Skip to content

Commit 7ffa6aa

Browse files
SergKSergK
committed
chore: Bump Go to 1.25.8 and update dependencies
 - Upgrade Go version from 1.24.0 to 1.25.8 - Bump tektoncd/pipeline from 1.6.0 to 1.10.2 (fixes critical path traversal CVE) - Bump google.golang.org/grpc to 1.79.3 (fixes critical authorization bypass CVE) - Update Operator SDK from 1.41.1 to 1.42.2 - Update GitHub Actions to latest stable versions: - azure/setup-helm: v3 → v4 - actions/setup-python: v4 → v6 - helm/chart-testing-action: v2.6.0 → v2.8.0 - hadolint/hadolint-action: v1.5.0 → v3 Signed-off-by: Sergiy Kulanov <sergiy_kulanov@epam.com>
1 parent 868c6b3 commit 7ffa6aa

5 files changed

Lines changed: 174 additions & 652 deletions

File tree

.github/workflows/pr.yaml

Lines changed: 5 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ permissions:
1414
security-events: write
1515

1616
env:
17-
GOLANG_VERSION: '1.24'
17+
GOLANG_VERSION: '1.25'
1818

1919
jobs:
2020

@@ -77,17 +77,15 @@ jobs:
7777
fetch-depth: 0
7878

7979
- name: Set up Helm
80-
uses: azure/setup-helm@v3
81-
with:
82-
version: v3.12.1
80+
uses: azure/setup-helm@v4
8381

84-
- uses: actions/setup-python@v4
82+
- uses: actions/setup-python@v6
8583
with:
8684
python-version: '3.10'
8785
check-latest: true
8886

8987
- name: Set up chart-testing
90-
uses: helm/chart-testing-action@v2.6.0
88+
uses: helm/chart-testing-action@v2.8.0
9189

9290
- name: Run chart-testing (lint)
9391
run: ct lint --target-branch ${{ github.event.repository.default_branch }} \
@@ -130,6 +128,6 @@ jobs:
130128
- name: Checkout code
131129
uses: actions/checkout@v6
132130
- name: Run hadolint
133-
uses: hadolint/hadolint-action@v1.5.0
131+
uses: hadolint/hadolint-action@v3
134132
with:
135133
dockerfile: Dockerfile

.github/workflows/release.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ permissions:
88
contents: read
99

1010
env:
11-
GOLANG_VERSION: '1.24'
11+
GOLANG_VERSION: '1.25'
1212

1313
jobs:
1414
prepare-release:

Makefile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -112,7 +112,7 @@ vet: ## Run go vet against code.
112112
.PHONY: test
113113
test: setup-envtest
114114
KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" \
115-
go test ./... -coverprofile=coverage.out `go list ./...`
115+
go test ./... -coverprofile=coverage.out
116116

117117
.PHONY: lint
118118
lint: golangci-lint ## Run golangci-lint linter
@@ -228,7 +228,7 @@ GOLANGCI_LINT_VERSION ?= v2.8.0
228228
HELMDOCS_VERSION ?= v1.14.2
229229
GITCHGLOG_VERSION ?= v0.15.4
230230
CRDOC_VERSION ?= v0.6.4
231-
OPERATOR_SDK_VERSION ?= v1.41.1
231+
OPERATOR_SDK_VERSION ?= v1.42.2
232232

233233
## Tool Binaries
234234
KUBECTL ?= kubectl

go.mod

Lines changed: 55 additions & 59 deletions
Original file line numberDiff line numberDiff line change
@@ -1,37 +1,31 @@
11
module github.com/KubeRocketCI/tekton-custom-task
22

3-
go 1.24.0
3+
go 1.25.8
44

55
require (
66
github.com/onsi/ginkgo/v2 v2.23.4
77
github.com/onsi/gomega v1.36.3
8-
github.com/tektoncd/pipeline v1.6.0
9-
k8s.io/api v0.33.7
10-
k8s.io/apimachinery v0.33.7
11-
k8s.io/client-go v0.33.7
12-
k8s.io/utils v0.0.0-20241210054802-24370beab758
8+
github.com/tektoncd/pipeline v1.10.2
9+
k8s.io/api v0.34.3
10+
k8s.io/apimachinery v0.34.3
11+
k8s.io/client-go v0.34.3
12+
k8s.io/utils v0.0.0-20250604170112-4c0f3b243397
1313
sigs.k8s.io/controller-runtime v0.21.0
1414
)
1515

