Skip to content

Commit

Permalink
fix(deps): bumped dependencies versions to resolve CVEs (#13789)
Browse files Browse the repository at this point in the history 
Signed-off-by: Vladyslav Diachenko <vlad.diachenko@grafana.com>
Co-authored-by: Paul Rogers <paul.rogers@grafana.com>
  • Loading branch information
@vlad-diachenko @paul1r
vlad-diachenko and paul1r committed Aug 7, 2024
1 parent ca2030b commit 34206cd
Show file tree
Hide file tree
Showing 144 changed files with 19,566 additions and 2,359 deletions.
2 changes: 1 addition & 1 deletion .devcontainer/devcontainer.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"image": "grafana/loki-build-image:0.33.1",
"image": "grafana/loki-build-image:0.33.5",
"containerEnv": {
"BUILD_IN_CONTAINER": "false"
},
Expand Down
6 changes: 3 additions & 3 deletions .drone/drone.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@ steps:
depends_on:
- clone
environment: {}
image: grafana/loki-build-image:0.33.3
image: grafana/loki-build-image:0.33.5
name: documentation-helm-reference-check
trigger:
ref:
Expand Down Expand Up @@ -1085,7 +1085,7 @@ steps:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
image: grafana/loki-build-image:0.33.3
image: grafana/loki-build-image:0.33.5
name: build and push
privileged: true
volumes:
Expand Down Expand Up @@ -1308,6 +1308,6 @@ kind: secret
name: gpg_private_key
---
kind: signature
hmac: 33b9d2962b6dfcf1136ef7602d29e3f32f03b0d90dfd579652cbaf0a4ef2de4b
hmac: 8a2db8460244184bb92d99cfe9a366e0a1cce91034cfe3784436a2f178b976c7

...
2 changes: 1 addition & 1 deletion .github/workflows/check.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"check":
"uses": "grafana/loki-release/.github/workflows/check.yml@main"
"with":
"build_image": "grafana/loki-build-image:0.33.3"
"build_image": "grafana/loki-build-image:0.33.5"
"golang_ci_lint_version": "v1.55.1"
"release_lib_ref": "main"
"skip_validation": false
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/minor-release-pr.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
check:
uses: "grafana/loki-release/.github/workflows/check.yml@main"
with:
build_image: "grafana/loki-build-image:0.33.3"
build_image: "grafana/loki-build-image:0.33.5"
golang_ci_lint_version: "v1.55.1"
release_lib_ref: "main"
skip_validation: false
Expand Down Expand Up @@ -141,7 +141,7 @@ jobs:
--env SKIP_ARM \
--volume .:/src/loki \
--workdir /src/loki \
--entrypoint /bin/sh "grafana/loki-build-image:0.33.3"
--entrypoint /bin/sh "grafana/loki-build-image:0.33.5"
git config --global --add safe.directory /src/loki
echo "${NFPM_SIGNING_KEY}" > $NFPM_SIGNING_KEY_FILE
make dist packages
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/patch-release-pr.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
check:
uses: "grafana/loki-release/.github/workflows/check.yml@main"
with:
build_image: "grafana/loki-build-image:0.33.3"
build_image: "grafana/loki-build-image:0.33.5"
golang_ci_lint_version: "v1.55.1"
release_lib_ref: "main"
skip_validation: false
Expand Down Expand Up @@ -141,7 +141,7 @@ jobs:
--env SKIP_ARM \
--volume .:/src/loki \
--workdir /src/loki \
--entrypoint /bin/sh "grafana/loki-build-image:0.33.3"
--entrypoint /bin/sh "grafana/loki-build-image:0.33.5"
git config --global --add safe.directory /src/loki
echo "${NFPM_SIGNING_KEY}" > $NFPM_SIGNING_KEY_FILE
make dist packages
Expand Down
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ DOCKER_IMAGE_DIRS := $(patsubst %/Dockerfile,%,$(DOCKERFILES))
BUILD_IN_CONTAINER ?= true

# ensure you run `make drone` and `make release-workflows` after changing this
BUILD_IMAGE_VERSION ?= 0.33.3
BUILD_IMAGE_VERSION ?= 0.33.5

