From ee2f5c6e1ef9a428cc32f6496e217fc3b3e196ed Mon Sep 17 00:00:00 2001 From: Saipriya-1144 Date: Thu, 30 Apr 2026 06:41:45 +0530 Subject: [PATCH] Update go, orjson versions to fix CVEs --- build/testStartupScriptGenerators.sh | 2 +- images/constants.yml | 1 - images/runtime/dotnetcore/10.0/noble.Dockerfile | 2 +- images/runtime/dotnetcore/8.0/bookworm.Dockerfile | 2 +- images/runtime/dotnetcore/8.0/bullseye.Dockerfile | 2 +- images/runtime/dotnetcore/9.0/bookworm.Dockerfile | 2 +- images/runtime/node/18/bullseye.Dockerfile | 2 +- images/runtime/node/20/bookworm.Dockerfile | 2 +- images/runtime/node/20/bullseye.Dockerfile | 2 +- images/runtime/node/22/bookworm.Dockerfile | 2 +- images/runtime/node/22/bullseye.Dockerfile | 2 +- images/runtime/node/24/noble.Dockerfile | 2 +- images/runtime/php-fpm/8.1/bullseye.Dockerfile | 2 +- images/runtime/php-fpm/8.2/bullseye.Dockerfile | 2 +- images/runtime/php-fpm/8.3/bookworm.Dockerfile | 2 +- images/runtime/php-fpm/8.3/bullseye.Dockerfile | 2 +- images/runtime/php-fpm/8.4/bookworm.Dockerfile | 2 +- images/runtime/php-fpm/8.4/bullseye.Dockerfile | 2 +- images/runtime/php-fpm/8.5/noble.Dockerfile | 2 +- images/runtime/python/noble.Dockerfile | 2 +- images/runtime/python/template.Dockerfile | 4 ++-- src/startupscriptgenerator/src/common/go.mod | 2 +- src/startupscriptgenerator/src/dotnetcore/go.mod | 2 +- src/startupscriptgenerator/src/hugo/go.mod | 2 +- src/startupscriptgenerator/src/node/go.mod | 2 +- src/startupscriptgenerator/src/php/go.mod | 2 +- src/startupscriptgenerator/src/python/go.mod | 2 +- tests/Oryx.RuntimeImage.Tests/Python/PythonImagesTests.cs | 3 --- 28 files changed, 27 insertions(+), 31 deletions(-) diff --git a/build/testStartupScriptGenerators.sh b/build/testStartupScriptGenerators.sh index 9cd3f1e6e8..4e59a80f34 100644 --- a/build/testStartupScriptGenerators.sh +++ b/build/testStartupScriptGenerators.sh @@ -25,7 +25,7 @@ declare -r MODULE_TO_TEST="..." declare -r CONTAINER_NAME="oryxtests_$RANDOM" echo "Running tests in golang docker image..." -docker run -v $GEN_DIR:$GEN_DIR_CONTAINER_RO:ro --name $CONTAINER_NAME mcr.microsoft.com/oss/go/microsoft/golang:1.26.1-bullseye bash -c \ +docker run -v $GEN_DIR:$GEN_DIR_CONTAINER_RO:ro --name $CONTAINER_NAME mcr.microsoft.com/oss/go/microsoft/golang:1.26.2-bullseye bash -c \ "cp -rf $GEN_DIR_CONTAINER_RO/* $GEN_DIR_CONTAINER && \ cd $GEN_DIR_CONTAINER && \ chmod u+x restorePackages.sh && \ diff --git a/images/constants.yml b/images/constants.yml index c124c4b983..643ffb661b 100644 --- a/images/constants.yml +++ b/images/constants.yml @@ -12,7 +12,6 @@ variables: node20osFlavors: bullseye,bookworm node22osFlavors: bullseye,bookworm node24osFlavors: noble - python39osFlavors: bullseye python310osFlavors: bullseye python311osFlavors: bullseye,bookworm python312osFlavors: bullseye,bookworm diff --git a/images/runtime/dotnetcore/10.0/noble.Dockerfile b/images/runtime/dotnetcore/10.0/noble.Dockerfile index a26686ee41..b1a0b9ed8d 100644 --- a/images/runtime/dotnetcore/10.0/noble.Dockerfile +++ b/images/runtime/dotnetcore/10.0/noble.Dockerfile @@ -22,7 +22,7 @@ RUN --mount=type=secret,id=vss_nuget_accesstoken,target=/run/secrets/vss_nuget_a dotnet tool install --tool-path /dotnetcore-tools dotnet-monitor --version 10.0.0-rc.1.25460.1 # Startup script generator -FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.1-bookworm AS startupCmdGen +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.2-bookworm AS startupCmdGen # GOPATH is set to "/go" in the base image WORKDIR /go/src diff --git a/images/runtime/dotnetcore/8.0/bookworm.Dockerfile b/images/runtime/dotnetcore/8.0/bookworm.Dockerfile index af9af26e9b..6cdfbe06fb 100644 --- a/images/runtime/dotnetcore/8.0/bookworm.Dockerfile +++ b/images/runtime/dotnetcore/8.0/bookworm.Dockerfile @@ -22,7 +22,7 @@ RUN --mount=type=secret,id=vss_nuget_accesstoken,target=/run/secrets/vss_nuget_a dotnet tool install --tool-path /dotnetcore-tools dotnet-monitor --version 8.