1616
require (
17-
cel.dev/expr v0.24.0 // indirect
18-
contrib.go.opencensus.io/exporter/ocagent v0.7.1-0.20200907061046-05415f1de66d // indirect
19-
contrib.go.opencensus.io/exporter/prometheus v0.4.2 // indirect
20-
github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
17+
cel.dev/expr v0.25.1 // indirect
18+
github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
2119
github.com/beorn7/perks v1.0.1 // indirect
2220
github.com/blang/semver/v4 v4.0.0 // indirect
23-
github.com/blendle/zapdriver v1.3.1 // indirect
24-
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
25-
github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
21+
github.com/cenkalti/backoff/v5 v5.0.3 // indirect
2622
github.com/cespare/xxhash/v2 v2.3.0 // indirect
2723
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
28-
github.com/emicklei/go-restful/v3 v3.12.1 // indirect
24+
github.com/emicklei/go-restful/v3 v3.12.2 // indirect
2925
github.com/evanphx/json-patch/v5 v5.9.11 // indirect
3026
github.com/felixge/httpsnoop v1.0.4 // indirect
31-
github.com/fsnotify/fsnotify v1.7.0 // indirect
32-
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
33-
github.com/go-kit/log v0.2.1 // indirect
34-
github.com/go-logfmt/logfmt v0.5.1 // indirect
27+
github.com/fsnotify/fsnotify v1.9.0 // indirect
28+
github.com/fxamacker/cbor/v2 v2.9.0 // indirect
3529
github.com/go-logr/logr v1.4.3 // indirect
3630
github.com/go-logr/stdr v1.2.2 // indirect
3731
github.com/go-logr/zapr v1.3.0 // indirect
@@ -40,74 +34,76 @@ require (
4034
github.com/go-openapi/swag v0.23.0 // indirect
4135
github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
4236
github.com/gogo/protobuf v1.3.2 // indirect
43-
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
44-
github.com/golang/protobuf v1.5.4 // indirect
4537
github.com/google/btree v1.1.3 // indirect
46-
github.com/google/cel-go v0.26.0 // indirect
47-
github.com/google/gnostic-models v0.6.9 // indirect
38+
github.com/google/cel-go v0.27.0 // indirect
39+
github.com/google/gnostic-models v0.7.0 // indirect
4840
github.com/google/go-cmp v0.7.0 // indirect
4941
github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 // indirect
5042
github.com/google/uuid v1.6.0 // indirect
51-
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.1 // indirect
43+
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 // indirect
5244
github.com/inconshreveable/mousetrap v1.1.0 // indirect
5345
github.com/josharian/intern v1.0.0 // indirect
5446
github.com/json-iterator/go v1.1.12 // indirect
5547
github.com/mailru/easyjson v0.9.0 // indirect
5648
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
57-
github.com/modern-go/reflect2 v1.0.2 // indirect
49+
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
5850
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
5951
github.com/pkg/errors v0.9.1 // indirect
60-
github.com/prometheus/client_golang v1.22.0 // indirect
61-
github.com/prometheus/client_model v0.6.1 // indirect
62-
github.com/prometheus/common v0.62.0 // indirect
63-
github.com/prometheus/procfs v0.15.1 // indirect
64-
github.com/prometheus/statsd_exporter v0.22.7 // indirect
65-
github.com/spf13/cobra v1.8.1 // indirect
66-
github.com/spf13/pflag v1.0.6 // indirect
67-
github.com/stoewer/go-strcase v1.3.0 // indirect
52+
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
53+
github.com/prometheus/client_golang v1.23.2 // indirect
54+
github.com/prometheus/client_model v0.6.2 // indirect
55+
github.com/prometheus/common v0.67.4 // indirect
56+
github.com/prometheus/otlptranslator v1.0.0 // indirect
57+
github.com/prometheus/procfs v0.19.2 // indirect
58+
github.com/spf13/cobra v1.9.1 // indirect
59+
github.com/spf13/pflag v1.0.10 // indirect
6860
github.com/x448/float16 v0.8.4 // indirect
69-
go.opencensus.io v0.24.0 // indirect
7061
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
71-
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