# Docker image info
IMAGE_PREFIX ?= grafana
Expand Down
4 changes: 2 additions & 2 deletions clients/cmd/docker-driver/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
ARG BUILD_IMAGE=grafana/loki-build-image:0.33.2
ARG BUILD_IMAGE=grafana/loki-build-image:0.33.5
# Directories in this file are referenced from the root of the project not this folder
# This file is intended to be called from the root like so:
# docker build -t grafana/loki -f cmd/loki/Dockerfile .
Expand All @@ -9,7 +9,7 @@ COPY . /src/loki
WORKDIR /src/loki
RUN make clean && make BUILD_IN_CONTAINER=false clients/cmd/docker-driver/docker-driver

FROM alpine:3.18.5
FROM alpine:3.20.2
RUN apk add --update --no-cache ca-certificates tzdata
COPY --from=build /src/loki/clients/cmd/docker-driver/docker-driver /bin/docker-driver
WORKDIR /bin/
Expand Down
2 changes: 1 addition & 1 deletion clients/cmd/promtail/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.22.2-bookworm as build
FROM golang:1.22.5-bookworm as build

COPY . /src/loki
WORKDIR /src/loki
Expand Down
2 changes: 1 addition & 1 deletion clients/cmd/promtail/Dockerfile.arm32
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.22.2-bookworm as build
FROM golang:1.22.5-bookworm as build

COPY . /src/loki
WORKDIR /src/loki
Expand Down
2 changes: 1 addition & 1 deletion clients/cmd/promtail/Dockerfile.cross
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
ARG BUILD_IMAGE=grafana/loki-build-image:0.33.2
ARG BUILD_IMAGE=grafana/loki-build-image:0.33.5
# Directories in this file are referenced from the root of the project not this folder
# This file is intended to be called from the root like so:
# docker build -t grafana/promtail -f clients/cmd/promtail/Dockerfile .
Expand Down
4 changes: 2 additions & 2 deletions clients/cmd/promtail/Dockerfile.debug
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@
# This file is intended to be called from the root like so:
# docker build -t grafana/promtail -f clients/cmd/promtail/Dockerfile.debug .

FROM grafana/loki-build-image:0.33.2 as build
FROM grafana/loki-build-image:0.33.5 as build
ARG GOARCH="amd64"
COPY . /src/loki
WORKDIR /src/loki
RUN make clean && make BUILD_IN_CONTAINER=false PROMTAIL_JOURNAL_ENABLED=true promtail-debug


FROM alpine:3.18.5
FROM alpine:3.20.2
RUN apk add --update --no-cache ca-certificates tzdata
COPY --from=build /src/loki/clients/cmd/promtail/promtail-debug /usr/bin/promtail-debug
COPY --from=build /usr/bin/dlv /usr/bin/dlv
Expand Down
4 changes: 2 additions & 2 deletions cmd/logcli/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
FROM golang:1.22.2 as build
FROM golang:1.22.5 as build

COPY . /src/loki
WORKDIR /src/loki
RUN make clean && make BUILD_IN_CONTAINER=false logcli

FROM alpine:3.18.5
FROM alpine:3.20.2

RUN apk add --no-cache ca-certificates

Expand Down
4 changes: 2 additions & 2 deletions cmd/logql-analyzer/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
FROM golang:1.22.2 as build
FROM golang:1.22.5 as build

COPY . /src/loki
WORKDIR /src/loki
RUN make clean && CGO_ENABLED=0 go build ./cmd/logql-analyzer/

FROM alpine:3.18.5
FROM alpine:3.20.2

RUN apk add --no-cache ca-certificates

Expand Down
4 changes: 2 additions & 2 deletions cmd/loki-canary-boringcrypto/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
FROM golang:1.22.2 as build
FROM golang:1.22.5 as build

COPY . /src/loki
WORKDIR /src/loki
RUN go env GOARCH > /goarch
RUN make clean && make GOARCH=$(cat /goarch) BUILD_IN_CONTAINER=true GOEXPERIMENT=boringcrypto loki-canary-boringcrypto

FROM alpine:3.18.5
FROM alpine:3.20.2
RUN apk add --update --no-cache ca-certificates
RUN apk add --no-cache libc6-compat
COPY --from=build /src/loki/cmd/loki-canary-boringcrypto/loki-canary-boringcrypto /usr/bin/loki-canary
Expand Down
4 changes: 2 additions & 2 deletions cmd/loki-canary/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
FROM golang:1.22.2 as build
FROM golang:1.22.5 as build

COPY . /src/loki
WORKDIR /src/loki
RUN make clean && make BUILD_IN_CONTAINER=false loki-canary

