Ruigao/fix 1.6 docker

contrib/aks/scripts/config-ipoib.sh

@@ -15,6 +15,7 @@ wait_for_dpkg_lock() {
         echo "Timed out waiting for dpkg lock."
         exit 124
     fi
+    dpkg --configure -a || true
     bash -c 'exec "$@"' -- "$@"
 }
 

contrib/aks/scripts/install-fuse.sh

@@ -21,6 +21,7 @@ wait_for_dpkg_lock() {
         echo "Timed out waiting for dpkg lock."
         exit 124
     fi
+    dpkg --configure -a || true
     bash -c 'exec "$@"' -- "$@"
 }
 

contrib/kubespray/script/modify_csi_blob_node_yaml.py

@@ -42,12 +42,13 @@ def modify(yaml_url):
             node_selector_terms = data['spec']['template']['spec']['affinity']['nodeAffinity']['requiredDuringSchedulingIgnoredDuringExecution']['nodeSelectorTerms']
             node_selector_terms[0]['matchExpressions'].extend(node_affinity_config['matchExpressions'])
 
-    # Convert the modified YAML content back to a string
+    # Convert the modified YAML content back to a string, filtering out empty documents
+    documents = [doc for doc in documents if doc]
     modified_yaml_content = yaml.dump_all(documents, default_flow_style=False)
     return modified_yaml_content
 
 if __name__ == "__main__":
-    url = sys.argv[1] if len(sys.argv) > 1 else "https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/refs/heads/master/deploy/csi-blob-node.yaml"
+    url = sys.argv[1] if len(sys.argv) > 1 else "https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/refs/tags/v1.27.4/deploy/csi-blob-node.yaml"
     output_file = sys.argv[2] if len(sys.argv) > 2 else "modified_csi-blob-node.yaml"
     modified_yaml_content = modify(url)
     with open(output_file, 'w') as yaml_file:

src/alert-manager/build/job-status-change-notification.common.dockerfile

@@ -10,7 +10,7 @@ WORKDIR /usr/src/app
 
 # Copy package files and openpaidbsdk source (needed for file: dependency resolution)
 COPY ./src/job-status-change-notification/package.json ./src/job-status-change-notification/yarn.lock* ./src/job-status-change-notification/.yarnrc.yml ./
-COPY ./src/job-status-change-notification/openpaidbsdk/package.json ./openpaidbsdk/package.json
+COPY ./src/job-status-change-notification/openpaidbsdk ./openpaidbsdk
 
 RUN corepack enable && corepack install -g yarn@4.2.2
 RUN yarn workspaces focus --production

src/alert-manager/build/node-issue-classifier.common.dockerfile

@@ -10,7 +10,10 @@ RUN tdnf update -y && tdnf clean all
 # install kusto sdk
 COPY ./src/node-issue-classifier .
 
-RUN pip3 install --no-cache-dir -r requirements.txt
+RUN tdnf remove -y python3-pip && \
+    python3 -m ensurepip && \
+    python3 -m pip install --no-cache-dir --upgrade pip && \
+    pip3 install --no-cache-dir -r requirements.txt
 
 # Run the service
 ENTRYPOINT ["python3", "classifier_scheduler.py"]

src/alert-manager/build/node-recycler.common.dockerfile

@@ -9,6 +9,9 @@ RUN tdnf update -y && tdnf clean all
 
 COPY ./src/node-recycler .
 
-RUN pip3 install -r requirements.txt
+RUN tdnf remove -y python3-pip && \
+    python3 -m ensurepip && \
+    python3 -m pip install --no-cache-dir --upgrade pip && \
+    pip3 install -r requirements.txt
 
 ENTRYPOINT ["python3", "recycler.py"]

src/alert-manager/build/redis-monitoring.common.dockerfile

@@ -1,16 +1,16 @@
 # Redis with Built-in Monitoring Tools for Node Failure Detection
 # Based on official Redis Alpine image with custom monitoring capabilities
-FROM golang:1.25 AS gosu
+FROM golang:1.25.10 AS gosu
 
 WORKDIR /src
 
 RUN git clone --branch 1.19 --depth 1 https://github.com/tianon/gosu.git .
 
-RUN go mod edit -go=1.25 \
- && go mod edit -toolchain=go1.25 \
- && go mod tidy -compat=1.25
+RUN go mod edit -go=1.25.10 \
+ && go mod edit -toolchain=go1.25.10 \
+ && go mod tidy -compat=1.25.10
 
-RUN go get -u ./... && go mod tidy -compat=1.25
+RUN go get -u ./... && go mod tidy -compat=1.25.10
 
