From c0afcc772eff2b08c572a431d778c55bb2b4d794 Mon Sep 17 00:00:00 2001 From: Evan Forbes <42654277+evan-forbes@users.noreply.github.com> Date: Thu, 4 Apr 2024 10:33:00 -0500 Subject: [PATCH] chore: go vuln (#1283) ## Description bumping the go version cause apparently there was a vulnerability (cherry picked from commit abc516304122da41e154b49d0a152360e38736a8) # Conflicts: # .github/workflows/check-generated.yml # .github/workflows/coverage.yml # .github/workflows/e2e-manual.yml # .github/workflows/e2e-nightly-34x.yml # .github/workflows/e2e.yml # .github/workflows/fuzz-nightly.yml # .github/workflows/govulncheck.yml # .github/workflows/pre-release.yml # .github/workflows/release-version.yml # .github/workflows/release.yml # .github/workflows/tests.yml # DOCKER/Dockerfile # README.md # go.mod # go.sum # scripts/proto-gen.sh # test/docker/Dockerfile # test/e2e/docker/Dockerfile --- .github/workflows/check-generated.yml | 4 ++++ .github/workflows/coverage.yml | 14 ++++++++++++++ .github/workflows/e2e-manual.yml | 4 ++++ .github/workflows/e2e-nightly-34x.yml | 4 ++++ .github/workflows/e2e.yml | 5 +++++ .github/workflows/fuzz-nightly.yml | 4 ++++ .github/workflows/govulncheck.yml | 21 +++++++++++++++++++++ .github/workflows/pre-release.yml | 4 ++++ .github/workflows/release-version.yml | 4 ++++ .github/workflows/release.yml | 4 ++++ .github/workflows/tests.yml | 9 +++++++++ DOCKER/Dockerfile | 4 ++++ README.md | 4 ++++ go.mod | 16 ++++++++++++++++ go.sum | 26 ++++++++++++++++++++++++++ scripts/proto-gen.sh | 4 ++++ test/docker/Dockerfile | 4 ++++ test/e2e/docker/Dockerfile | 4 ++++ 18 files changed, 139 insertions(+) diff --git a/.github/workflows/check-generated.yml b/.github/workflows/check-generated.yml index 8225117003..adbd029281 100644 --- a/.github/workflows/check-generated.yml +++ b/.github/workflows/check-generated.yml @@ -43,7 +43,11 @@ jobs: steps: - uses: actions/setup-go@v4 with: +<<<<<<< HEAD go-version: '1.22' +======= + go-version: "1.22.2" +>>>>>>> abc516304 (chore: go vuln (#1283)) - uses: actions/checkout@v4 with: diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index f8f402eb6f..bf855ba1df 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -12,7 +12,11 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v4 with: +<<<<<<< HEAD go-version: "1.22" +======= + go-version: "1.22.2" +>>>>>>> abc516304 (chore: go vuln (#1283)) - name: Create a file with all the pkgs run: go list ./... > pkgs.txt - name: Split pkgs into 4 files @@ -48,8 +52,13 @@ jobs: steps: - uses: actions/setup-go@v4 with: +<<<<<<< HEAD go-version: "1.22" - uses: actions/checkout@v4 +======= + go-version: "1.22.2" + - uses: actions/checkout@v3 +>>>>>>> abc516304 (chore: go vuln (#1283)) - uses: technote-space/get-diff-action@v6 with: PATTERNS: | @@ -70,8 +79,13 @@ jobs: steps: - uses: actions/setup-go@v4 with: +<<<<<<< HEAD go-version: "1.22" - uses: actions/checkout@v4 +======= + go-version: "1.22.2" + - uses: actions/checkout@v3 +>>>>>>> abc516304 (chore: go vuln (#1283)) - uses: technote-space/get-diff-action@v6 with: PATTERNS: | diff --git a/.github/workflows/e2e-manual.yml b/.github/workflows/e2e-manual.yml index a48d063f13..05a7e98998 100644 --- a/.github/workflows/e2e-manual.yml +++ b/.github/workflows/e2e-manual.yml @@ -16,7 +16,11 @@ jobs: steps: - uses: actions/setup-go@v4 with: +<<<<<<< HEAD go-version: '1.22' +======= + go-version: '1.22.2' +>>>>>>> abc516304 (chore: go vuln (#1283)) - uses: actions/checkout@v4 diff --git a/.github/workflows/e2e-nightly-34x.yml b/.github/workflows/e2e-nightly-34x.yml index 30807051cc..d3f1451206 100644 --- a/.github/workflows/e2e-nightly-34x.yml +++ b/.github/workflows/e2e-nightly-34x.yml @@ -23,7 +23,11 @@ jobs: steps: - uses: actions/setup-go@v4 with: +<<<<<<< HEAD go-version: '1.22' +======= + go-version: '1.22.2' +>>>>>>> abc516304 (chore: go vuln (#1283)) - uses: actions/checkout@v4 with: diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index c09a096b37..1ca8e77616 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -14,8 +14,13 @@ jobs: steps: - uses: actions/setup-go@v4 with: +<<<<<<< HEAD go-version: '1.22' - uses: actions/checkout@v4 +======= + go-version: '1.22.2' + - uses: actions/checkout@v3 +>>>>>>> abc516304 (chore: go vuln (#1283)) - uses: technote-space/get-diff-action@v6 with: PATTERNS: | diff --git a/.github/workflows/fuzz-nightly.yml b/.github/workflows/fuzz-nightly.yml index 5478a9ed06..32a80a25c9 100644 --- a/.github/workflows/fuzz-nightly.yml +++ b/.github/workflows/fuzz-nightly.yml @@ -11,7 +11,11 @@ jobs: steps: - uses: actions/setup-go@v4 with: +<<<<<<< HEAD go-version: '1.22' +======= + go-version: '1.22.2' +>>>>>>> abc516304 (chore: go vuln (#1283)) - uses: actions/checkout@v4 diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 94b51653f1..d67f4178a4 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -10,6 +10,7 @@ on: branches: - v[0-9]+.