* # Startup script generator -FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.1-bookworm AS startupCmdGen +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.2-bookworm AS startupCmdGen # GOPATH is set to "/go" in the base image WORKDIR /go/src diff --git a/images/runtime/dotnetcore/8.0/bullseye.Dockerfile b/images/runtime/dotnetcore/8.0/bullseye.Dockerfile index cd151add23..91781073b3 100644 --- a/images/runtime/dotnetcore/8.0/bullseye.Dockerfile +++ b/images/runtime/dotnetcore/8.0/bullseye.Dockerfile @@ -22,7 +22,7 @@ RUN --mount=type=secret,id=vss_nuget_accesstoken,target=/run/secrets/vss_nuget_a dotnet tool install --tool-path /dotnetcore-tools dotnet-monitor --version 8.* # Startup script generator -FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.1-bullseye AS startupCmdGen +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.2-bullseye AS startupCmdGen # GOPATH is set to "/go" in the base image WORKDIR /go/src diff --git a/images/runtime/dotnetcore/9.0/bookworm.Dockerfile b/images/runtime/dotnetcore/9.0/bookworm.Dockerfile index 05683f2f54..b9ea208cf3 100644 --- a/images/runtime/dotnetcore/9.0/bookworm.Dockerfile +++ b/images/runtime/dotnetcore/9.0/bookworm.Dockerfile @@ -22,7 +22,7 @@ RUN --mount=type=secret,id=vss_nuget_accesstoken,target=/run/secrets/vss_nuget_a dotnet tool install --tool-path /dotnetcore-tools dotnet-monitor --version 9.* # Startup script generator -FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.1-bookworm AS startupCmdGen +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.2-bookworm AS startupCmdGen # GOPATH is set to "/go" in the base image WORKDIR /go/src diff --git a/images/runtime/node/18/bullseye.Dockerfile b/images/runtime/node/18/bullseye.Dockerfile index 4442497d9e..5cb9df9724 100644 --- a/images/runtime/node/18/bullseye.Dockerfile +++ b/images/runtime/node/18/bullseye.Dockerfile @@ -1,7 +1,7 @@ ARG BASE_IMAGE # Startup script generator -FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.1-bullseye as startupCmdGen +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.2-bullseye as startupCmdGen # GOPATH is set to "/go" in the base image WORKDIR /go/src diff --git a/images/runtime/node/20/bookworm.Dockerfile b/images/runtime/node/20/bookworm.Dockerfile index 69da640f4b..ca1f6ab8c0 100644 --- a/images/runtime/node/20/bookworm.Dockerfile +++ b/images/runtime/node/20/bookworm.Dockerfile @@ -1,7 +1,7 @@ ARG BASE_IMAGE # Startup script generator -FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.1-bookworm as startupCmdGen +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.2-bookworm as startupCmdGen # GOPATH is set to "/go" in the base image WORKDIR /go/src diff --git a/images/runtime/node/20/bullseye.Dockerfile b/images/runtime/node/20/bullseye.Dockerfile index 8608d8b75c..c0809c9ae5 100644 --- a/images/runtime/node/20/bullseye.Dockerfile +++ b/images/runtime/node/20/bullseye.Dockerfile @@ -1,7 +1,7 @@ ARG BASE_IMAGE # Startup script generator -FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.1-bullseye as startupCmdGen +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.2-bullseye as startupCmdGen # GOPATH is set to "/go" in the base image WORKDIR /go/src diff --git a/images/runtime/node/22/bookworm.Dockerfile b/images/runtime/node/22/bookworm.Dockerfile index 5f827792c4..7fcf08c744 100644 --- a/images/runtime/node/22/bookworm.Dockerfile +++ b/images/runtime/node/22/bookworm.Dockerfile @@ -1,7 +1,7 @@ ARG BASE_IMAGE # Startup script generator -FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.1-bookworm as startupCmdGen +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.2-bookworm as startupCmdGen # GOPATH is set to "/go" in the base image WORKDIR /go/src diff --git a/images/runtime/node/22/bullseye.Dockerfile b/images/runtime/node/22/bullseye.Dockerfile index c0b3689295..7a631ae0a8 100644 --- a/images/runtime/node/22/bullseye.Dockerfile +++ b/images/runtime/node/22/bullseye.Dockerfile @@ -1,7 +1,7 @@ ARG BASE_IMAGE # Startup script generator -FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.1-bullseye as startupCmdGen +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.2-bullseye as startupCmdGen # GOPATH is set to "/go" in the base image WORKDIR /go/src diff --git a/images/runtime/node/24/noble.Dockerfile b/images/runtime/node/24/noble.Dockerfile index bede45296d..6898377400 100644 --- a/images/runtime/node/24/noble.Dockerfile +++ b/images/runtime/node/24/noble.Dockerfile @@ -2,7 +2,7 @@ ARG BASE_IMAGE ARG FEED_ACCESSTOKEN # Startup script generator -FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.1-bullseye as startupCmdGen +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.2-bullseye as startupCmdGen # GOPATH is set to "/go" in the base image WORKDIR /go/src diff --git a/images/runtime/php-fpm/8.1/bullseye.Dockerfile b/images/runtime/php-fpm/8.1/bullseye.Dockerfile index 5a2f643731..1c17c50245 100644 --- a/images/runtime/php-fpm/8.1/bullseye.Dockerfile +++ b/images/runtime/php-fpm/8.1/bullseye.Dockerfile @@ -1,7 +1,7 @@ ARG BASE_IMAGE # Startup script generator -FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.1-bullseye as startupCmdGen +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.2-bullseye as startupCmdGen # GOPATH is set to "/go" in the base image WORKDIR /go/src diff --git a/images/runtime/php-fpm/8.2/bullseye.Dockerfile b/images/runtime/php-fpm/8.2/bullseye.Dockerfile index 03ae689447..ac23fed954 100644 --- a/images/runtime/php-fpm/8.2/bullseye.Dockerfile +++ b/images/runtime/php-fpm/8.2/bullseye.Dockerfile @@ -1,7 +1,7 @@ ARG BASE_IMAGE # Startup script generator -FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.1-bullseye as startupCmdGen +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.2-bullseye as startupCmdGen # GOPATH is set to "/go" in the base image WORKDIR /go/src diff --git a/images/runtime/php-fpm/8.3/bookworm.Dockerfile b/images/runtime/php-fpm/8.3/bookworm.Dockerfile index 8b6a1e02ce..61b5148b73 100644 --- a/images/runtime/php-fpm/8.3/bookworm.Dockerfile +++ b/images/runtime/php-fpm/8.3/bookworm.Dockerfile @@ -1,6 +1,6 @@ ARG BASE_IMAGE # Startup script generator -FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.1-bookworm as startupCmdGen +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.2-bookworm as startupCmdGen # GOPATH is set to "/go" in the base image WORKDIR /go/src diff --git a/images/runtime/php-fpm/8.3/bullseye.Dockerfile b/images/runtime/php-fpm/8.3/bullseye.Dockerfile index 4f99fb72a0..46fa1e05a3 100644 --- a/images/runtime/php-fpm/8.3/bullseye.Dockerfile +++ b/images/runtime/php-fpm/8.3/bullseye.Dockerfile @@ -1,7 +1,7 @@ ARG BASE_IMAGE # Startup script generator -FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.1-bullseye as startupCmdGen +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.2-bullseye as startupCmdGen # GOPATH is set to "/go" in the base image WORKDIR /go/src diff --git a/images/runtime/php-fpm/8.4/bookworm.Dockerfile b/images/runtime/php-fpm/8.4/bookworm.Dockerfile index 981cee4f1e..1d9f301886 100644 --- a/images/runtime/php-fpm/8.4/bookworm.Dockerfile +++ b/images/runtime/php-fpm/8.4/bookworm.Dockerfile @@ -1,6 +1,6 @@ ARG BASE_IMAGE # Startup script generator -FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.1-bookworm as startupCmdGen +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.2-bookworm as startupCmdGen # GOPATH is set to "/go" in the base image WORKDIR /go/src diff --git a/images/runtime/php-fpm/8.4/bullseye.Dockerfile b/images/runtime/php-fpm/8.4/bullseye.Dockerfile index 3e6161c1e3..1329d91eeb 100644 --- a/images/runtime/php-fpm/8.4/bullseye.Dockerfile +++ b/images/runtime/php-fpm/8.4/bullseye.Dockerfile @@ -1,7 +1,7 @@ ARG BASE_IMAGE # Startup script generator -FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.1-bullseye as startupCmdGen +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.2-bullseye as startupCmdGen # GOPATH is set to "/go" in the base image WORKDIR /go/src diff --git a/images/runtime/php-fpm/8.5/noble.Dockerfile b/images/runtime/php-fpm/8.5/noble.Dockerfile index ce055c6b9a..b5474e211c 100644 --- a/images/runtime/php-fpm/8.5/noble.Dockerfile +++ b/images/runtime/php-fpm/8.5/noble.Dockerfile @@ -1,6 +1,6 @@ ARG BASE_IMAGE # Startup script generator -FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.1-bookworm as startupCmdGen +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.2-bookworm as startupCmdGen # GOPATH is set to "/go" in the base image WORKDIR /go/src diff --git a/images/runtime/python/noble.Dockerfile b/images/runtime/python/noble.Dockerfile index 9a950e9885..8e04f84a82 100644 --- a/images/runtime/python/noble.Dockerfile +++ b/images/runtime/python/noble.Dockerfile @@ -2,7 +2,7 @@ ARG OS_FLAVOR ARG BASE_IMAGE # Startup script generator -FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.1-bookworm as startupCmdGen +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.2-bookworm as startupCmdGen # GOPATH is set to "/go" in the base image WORKDIR /go/src diff --git a/images/runtime/python/template.Dockerfile b/images/runtime/python/template.Dockerfile index 6335f7bf2a..4e420d64de 100644 --- a/images/runtime/python/template.Dockerfile +++ b/images/runtime/python/template.Dockerfile @@ -2,7 +2,7 @@ ARG DEBIAN_FLAVOR ARG BASE_IMAGE # Startup script generator -FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.1-${DEBIAN_FLAVOR} as startupCmdGen +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.26.2-${DEBIAN_FLAVOR} as startupCmdGen WORKDIR /go/src COPY src/startupscriptgenerator/src . @@ -90,7 +90,7 @@ RUN ${IMAGES_DIR}/runtime/python/install-dependencies.sh RUN --mount=type=secret,id=pip_index_url,target=/run/secrets/pip_index_url \ pip install --index-url $(cat /run/secrets/pip_index_url) --upgrade pip && \ pip install --index-url $(cat /run/secrets/pip_index_url) gunicorn debugpy viztracer==0.15.6 vizplugins==0.1.3 && \ - if [ "${PYTHON_VERSION}" != "3.12" ] && [ "${PYTHON_VERSION}" != "3.7" ]; then pip install --index-url $(cat /run/secrets/pip_index_url) orjson==3.10.7; fi && \ + if [ "${PYTHON_VERSION}" != "3.12" ] && [ "${PYTHON_VERSION}" != "3.7" ]; then pip