FROM alpine:3.18.5
FROM alpine:3.20.2
RUN apk add --update --no-cache ca-certificates
COPY --from=build /src/loki/cmd/loki-canary/loki-canary /usr/bin/loki-canary
ENTRYPOINT [ "/usr/bin/loki-canary" ]
6 changes: 3 additions & 3 deletions cmd/loki-canary/Dockerfile.cross
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
ARG BUILD_IMAGE=grafana/loki-build-image:0.33.2
ARG BUILD_IMAGE=grafana/loki-build-image:0.33.5
# Directories in this file are referenced from the root of the project not this folder
# This file is intended to be called from the root like so:
# docker build -t grafana/promtail -f cmd/promtail/Dockerfile .
FROM golang:1.22.2-alpine as goenv
FROM golang:1.22.5-alpine as goenv
RUN go env GOARCH > /goarch && \
go env GOARM > /goarm

Expand All @@ -12,7 +12,7 @@ COPY . /src/loki
WORKDIR /src/loki
RUN make clean && GOARCH=$(cat /goarch) GOARM=$(cat /goarm) make BUILD_IN_CONTAINER=false loki-canary

FROM alpine:3.18.5
FROM alpine:3.20.2
RUN apk add --update --no-cache ca-certificates
COPY --from=build /src/loki/cmd/loki-canary/loki-canary /usr/bin/loki-canary
ENTRYPOINT [ "/usr/bin/loki-canary" ]
4 changes: 2 additions & 2 deletions cmd/loki/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
FROM golang:1.22.2 as build
FROM golang:1.22.5 as build

COPY . /src/loki
WORKDIR /src/loki
RUN make clean && make BUILD_IN_CONTAINER=false loki

FROM alpine:3.18.5
FROM alpine:3.20.2

RUN apk add --no-cache ca-certificates libcap

Expand Down
6 changes: 3 additions & 3 deletions cmd/loki/Dockerfile.cross
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
ARG BUILD_IMAGE=grafana/loki-build-image:0.33.2
ARG BUILD_IMAGE=grafana/loki-build-image:0.33.5
# Directories in this file are referenced from the root of the project not this folder
# This file is intended to be called from the root like so:
# docker build -t grafana/loki -f cmd/loki/Dockerfile .
FROM golang:1.22.2-alpine as goenv
FROM golang:1.22.5-alpine as goenv
RUN go env GOARCH > /goarch && \
go env GOARM > /goarm

Expand All @@ -12,7 +12,7 @@ COPY . /src/loki
WORKDIR /src/loki
RUN make clean && GOARCH=$(cat /goarch) GOARM=$(cat /goarm) make BUILD_IN_CONTAINER=false loki

FROM alpine:3.18.5
FROM alpine:3.20.2

RUN apk add --no-cache ca-certificates

Expand Down
6 changes: 3 additions & 3 deletions cmd/loki/Dockerfile.debug
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
ARG BUILD_IMAGE=grafana/loki-build-image:0.33.2
ARG BUILD_IMAGE=grafana/loki-build-image:0.33.5
# Directories in this file are referenced from the root of the project not this folder
# This file is intended to be called from the root like so:
# docker build -t grafana/loki -f cmd/loki/Dockerfile.debug .

FROM golang:1.22.2-alpine as goenv
FROM golang:1.22.5-alpine as goenv
RUN go env GOARCH > /goarch && \
go env GOARM > /goarm && \
go install github.com/go-delve/delve/cmd/dlv@latest
Expand All @@ -15,7 +15,7 @@ WORKDIR /src/loki
RUN make clean && \
GOARCH=$(cat /goarch) GOARM=$(cat /goarm) make BUILD_IN_CONTAINER=false loki-debug

FROM alpine:3.18.5
FROM alpine:3.20.2
RUN apk add --update --no-cache ca-certificates
COPY --from=build /src/loki/cmd/loki/loki-debug /usr/bin/loki-debug
COPY --from=goenv /go/bin/dlv /usr/bin/dlv
Expand Down
4 changes: 2 additions & 2 deletions cmd/migrate/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
FROM golang:1.22.2 as build
FROM golang:1.22.5 as build
COPY . /src/loki
WORKDIR /src/loki
RUN make clean && make BUILD_IN_CONTAINER=false migrate

FROM alpine:3.18.5
FROM alpine:3.20.2
RUN apk add --update --no-cache ca-certificates
COPY --from=build /src/loki/cmd/migrate/migrate /usr/bin/migrate
#ENTRYPOINT [ "/usr/bin/migrate" ]
Expand Down
4 changes: 2 additions & 2 deletions cmd/querytee/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
FROM golang:1.22.2 as build
FROM golang:1.22.5 as build