[0-9]+.x-celestia +<<<<<<< HEAD # TODO: re-enable after figuring out what needs to get fixed or if this is # handled upstream in main # jobs: @@ -30,3 +31,23 @@ on: # - name: govulncheck # run: make vulncheck # if: "env.GIT_DIFF != ''" +======= +jobs: + govulncheck: + runs-on: ubuntu-latest + steps: + - uses: actions/setup-go@v3 + with: + go-version: "1.22.2" + - uses: actions/checkout@v3 + - uses: technote-space/get-diff-action@v6 + with: + PATTERNS: | + **/*.go + go.mod + go.sum + Makefile + - name: govulncheck + run: make vulncheck + if: "env.GIT_DIFF != ''" +>>>>>>> abc516304 (chore: go vuln (#1283)) diff --git a/.github/workflows/pre-release.yml b/.github/workflows/pre-release.yml index 970d76a783..b2b9f2b397 100644 --- a/.github/workflows/pre-release.yml +++ b/.github/workflows/pre-release.yml @@ -18,7 +18,11 @@ jobs: - uses: actions/setup-go@v4 with: +<<<<<<< HEAD go-version: '1.22' +======= + go-version: '1.22.2' +>>>>>>> abc516304 (chore: go vuln (#1283)) # Similar check to ./release-version.yml, but enforces this when pushing # tags. The ./release-version.yml check can be bypassed and is mainly diff --git a/.github/workflows/release-version.yml b/.github/workflows/release-version.yml index c586b3a702..cc8ded27c5 100644 --- a/.github/workflows/release-version.yml +++ b/.github/workflows/release-version.yml @@ -15,7 +15,11 @@ jobs: - uses: actions/setup-go@v4 with: +<<<<<<< HEAD go-version: '1.22' +======= + go-version: '1.22.2' +>>>>>>> abc516304 (chore: go vuln (#1283)) - name: Check version run: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e5ef876da6..150384e88c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,7 +16,11 @@ jobs: - uses: actions/setup-go@v4 with: +<<<<<<< HEAD go-version: '1.22' +======= + go-version: '1.22.2' +>>>>>>> abc516304 (chore: go vuln (#1283)) - name: Generate release notes run: | diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 8675bc0836..41ec2b03de 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -25,8 +25,13 @@ jobs: steps: - uses: actions/setup-go@v4 with: +<<<<<<< HEAD go-version: "1.22" - uses: actions/checkout@v4 +======= + go-version: "1.22.2" + - uses: actions/checkout@v3 +>>>>>>> abc516304 (chore: go vuln (#1283)) - uses: technote-space/get-diff-action@v6 with: PATTERNS: | @@ -121,7 +126,11 @@ jobs: # steps: # - uses: actions/setup-go@v3 # with: +<<<<<<< HEAD # go-version: "1.22" +======= + # go-version: "1.22.2" +>>>>>>> abc516304 (chore: go vuln (#1283)) # - uses: actions/checkout@v3 # - uses: technote-space/get-diff-action@v6 # with: diff --git a/DOCKER/Dockerfile b/DOCKER/Dockerfile index a5188db391..c35a7f39ec 100644 --- a/DOCKER/Dockerfile +++ b/DOCKER/Dockerfile @@ -1,6 +1,10 @@ # Use a build arg to ensure that both stages use the same, # hopefully current, go version. +<<<<<<< HEAD ARG GOLANG_BASE_IMAGE=golang:1.22-alpine +======= +ARG GOLANG_BASE_IMAGE=golang:1.22.2-alpine +>>>>>>> abc516304 (chore: go vuln (#1283)) # stage 1 Generate CometBFT Binary FROM --platform=$BUILDPLATFORM $GOLANG_BASE_IMAGE as builder diff --git a/README.md b/README.md index 329403efaf..9ea7244452 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,11 @@ This repo intends on preserving the minimal possible diff with [cometbft/cometbf - **specific to Celestia**: consider if [celestia-app](https://github.com/celestiaorg/celestia-app) is a better target - **not specific to Celestia**: consider making the contribution upstream in CometBFT +<<<<<<< HEAD 1. [Install Go](https://go.dev/doc/install) 1.22+ +======= +1. [Install Go](https://go.dev/doc/install) 1.22.2+ +>>>>>>> abc516304 (chore: go vuln (#1283)) 2. Fork this repo 3. Clone your fork 4. Find an issue to work on (see [good first issues](https://github.com/celestiaorg/celestia-core/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22)) diff --git a/go.mod b/go.mod index e67be45a07..f1ff72aca5 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,10 @@ module github.com/tendermint/tendermint +<<<<<<< HEAD go 1.22 +======= +go 1.22.2 +>>>>>>> abc516304 (chore: go vuln (#1283)) require ( github.com/BurntSushi/toml v1.2.1 @@ -48,10 +52,17 @@ require ( github.com/vektra/mockery/v2 v2.23.1 go.opentelemetry.io/otel v1.24.0 go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.18.0 +<<<<<<< HEAD go.opentelemetry.io/otel/sdk v1.24.0 golang.org/x/crypto v0.17.0 golang.org/x/net v0.19.0 gonum.org/v1/gonum v0.12.0 +======= + go.opentelemetry.io/otel/sdk v1.21.0 + golang.org/x/crypto v0.21.0 + golang.org/x/net v0.23.0 + gonum.org/v1/gonum v0.8.2 +>>>>>>> abc516304 (chore: go vuln (#1283)) google.golang.org/grpc v1.59.0 google.golang.org/protobuf v1.31.0 ) @@ -283,8 +294,13 @@ require ( golang.org/x/exp/typeparams v0.0.0-20230224173230-c95f2b4c22f2 // indirect golang.org/x/mod v0.11.0 // indirect golang.org/x/sync v0.3.0 // indirect +<<<<<<< HEAD golang.org/x/sys v0.17.0 // indirect golang.org/x/term v0.15.0 // indirect +======= + golang.org/x/sys v0.18.0 // indirect + golang.org/x/term v0.18.0 // indirect +>>>>>>> abc516304 (chore: go vuln (#1283)) golang.org/x/text v0.14.0 // indirect golang.org/x/tools v0.7.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect diff --git a/go.sum b/go.sum index a3e9cc6c5e..c7bd299675 100644 --- a/go.sum +++ b/go.sum @@ -1008,11 +1008,20 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +<<<<<<< HEAD golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +======= +golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= +golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +>>>>>>> abc516304 (chore: go vuln (#1283)) golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1110,9 +1119,15 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +<<<<<<< HEAD golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= +======= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +>>>>>>> abc516304 (chore: go vuln (#1283)) golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1227,8 +1242,13 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +<<<<<<< HEAD golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +======= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +>>>>>>> abc516304 (chore: go vuln (#1283)) golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1238,8 +1258,14 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +<<<<<<< HEAD golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= +======= +golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +>>>>>>> abc516304 (chore: go vuln (#1283)) golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/scripts/proto-gen.sh b/scripts/proto-gen.sh index 0420088fd3..7aacad616d 100755 --- a/scripts/proto-gen.sh +++ b/scripts/proto-gen.sh @@ -10,7 +10,11 @@ cd "$(git rev-parse --show-toplevel)" # Run inside Docker to install the correct versions of the required tools # without polluting the local system. +<<<<<<< HEAD docker run --rm -i -v "$PWD":/w --workdir=/w golang:1.22-alpine sh <<"EOF" +======= +docker run --rm -i -v "$PWD":/w --workdir=/w golang:1.22.2-alpine sh <<"EOF" +>>>>>>> abc516304 (chore: go vuln (#1283)) apk add git make go install github.com/bufbuild/buf/cmd/buf diff --git a/test/docker/Dockerfile b/test/docker/Dockerfile index 1d3a685b2c..bdb9ce3b14 100644 --- a/test/docker/Dockerfile +++ b/test/docker/Dockerfile @@ -1,4 +1,8 @@ +<<<<<<< HEAD FROM golang:1.22 +======= +FROM golang:1.22.2 +>>>>>>> abc516304 (chore: go vuln (#1283)) # Grab deps (jq, hexdump, xxd, killall) RUN apt-get update && \ diff --git a/test/e2e/docker/Dockerfile b/test/e2e/docker/Dockerfile index 9e53e2e48c..7c7af45c54 100644 --- a/test/e2e/docker/Dockerfile +++ b/test/e2e/docker/Dockerfile @@ -1,7 +1,11 @@ # We need to build in a Linux environment to support C libraries, e.g. RocksDB. # We use Debian instead of Alpine, so that we can use binary database packages # instead of spending time compiling them. +<<<<<<< HEAD FROM golang:1.22-bullseye +======= +FROM golang:1.22.2-bullseye +>>>>>>> abc516304 (chore: go vuln (#1283)) RUN apt-get -qq update -y && apt-get -qq upgrade -y >/dev/null RUN apt-get -qq install -y libleveldb-dev librocksdb-dev >/dev/null