 RUN go mod download
 

src/alert-manager/src/alert-handler/package.json

@@ -74,7 +74,8 @@
     "flatted": "^3.4.2",
     "ajv": "^6.14.0",
     "nodemailer": "^8.0.5",
-    "follow-redirects": "^1.16.0"
+    "follow-redirects": "^1.16.0",
+    "ip-address": "^10.1.1"
   },
   "scripts": {
     "lint": "eslint .",

src/alert-manager/src/alert-handler/yarn.lock

@@ -2632,10 +2632,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"ip-address@npm:^10.0.1":
-  version: 10.1.0
-  resolution: "ip-address@npm:10.1.0"
-  checksum: 10c0/0103516cfa93f6433b3bd7333fa876eb21263912329bfa47010af5e16934eeeff86f3d2ae700a3744a137839ddfad62b900c7a445607884a49b5d1e32a3d7566
+"ip-address@npm:^10.1.1":
+  version: 10.2.0
+  resolution: "ip-address@npm:10.2.0"
+  checksum: 10c0/5a00aada6e922c9c69dfc800ed5d0fa3348675ebdeed0e1575f503f27ca385b5f534363c9af7ad1daf64c1f1409388cdd3cc2e9b9b0fe1c924a431378d55075a
   languageName: node
   linkType: hard
 

src/alert-manager/src/job-status-change-notification/package.json

@@ -59,7 +59,9 @@
     "mailparser": ">=3.9.3",
     "validator": "^13.15.22",
     "semver": "^6.3.1",
-    "follow-redirects": "^1.16.0"
+    "follow-redirects": "^1.16.0",
+    "axios": "^1.15.1",
+    "fast-uri": "^3.1.1"
   },
   "scripts": {
     "lint": "eslint .",

src/alert-manager/src/job-status-change-notification/yarn.lock

@@ -257,6 +257,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"agent-base@npm:6":
+  version: 6.0.2
+  resolution: "agent-base@npm:6.0.2"
+  dependencies:
+    debug: "npm:4"
+  checksum: 10c0/dc4f757e40b5f3e3d674bc9beb4f1048f4ee83af189bae39be99f57bf1f48dde166a8b0a5342a84b5944ee8e6ed1e5a9d801858f4ad44764e84957122fe46261
+  languageName: node
+  linkType: hard
+
 "ajv@npm:^8.18.0":
   version: 8.18.0
   resolution: "ajv@npm:8.18.0"
@@ -404,14 +413,15 @@ __metadata:
   languageName: node
   linkType: hard
 
-"axios@npm:^1.15.0":
-  version: 1.15.0
-  resolution: "axios@npm:1.15.0"
+"axios@npm:^1.15.1":
+  version: 1.16.1
+  resolution: "axios@npm:1.16.1"
   dependencies:
-    follow-redirects: "npm:^1.15.11"
+    follow-redirects: "npm:^1.16.0"
     form-data: "npm:^4.0.5"
+    https-proxy-agent: "npm:^5.0.1"
     proxy-from-env: "npm:^2.1.0"
-  checksum: 10c0/47e0f860e98d4d7aa145e89ce0cae00e1fb0f1d2485f065c21fce955ddb1dba4103a46bd0e47acd18a27208a7f62c96249e620db575521b92a968619ab133409
+  checksum: 10c0/2f77e37e6552bbff8a772d058fb09500198e9188c6b20dc799d82dbe12a8cb506f6eed4e4e62a9ba612a35cbab496faa26d68f9bff14a53af6d15c3e136391a7
   languageName: node
   linkType: hard
 
@@ -563,16 +573,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"debug@npm:^3.2.7":
-  version: 3.2.7
-  resolution: "debug@npm:3.2.7"
-  dependencies:
-    ms: "npm:^2.1.1"
-  checksum: 10c0/37d96ae42cbc71c14844d2ae3ba55adf462ec89fd3a999459dec3833944cd999af6007ff29c780f1c61153bcaaf2c842d1e4ce1ec621e4fc4923244942e4a02a
-  languageName: node
-  linkType: hard
-
-"debug@npm:^4.3.1, debug@npm:^4.3.2, debug@npm:^4.3.4":
+"debug@npm:4, debug@npm:^4.3.1, debug@npm:^4.3.2, debug@npm:^4.3.4":
   version: 4.4.3
   resolution: "debug@npm:4.4.3"
   dependencies:
@@ -584,6 +585,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"debug@npm:^3.2.7":
+  version: 3.2.7
+  resolution: "debug@npm:3.2.7"
+  dependencies:
+    ms: "npm:^2.1.1"
+  checksum: 10c0/37d96ae42cbc71c14844d2ae3ba55adf462ec89fd3a999459dec3833944cd999af6007ff29c780f1c61153bcaaf2c842d1e4ce1ec621e4fc4923244942e4a02a
+  languageName: node
+  linkType: hard
+
 "deep-is@npm:^0.1.3":
   version: 0.1.4
   resolution: "deep-is@npm:0.1.4"
@@ -1062,10 +1072,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"fast-uri@npm:^3.0.1":
-  version: 3.1.0
-  resolution: "fast-uri@npm:3.1.0"
-  checksum: 10c0/44364adca566f70f40d1e9b772c923138d47efeac2ae9732a872baafd77061f26b097ba2f68f0892885ad177becd065520412b8ffeec34b16c99433c5b9e2de7
+"fast-uri@npm:^3.1.1":
+  version: 3.1.2
+  resolution: "fast-uri@npm:3.1.2"
+  checksum: 10c0/5b35641895959f3f7ab7a7b1b5542bded159346f25ec9f256817b206d50b64eda5828e90d605a2e2fc645c90519a7259c2bab2c942ee728c88b88e5be21b090d
   languageName: node
   linkType: hard
 
