diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
index 9c41d4e..45846d9 100644
--- a/.github/workflows/build-and-test.yml
+++ b/.github/workflows/build-and-test.yml
@@ -18,7 +18,7 @@ jobs:
uses: actions/setup-go@v5
with:
cache: true
- go-version: 1.21.7
+ go-version: 1.22.2
- name: Check project dependencies
run: |
rm go.sum
@@ -26,8 +26,10 @@ jobs:
git -c color.ui=always diff --exit-code go.mod go.sum
- name: Test
run: go test -race ./... -v -coverprofile=coverage.out
+ env:
+ GOEXPERIMENT: nocoverageredesign
- name: Set up kubectl
- uses: azure/setup-kubectl@v3.2
+ uses: azure/setup-kubectl@v4
with:
version: v1.29.0
- name: Generate Install Manifests
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 9e057b6..f44b722 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -22,7 +22,7 @@ jobs:
uses: actions/setup-go@v5
with:
cache: true
- go-version: 1.21.7
+ go-version: 1.22.2
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index 5c3f622..6dc4367 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -31,15 +31,15 @@ jobs:
with:
fetch-depth: 0
- name: Set up kubectl
- uses: azure/setup-kubectl@v3.2
+ uses: azure/setup-kubectl@v4
with:
version: ${{ matrix.node }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3.0.0
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v3.1.0
+ uses: docker/setup-buildx-action@v3.2.0
- name: Build Container Image
- uses: docker/build-push-action@v5.1.0
+ uses: docker/build-push-action@v5.3.0
with:
context: .
file: ./Dockerfile
@@ -88,7 +88,7 @@ jobs:
uses: actions/setup-go@v5
with:
cache: true
- go-version: 1.21.7
+ go-version: 1.22.2
- name: Test Approved Certificate Signing Requests
run: go test -tags=e2e -v ./e2e
- name: Get Application logs
diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
index 9ee67fe..d9d1789 100644
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@@ -19,7 +19,7 @@ jobs:
uses: actions/setup-go@v5
with:
cache: true
- go-version: 1.21.7
+ go-version: 1.22.2
- name: golangci-lint
uses: golangci/golangci-lint-action@v4
with:
diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
index 11a71d7..e1bc282 100644
--- a/.github/workflows/govulncheck.yml
+++ b/.github/workflows/govulncheck.yml
@@ -18,7 +18,7 @@ jobs:
uses: actions/setup-go@v5
with:
cache: true
- go-version: 1.21.7
+ go-version: 1.22.2
- name: Install govulncheck Vulnerability Scanner
run: go install golang.org/x/vuln/cmd/govulncheck@latest
- name: Run govulncheck Vulnerability Scanner
diff --git a/.github/workflows/grype.yml b/.github/workflows/grype.yml
index bd844b4..4ce7a63 100644
--- a/.github/workflows/grype.yml
+++ b/.github/workflows/grype.yml
@@ -22,9 +22,9 @@ jobs:
- name: Set up QEMU
uses: docker/setup-qemu-action@v3.0.0
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v3.1.0
+ uses: docker/setup-buildx-action@v3.2.0
- name: Build Container Image
- uses: docker/build-push-action@v5.1.0
+ uses: docker/build-push-action@v5.3.0
with:
context: .
file: ./Dockerfile
diff --git a/.github/workflows/image-publish.yml b/.github/workflows/image-publish.yml
index 69fb9c6..981affd 100644
--- a/.github/workflows/image-publish.yml
+++ b/.github/workflows/image-publish.yml
@@ -35,16 +35,16 @@ jobs:
- name: Set up QEMU
uses: docker/setup-qemu-action@v3.0.0
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v3.1.0
+ uses: docker/setup-buildx-action@v3.2.0
- name: Login to Registry
- uses: docker/login-action@v3.0.0
+ uses: docker/login-action@v3.1.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GHCR_TOKEN }}
- name: Build and push
id: docker_build
- uses: docker/build-push-action@v5.1.0
+ uses: docker/build-push-action@v5.3.0
with:
context: .
file: ./Dockerfile
diff --git a/.github/workflows/nancy.yml b/.github/workflows/nancy.yml
index c6ab14b..937173f 100644
--- a/.github/workflows/nancy.yml
+++ b/.github/workflows/nancy.yml
@@ -22,7 +22,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v5
with:
- go-version: 1.21.7
+ go-version: 1.22.2
- name: Create dependency list for Nancy
run: go list -json -m all > go.list
- name: Run Nancy Vulnerability Scanner
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 3e4a7f4..afb6e62 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -22,9 +22,9 @@ jobs:
- name: Set up QEMU
uses: docker/setup-qemu-action@v3.0.0
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v3.1.0
+ uses: docker/setup-buildx-action@v3.2.0
- name: Build Container Image
- uses: docker/build-push-action@v5.1.0
+ uses: docker/build-push-action@v5.3.0
with:
context: .