62+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 // indirect
7263
go.opentelemetry.io/otel v1.40.0 // indirect
73-
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.37.0 // indirect
74-
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0 // indirect
64+
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.39.0 // indirect
65+
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.39.0 // indirect
66+
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.39.0 // indirect
67+
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.39.0 // indirect
68+
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.39.0 // indirect
69+
go.opentelemetry.io/otel/exporters/prometheus v0.61.0 // indirect
70+
go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.39.0 // indirect
7571
go.opentelemetry.io/otel/metric v1.40.0 // indirect
7672
go.opentelemetry.io/otel/sdk v1.40.0 // indirect
73+
go.opentelemetry.io/otel/sdk/metric v1.40.0 // indirect
7774
go.opentelemetry.io/otel/trace v1.40.0 // indirect
78-
go.opentelemetry.io/proto/otlp v1.7.0 // indirect
75+
go.opentelemetry.io/proto/otlp v1.9.0 // indirect
7976
go.uber.org/automaxprocs v1.6.0 // indirect
8077
go.uber.org/multierr v1.11.0 // indirect
81-
go.uber.org/zap v1.27.0 // indirect
82-
go.yaml.in/yaml/v2 v2.4.2 // indirect
78+
go.uber.org/zap v1.27.1 // indirect
79+
go.yaml.in/yaml/v2 v2.4.3 // indirect
80+
go.yaml.in/yaml/v3 v3.0.4 // indirect
8381
golang.org/x/exp v0.0.0-20250210185358-939b2ce775ac // indirect
84-
golang.org/x/net v0.45.0 // indirect
85-
golang.org/x/oauth2 v0.30.0 // indirect
86-
golang.org/x/sync v0.17.0 // indirect
87-
golang.org/x/sys v0.40.0 // indirect
88-
golang.org/x/term v0.36.0 // indirect
89-
golang.org/x/text v0.30.0 // indirect
90-
golang.org/x/time v0.12.0 // indirect
91-
golang.org/x/tools v0.37.0 // indirect
82+
golang.org/x/net v0.50.0 // indirect
83+
golang.org/x/oauth2 v0.35.0 // indirect
84+
golang.org/x/sync v0.19.0 // indirect
85+
golang.org/x/sys v0.41.0 // indirect
86+
golang.org/x/term v0.40.0 // indirect
87+
golang.org/x/text v0.34.0 // indirect
88+
golang.org/x/time v0.14.0 // indirect
89+
golang.org/x/tools v0.42.0 // indirect
9290
gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
93-
google.golang.org/api v0.233.0 // indirect
94-
google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7 // indirect
95-
google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 // indirect
96-
google.golang.org/grpc v1.75.0 // indirect
97-
google.golang.org/protobuf v1.36.10 // indirect
91+
google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409 // indirect
92+
google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 // indirect
93+
google.golang.org/grpc v1.79.3 // indirect
94+
google.golang.org/protobuf v1.36.11 // indirect
9895
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
9996
gopkg.in/inf.v0 v0.9.1 // indirect
100-
gopkg.in/yaml.v2 v2.4.0 // indirect
10197
gopkg.in/yaml.v3 v3.0.1 // indirect
102-
k8s.io/apiextensions-apiserver v0.33.0 // indirect
103-
k8s.io/apiserver v0.33.0 // indirect
104-
k8s.io/component-base v0.33.0 // indirect
98+
k8s.io/apiextensions-apiserver v0.34.3 // indirect
99+
k8s.io/apiserver v0.34.3 // indirect
100+
k8s.io/component-base v0.34.3 // indirect
105101
k8s.io/klog/v2 v2.130.1 // indirect
106-
k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
107-
knative.dev/pkg v0.0.0-20250415155312-ed3e2158b883 // indirect
102+
k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect
103+
knative.dev/pkg v0.0.0-20260120122510-4a022ed9999a // indirect
108104
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2 // indirect
109105
sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
110106
sigs.k8s.io/randfill v1.0.0 // indirect
111-
sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect
107+
sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect
112108
sigs.k8s.io/yaml v1.6.0 // indirect
113109
)

0 commit comments

Comments
 (0)