From 3cab9502df4d61b319da02cc77ce2a918c921902 Mon Sep 17 00:00:00 2001 From: Aaron Smallberg Date: Thu, 14 May 2026 21:28:17 +0000 Subject: [PATCH] Bump Go toolchain to 1.26.3 to remediate vulnerabilities Updated Go version from 1.26.2 to 1.26.3 across all build configurations to address security vulnerabilities. This includes updates to: - go.mod: Go directive - Dockerfile: builder and final stages - test.Dockerfile: test environment - hack/lib.sh and hack/gen-client-mocks.sh: containerized tooling Note: Dependencies github.com/go-git/go-git/v5 (v5.19.0) and github.com/go-git/go-billy/v5 (v5.9.0) were already at the required versions, so no dependency updates were needed. --- Dockerfile | 4 ++-- go.mod | 2 +- hack/gen-client-mocks.sh | 2 +- hack/lib.sh | 2 +- test.Dockerfile | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2672e64d7..924884bce 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ FROM ubuntu:22.10 AS user # Create a nonroot user for final image RUN useradd -u 10001 nonroot -FROM golang:1.26.2-alpine3.22 AS builder +FROM golang:1.26.3-alpine3.22 AS builder WORKDIR /workspace @@ -31,7 +31,7 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \ -X \"github.com/pluralsh/plural-cli/pkg/common.Date=${APP_DATE}\"" \ -o plural ./cmd/plural -FROM golang:1.26.2-alpine3.22 AS final +FROM golang:1.26.3-alpine3.22 AS final WORKDIR / diff --git a/go.mod b/go.mod index 425151841..fdca168a9 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/pluralsh/plural-cli -go 1.26.2 +go 1.26.3 require ( cloud.google.com/go/compute v1.54.0 diff --git a/hack/gen-client-mocks.sh b/hack/gen-client-mocks.sh index a7830e92f..56103562d 100755 --- a/hack/gen-client-mocks.sh +++ b/hack/gen-client-mocks.sh @@ -6,7 +6,7 @@ cd $(dirname $0)/.. source hack/lib.sh -CONTAINERIZE_IMAGE=golang:1.25.1 containerize ./hack/gen-client-mocks.sh +CONTAINERIZE_IMAGE=golang:1.26.3 containerize ./hack/gen-client-mocks.sh go run github.com/vektra/mockery/v2@latest --dir=pkg/api/ --name=Client --output=pkg/test/mocks go run github.com/vektra/mockery/v2@latest --dir=pkg/kubernetes --name=Kube --output=pkg/test/mocks diff --git a/hack/lib.sh b/hack/lib.sh index 9bc3e8537..175fd544d 100644 --- a/hack/lib.sh +++ b/hack/lib.sh @@ -7,7 +7,7 @@ echodate() { containerize() { local cmd="$1" - local image="${CONTAINERIZE_IMAGE:-golang:1.18.4}" + local image="${CONTAINERIZE_IMAGE:-golang:1.26.3}" local gocache="${CONTAINERIZE_GOCACHE:-/tmp/.gocache}" local gomodcache="${CONTAINERIZE_GOMODCACHE:-/tmp/.gomodcache}" local skip="${NO_CONTAINERIZE:-}" diff --git a/test.Dockerfile b/test.Dockerfile index 09b048409..723e07830 100644 --- a/test.Dockerfile +++ b/test.Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.25.7-bookworm +FROM golang:1.26.3-bookworm RUN apt-get update && apt-get install -y --no-install-recommends \ ca-certificates \