file: ./Dockerfile
@@ -34,7 +34,7 @@ jobs:
push: false
tags: ghcr.io/${{ github.repository }}:trivy
- name: Run Trivy Vulnerability Scanner
- uses: aquasecurity/trivy-action@0.18.0
+ uses: aquasecurity/trivy-action@0.19.0
with:
image-ref: ghcr.io/${{ github.repository }}:trivy
format: sarif
diff --git a/.golangci.yml b/.golangci.yml
index d77f006..50543b9 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,6 +1,6 @@
run:
concurrency: 4
- go: '1.21'
+ go: '1.22'
timeout: 10m
issues-exit-code: 1
tests: true
diff --git a/.nancy-ignore b/.nancy-ignore
index 96edacb..2a2e039 100644
--- a/.nancy-ignore
+++ b/.nancy-ignore
@@ -1,11 +1,11 @@
# Skip for indirect dependency github.com/hashicorp/consul/api@v1.25.1
CVE-2022-29153
-# Skip for indirect dependency golang.org/x/crypto@v0.16.0
-CVE-2023-48795
-
# Skip for indirect dependency go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.35.0
CVE-2023-47108
+# Skip for indirect dependency google.golang.org/protobuf@v1.31.0
+CVE-2024-24786
+
# Skip for indirect dependency k8s.io/apiserver@v0.28.3
CVE-2020-8561
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 53ec2dc..defe8f5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,26 @@
+
+## [v0.8.2](https://github.com/alex1989hu/kubelet-serving-cert-approver/compare/v0.8.1...v0.8.2) (2024-04-05)
+
+### Chore
+
+* upgrade go 1.22.2
+* upgrade golang.org/x/net v0.24.0
+* bump aquasecurity/trivy-action from 0.18.0 to 0.19.0
+* bump docker/build-push-action from 5.2.0 to 5.3.0
+* bump docker/setup-buildx-action from 3.1.0 to 3.2.0
+* upgrade google.golang.org/protobuf v1.33.0
+* bump docker/build-push-action from 5.1.0 to 5.2.0
+* bump docker/login-action from 3.0.0 to 3.1.0
+* upgrade golang.org/x/net v0.17.0
+* upgrade go 1.21.8
+
+### Ci
+
+* upgrade azure/setup-kubectl to 4
+* update nancy ignore
+
+
## [v0.8.1](https://github.com/alex1989hu/kubelet-serving-cert-approver/compare/v0.8.0...v0.8.1) (2024-03-04)
diff --git a/Dockerfile b/Dockerfile
index 2245f80..16f00fe 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,7 +13,7 @@
# limitations under the License.
#
-FROM golang:1.21.7 as builder
+FROM golang:1.22.2 as builder
# To let GitHub CI driven buildx pass build arguments
ARG TARGETOS
diff --git a/go.mod b/go.mod
index d7336e4..9136e2e 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,8 @@
module github.com/alex1989hu/kubelet-serving-cert-approver
-go 1.21
+go 1.22
+
+toolchain go1.22.2
require (
github.com/cucumber/godog v0.14.0
@@ -74,15 +76,15 @@ require (
github.com/subosito/gotenv v1.6.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
- golang.org/x/net v0.19.0 // indirect
+ golang.org/x/net v0.24.0 // indirect
golang.org/x/oauth2 v0.15.0 // indirect
- golang.org/x/sys v0.16.0 // indirect
- golang.org/x/term v0.15.0 // indirect
+ golang.org/x/sys v0.19.0 // indirect
+ golang.org/x/term v0.19.0 // indirect
golang.org/x/text v0.14.0 // indirect
golang.org/x/time v0.5.0 // indirect
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
- google.golang.org/protobuf v1.31.0 // indirect
+ google.golang.org/protobuf v1.33.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
diff --git a/go.sum b/go.sum
index 5147182..847de69 100644
--- a/go.sum
+++ b/go.sum
@@ -189,8 +189,8 @@ golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
-golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
+golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
+golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ=
golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -199,10 +199,10 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
-golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
-golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
+golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q=
+golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -226,8 +226,8 @@ google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6
google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
-google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=