From d2cf56d66ce9509c92774052a75b92551580323b Mon Sep 17 00:00:00 2001 From: yiannistri <8741709+yiannistri@users.noreply.github.com> Date: Thu, 19 Dec 2024 10:08:59 +0000 Subject: [PATCH 1/2] ci: Add missing flag used for signing/verification --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index a410fc53..a682a707 100644 --- a/Makefile +++ b/Makefile @@ -146,7 +146,7 @@ image-build: buildx-machine ## build (and load) the container image targeting th .PHONY: image-push image-push: buildx-machine ## build the container image targeting all platforms defined by TARGET_PLATFORMS and push to a registry. docker buildx build -f package/Dockerfile \ - --builder $(MACHINE) $(BUILDX_ARGS) --build-arg VERSION=$(TAG) \ + --builder $(MACHINE) $(IID_FILE_FLAG) $(BUILDX_ARGS) --build-arg VERSION=$(TAG) \ --platform=$(TARGET_PLATFORMS) -t "$(IMAGE)" --push . @echo "Pushed $(IMAGE)" From 6e6ab72519412ed1c08eb26091dfad8c8a134693 Mon Sep 17 00:00:00 2001 From: yiannistri <8741709+yiannistri@users.noreply.github.com> Date: Thu, 19 Dec 2024 10:14:50 +0000 Subject: [PATCH 2/2] fix: Bump `golang.org/x/net` to fix CVE-2024-45338 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 28b512cc..a5c5a8f8 100644 --- a/go.mod +++ b/go.mod @@ -29,7 +29,7 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.10.0 go.uber.org/mock v0.5.0 - golang.org/x/net v0.32.0 + golang.org/x/net v0.33.0 k8s.io/api v0.30.2 k8s.io/apiextensions-apiserver v0.30.1 k8s.io/apimachinery v0.30.2 diff --git a/go.sum b/go.sum index 83481466..13c1c387 100644 --- a/go.sum +++ b/go.sum @@ -1849,8 +1849,8 @@ golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= -golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=