:
- runner: ARM64
name: arm64
Expand Down Expand Up @@ -108,9 +108,9 @@ jobs:
validate-dev-container:
name: Validate dev-container - ${{ matrix.name }}
runs-on: ${{ matrix.runner }}
container: ghcr.io/kedacore/keda-tools:1.21.9
container: ghcr.io/kedacore/keda-tools:1.22.5
strategy:
matrix:
matrix:
include:
- runner: ARM64
name: arm64
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release-build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
id-token: write # needed for signing the images with GitHub OIDC Token **not production ready**

# keda-tools is built from github.com/test-tools/tools/Dockerfile
container: ghcr.io/kedacore/keda-tools:1.21.9
container: ghcr.io/kedacore/keda-tools:1.22.5
steps:
- name: Check out code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/static-analysis-codeql.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
codeQl:
name: Analyze CodeQL Go
runs-on: ubuntu-latest
container: ghcr.io/kedacore/keda-tools:1.21.9
container: ghcr.io/kedacore/keda-tools:1.22.5
if: (github.actor != 'dependabot[bot]')
steps:
- name: Checkout repository
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/template-main-e2e-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ jobs:
name: Run e2e test
runs-on: ARM64
# keda-tools is built from github.com/test-tools/tools/Dockerfile
container: ghcr.io/kedacore/keda-tools:1.21.9
container: ghcr.io/kedacore/keda-tools:1.22.5
concurrency: e2e-tests
steps:
- name: Check out code
Expand Down
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,10 @@ To learn more about active deprecations, we recommend checking [GitHub Discussio

## Unreleased

- **General**: Fix CVE-2024-24790, CVE-2024-24789, and CVE-2024-24791 in stdlib.
- **General**: Fix CVE-2024-35255 in github.com/Azure/azure-sdk-for-go/sdk/azidentity
- **General**: Fix CVE-2024-6104 in github.com/hashicorp/go-retryablehttp

### Breaking Changes

- **Authentication:** AAD-Pod-Identity and AWS-KIAM auths have been removed ([#5035](https://github.com/kedacore/keda/issues/5035)|[#5085](https://github.com/kedacore/keda/issues/5085))
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Build the manager binary
FROM --platform=$BUILDPLATFORM ghcr.io/kedacore/keda-tools:1.21.9 AS builder
FROM --platform=$BUILDPLATFORM ghcr.io/kedacore/keda-tools:1.22.5 AS builder

ARG BUILD_VERSION=main
ARG GIT_COMMIT=HEAD
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile.adapter
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Build the adapter binary
FROM --platform=$BUILDPLATFORM ghcr.io/kedacore/keda-tools:1.21.9 AS builder
FROM --platform=$BUILDPLATFORM ghcr.io/kedacore/keda-tools:1.22.5 AS builder

ARG BUILD_VERSION=main
ARG GIT_COMMIT=HEAD
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile.webhooks
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Build the manager binary
FROM --platform=$BUILDPLATFORM ghcr.io/kedacore/keda-tools:1.21.9 AS builder
FROM --platform=$BUILDPLATFORM ghcr.io/kedacore/keda-tools:1.22.5 AS builder

ARG BUILD_VERSION=main
ARG GIT_COMMIT=HEAD
Expand Down
14 changes: 7 additions & 7 deletions go.mod
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module github.com/kedacore/keda/v2

go 1.21
go 1.22

require (
cloud.google.com/go/compute/metadata v0.3.0
Expand All @@ -13,7 +13,7 @@ require (
github.com/Azure/azure-kusto-go v0.15.2
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0
github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.7.0
github.com/Azure/azure-storage-blob-go v0.15.0
github.com/Azure/azure-storage-queue-go v0.0.0-20230927153703-648530c9aaf2
Expand Down Expand Up @@ -169,7 +169,7 @@ require (
code.cloudfoundry.org/clock v1.1.0 // indirect
filippo.io/edwards25519 v1.1.0 // indirect
github.com/Azure/azure-pipeline-go v0.2.3 // indirect
github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect
github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventgrid v0.4.0
github.com/Azure/go-amqp v1.0.5 // indirect
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
Expand Down Expand Up @@ -345,13 +345,13 @@ require (
go.uber.org/automaxprocs v1.5.3
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.27.0 // indirect
golang.org/x/crypto v0.23.0
golang.org/x/crypto v0.24.0
golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f
golang.org/x/mod v0.17.0 // indirect
golang.org/x/net v0.25.0 // indirect
golang.org/x/sys v0.20.0 // indirect
golang.org/x/net v0.26.0 // indirect
golang.org/x/sys v0.21.0 // indirect
golang.org/x/term v0.19.0 // indirect
golang.org/x/text v0.15.0 // indirect
golang.org/x/text v0.16.0 // indirect
golang.org/x/time v0.5.0 // indirect
golang.org/x/tools v0.20.0 // indirect
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
Expand Down
17 changes: 8 additions & 9 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1347,11 +1347,11 @@ github.com/Azure/azure-sdk-for-go/sdk/azcore v0.19.0/go.mod h1:h6H6c8enJmmocHUbL
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM=
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo=
github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.11.0/go.mod h1:HcM1YX14R7CJcghJGOYCgdezslRSVzqwLf/q+4Y2r/0=
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX90K7A8dN+R5E8GEadoP7sU=
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU=
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc=
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg=
github.com/Azure/azure-sdk-for-go/sdk/internal v0.7.0/go.mod h1:yqy467j36fJxcRV2TzfVZ1pCb5vxm4BtZPUdYWe/Xo8=
github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aMclParm9/5Vgp+TY51uBQ=
github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2/go.mod h1:yInRyqWXAuaPrgI7p70+lDDgh3mlBohis29jGMISnmc=
github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 h1:jBQA3cKT4L2rWMpgE7Yt3Hwh2aUj8KXjIGLxjHeYNNo=
github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg=
github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventgrid v0.4.0 h1:d7S13DPk63SvBJfSUiMJJ26tRsvrBumkLPEfQEAarGk=
github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventgrid v0.4.0/go.mod h1:7e/gsXp4INB4k/vg0h3UOkYpDK6oZqctxr+L05FGybg=
github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.7.0 h1:QISzMrspEvZj4zrrN2wlNwfum5RmnKQhQNiSujwH7oU=
Expand Down Expand Up @@ -1584,7 +1584,6 @@ github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/r
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
Expand Down Expand Up @@ -2220,8 +2219,8 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR
github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w=
Expand Down Expand Up @@ -2669,8 +2668,8 @@ golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q=
golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
Expand Down
4 changes: 4 additions & 0 deletions vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/.gitignore
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

78 changes: 77 additions & 1 deletion vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/CHANGELOG.md
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/MIGRATION.md
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit f911a56

Please sign in to comment.