@@ -1304,6 +1314,16 @@ __metadata:
   languageName: node
   linkType: hard
 
+"https-proxy-agent@npm:^5.0.1":
+  version: 5.0.1
+  resolution: "https-proxy-agent@npm:5.0.1"
+  dependencies:
+    agent-base: "npm:6"
+    debug: "npm:4"
+  checksum: 10c0/6dd639f03434003577c62b27cafdb864784ef19b2de430d8ae2a1d45e31c4fd60719e5637b44db1a88a046934307da7089e03d6089ec3ddacc1189d8de8897d1
+  languageName: node
+  linkType: hard
+
 "ignore@npm:^5.1.1, ignore@npm:^5.2.0":
   version: 5.3.2
   resolution: "ignore@npm:5.3.2"

src/cilium/build/cilium-agent.common.dockerfile

@@ -16,19 +16,19 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
 # Build cilium agent from source with updated Go.
-# This fixes Go stdlib and grpc vulnerabilities by compiling with Go 1.25.9
+# This fixes Go stdlib and grpc vulnerabilities by compiling with Go 1.25.10
 # (latest 1.25.x patch). All Go binaries (cilium, hubble, CNI plugins) are
 # compiled from source so no pre-built binaries from the base image are used.
 # Runtime base is the official cilium-runtime image (Ubuntu 24.04 + LLVM + BPF tools)
 # with OS-level security patches applied.
 #
 
-ARG GOLANG_VERSION=1.25.9
-ARG CILIUM_VERSION=v1.18.9
+ARG GOLANG_VERSION=1.25.10
+ARG CILIUM_VERSION=v1.18.10
 ARG CNI_PLUGINS_VERSION=v1.9.0
 ARG GOPS_VERSION=v0.3.27
-ARG CILIUM_RUNTIME_IMAGE=quay.io/cilium/cilium-runtime:13e905399a00ec93849808d5dc775ccc4a6a91a6@sha256:86dfbe17994adef8e7817b8d97351fd0120576a5fc845198f7d39a2788b891e9
-ARG CILIUM_ENVOY_IMAGE=quay.io/cilium/cilium-envoy:v1.36.6-1776000132-2437d2edeaf4d9b56ef279bd0d71127440c067aa@sha256:ba0ab8adac082d50d525fd2c5ba096c8facea3a471561b7c61c7a5b9c2e0de0d
+ARG CILIUM_RUNTIME_IMAGE=quay.io/cilium/cilium-runtime:5615e8b62b0b47ad5a586bf459d0c072eaa0442a@sha256:5edc984f0a8f4ae208d60490a3234d1950b5497d2646980328e69f4a73c50e85
+ARG CILIUM_ENVOY_IMAGE=quay.io/cilium/cilium-envoy:v1.36.6-1778235340-b87d1e32f522b33bd51701c6476d199326f01496@sha256:71d4fa0ec45e8d546dbd5604e169dc77fe92be63b799313bff031d00d89762e3
 
 # Stage 1: Build all Go binaries from source with Go 1.25.9
 FROM golang:${GOLANG_VERSION} AS builder

src/cilium/build/cilium-envoy.common.dockerfile

@@ -16,12 +16,12 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
 # Rebuild cilium-envoy image with latest OS security patches.
-# Base: official cilium-envoy matching cilium v1.18.9
+# Base: official cilium-envoy matching cilium v1.18.10
 # This patches OS-level CVEs (libc6, libgnutls30t64, libsystemd0).
 #
 
-ARG CILIUM_ENVOY_TAG=v1.36.6-1776000132-2437d2edeaf4d9b56ef279bd0d71127440c067aa
-FROM quay.io/cilium/cilium-envoy:${CILIUM_ENVOY_TAG}@sha256:ba0ab8adac082d50d525fd2c5ba096c8facea3a471561b7c61c7a5b9c2e0de0d
+ARG CILIUM_ENVOY_TAG=v1.36.6-1778235340-b87d1e32f522b33bd51701c6476d199326f01496
+FROM quay.io/cilium/cilium-envoy:${CILIUM_ENVOY_TAG}@sha256:71d4fa0ec45e8d546dbd5604e169dc77fe92be63b799313bff031d00d89762e3
 
 # Apply latest Ubuntu security updates
 RUN apt-get update && \

src/cilium/build/cilium-operator.common.dockerfile

@@ -16,12 +16,12 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
 # Build cilium-operator-generic from source with updated Go.
-# This fixes Go stdlib and grpc vulnerabilities by compiling with Go 1.25.9
+# This fixes Go stdlib and grpc vulnerabilities by compiling with Go 1.25.10
 # (latest 1.25.x patch). The operator is a pure Go binary (CGO_ENABLED=0, scratch base).
 #
 
-ARG GOLANG_VERSION=1.25.9
-ARG CILIUM_VERSION=v1.18.9
+ARG GOLANG_VERSION=1.25.10
+ARG CILIUM_VERSION=v1.18.10
 
 # Stage 1: Build operator binary
 FROM golang:${GOLANG_VERSION} AS builder