COPY . /src/loki
WORKDIR /src/loki
RUN make clean && make BUILD_IN_CONTAINER=false loki-querytee

FROM alpine:3.18.5
FROM alpine:3.20.2
RUN apk add --update --no-cache ca-certificates
COPY --from=build /src/loki/cmd/querytee/querytee /usr/bin/querytee
ENTRYPOINT [ "/usr/bin/querytee" ]
6 changes: 3 additions & 3 deletions cmd/querytee/Dockerfile.cross
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
ARG BUILD_IMAGE=grafana/loki-build-image:0.33.2
ARG BUILD_IMAGE=grafana/loki-build-image:0.33.5
# Directories in this file are referenced from the root of the project not this folder
# This file is intended to be called from the root like so:
# docker build -t grafana/promtail -f cmd/promtail/Dockerfile .
FROM golang:1.22.2-alpine as goenv
FROM golang:1.22.5-alpine as goenv
RUN go env GOARCH > /goarch && \
go env GOARM > /goarm

Expand All @@ -12,7 +12,7 @@ COPY . /src/loki
WORKDIR /src/loki
RUN make clean && GOARCH=$(cat /goarch) GOARM=$(cat /goarm) make BUILD_IN_CONTAINER=false loki-querytee

FROM alpine:3.18.5
FROM alpine:3.20.2
RUN apk add --update --no-cache ca-certificates
COPY --from=build /src/loki/cmd/querytee/querytee /usr/bin/querytee
ENTRYPOINT [ "/usr/bin/querytee" ]
26 changes: 13 additions & 13 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,10 +99,10 @@ require (
go.etcd.io/bbolt v1.3.6
go.uber.org/atomic v1.11.0
go.uber.org/goleak v1.3.0
golang.org/x/crypto v0.21.0
golang.org/x/net v0.23.0
golang.org/x/sync v0.6.0
golang.org/x/sys v0.20.0
golang.org/x/crypto v0.24.0
golang.org/x/net v0.26.0
golang.org/x/sync v0.7.0
golang.org/x/sys v0.21.0
golang.org/x/time v0.5.0
google.golang.org/api v0.168.0
google.golang.org/grpc v1.62.1
Expand Down Expand Up @@ -142,7 +142,7 @@ require (
go4.org/netipx v0.0.0-20230125063823-8449b0a6169f
golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8
golang.org/x/oauth2 v0.18.0
golang.org/x/text v0.15.0
golang.org/x/text v0.16.0
google.golang.org/protobuf v1.33.0
gotest.tools v2.2.0+incompatible
k8s.io/apimachinery v0.29.2
Expand All @@ -169,9 +169,9 @@ require (
cloud.google.com/go/iam v1.1.6 // indirect
cloud.google.com/go/longrunning v0.5.5 // indirect
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 // indirect
github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 // indirect
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.5.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4 v4.3.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.5.1 // indirect
Expand All @@ -181,7 +181,7 @@ require (
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
github.com/Azure/go-autorest/logger v0.2.1 // indirect
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect
github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
github.com/Code-Hex/go-generics-cache v1.3.1 // indirect
github.com/Masterminds/goutils v1.1.1 // indirect
github.com/Masterminds/semver/v3 v3.2.0 // indirect
Expand Down Expand Up @@ -248,7 +248,7 @@ require (
github.com/go-zookeeper/zk v1.0.3 // indirect
github.com/gofrs/flock v0.8.1 // indirect
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
github.com/golang-jwt/jwt/v5 v5.2.0 // indirect
github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/google/btree v1.1.2 // indirect
github.com/google/gnostic-models v0.6.8 // indirect
Expand Down Expand Up @@ -337,9 +337,9 @@ require (
go.opentelemetry.io/otel/trace v1.24.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.21.0 // indirect
golang.org/x/mod v0.16.0 // indirect
golang.org/x/term v0.18.0 // indirect
golang.org/x/tools v0.19.0 // indirect
golang.org/x/mod v0.17.0 // indirect
golang.org/x/term v0.21.0 // indirect
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
google.golang.org/appengine v1.6.8 // indirect
google.golang.org/genproto v0.0.0-20240205150955-31a09d347014 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240304212257-790db918fca8 // indirect
Expand Down
Loading

0 comments on commit 34206cd

Please sign in to comment.