install --index-url $(cat /run/secrets/pip_index_url) orjson==3.11.8; fi && \ if [ "${PYTHON_VERSION}" = "3.7" ] || [ "${PYTHON_VERSION}" = "3.8" ]; then curl -LO http://ftp.de.debian.org/debian/pool/main/libf/libffi/libffi6_3.2.1-9_amd64.deb \ && dpkg -i libffi6_3.2.1-9_amd64.deb \ && rm libffi6_3.2.1-9_amd64.deb; fi && \ diff --git a/src/startupscriptgenerator/src/common/go.mod b/src/startupscriptgenerator/src/common/go.mod index e03297cc2f..72ddec043b 100644 --- a/src/startupscriptgenerator/src/common/go.mod +++ b/src/startupscriptgenerator/src/common/go.mod @@ -1,6 +1,6 @@ module common -go 1.26.1 +go 1.26.2 require ( github.com/BurntSushi/toml v1.5.0 diff --git a/src/startupscriptgenerator/src/dotnetcore/go.mod b/src/startupscriptgenerator/src/dotnetcore/go.mod index 2deff6bd3b..c3244aee03 100644 --- a/src/startupscriptgenerator/src/dotnetcore/go.mod +++ b/src/startupscriptgenerator/src/dotnetcore/go.mod @@ -1,6 +1,6 @@ module dotnetcore -go 1.26.1 +go 1.26.2 require github.com/Masterminds/semver v1.5.0 diff --git a/src/startupscriptgenerator/src/hugo/go.mod b/src/startupscriptgenerator/src/hugo/go.mod index 2ba1e75590..a0aabe38cd 100644 --- a/src/startupscriptgenerator/src/hugo/go.mod +++ b/src/startupscriptgenerator/src/hugo/go.mod @@ -1,6 +1,6 @@ module hugo -go 1.26.1 +go 1.26.2 replace gopkg.in/yaml.v2 v2.2.1 => gopkg.in/yaml.v2 v2.4.0 diff --git a/src/startupscriptgenerator/src/node/go.mod b/src/startupscriptgenerator/src/node/go.mod index 69f0198609..20db922183 100644 --- a/src/startupscriptgenerator/src/node/go.mod +++ b/src/startupscriptgenerator/src/node/go.mod @@ -1,6 +1,6 @@ module node -go 1.26.1 +go 1.26.2 require github.com/stretchr/testify v1.10.0 diff --git a/src/startupscriptgenerator/src/php/go.mod b/src/startupscriptgenerator/src/php/go.mod index 515e09a75f..f40eb2532f 100644 --- a/src/startupscriptgenerator/src/php/go.mod +++ b/src/startupscriptgenerator/src/php/go.mod @@ -1,6 +1,6 @@ module php -go 1.26.1 +go 1.26.2 replace gopkg.in/yaml.v2 v2.2.1 => gopkg.in/yaml.v2 v2.4.0 diff --git a/src/startupscriptgenerator/src/python/go.mod b/src/startupscriptgenerator/src/python/go.mod index 98df5ef291..36eb186e91 100644 --- a/src/startupscriptgenerator/src/python/go.mod +++ b/src/startupscriptgenerator/src/python/go.mod @@ -1,6 +1,6 @@ module python -go 1.26.1 +go 1.26.2 require github.com/stretchr/testify v1.11.1 diff --git a/tests/Oryx.RuntimeImage.Tests/Python/PythonImagesTests.cs b/tests/Oryx.RuntimeImage.Tests/Python/PythonImagesTests.cs index a869f0d331..3b475b611c 100644 --- a/tests/Oryx.RuntimeImage.Tests/Python/PythonImagesTests.cs +++ b/tests/Oryx.RuntimeImage.Tests/Python/PythonImagesTests.cs @@ -20,7 +20,6 @@ public PythonImagesTest(ITestOutputHelper output) : base(output) [Theory] [Trait("category", "runtime-bullseye")] - [InlineData("3.9")] [InlineData("3.10")] [InlineData("3.11")] [InlineData("3.12")] @@ -100,7 +99,6 @@ public void PythonBookwormRuntimeImage_Contains_VersionAndCommit_Information(str [Theory] [Trait("category", "runtime-bullseye")] - [InlineData("3.9")] [InlineData("3.10")] [InlineData("3.11")] [InlineData("3.12")] @@ -185,7 +183,6 @@ public void PythonVersionMatchesBookwormImageName(string pythonVersion, string e [Theory] [Trait("category", "runtime-bullseye")] - [InlineData("3.9", "Python " + PythonVersions.Python39Version)] [InlineData("3.10", "Python " + PythonVersions.Python310Version)] [InlineData("3.11", "Python " + PythonVersions.Python311Version)] [InlineData("3.12", "Python " + PythonVersions.Python312Version)]