Skip to content

Commit

Permalink
Security vulns (#762)
Browse files Browse the repository at this point in the history
## What
<!-- What is changing in this PR? -->

## Why
<!-- Why are these changes being made? -->

## Notes
<!-- Add any additional notes here -->
  • Loading branch information
dmaizel authored Nov 27, 2024
1 parent fd3d1c9 commit f85df1f
Showing 10 changed files with 518 additions and 1,684 deletions.
4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.22.5-alpine3.20 as base
FROM golang:1.23.3-alpine3.20 as base

WORKDIR /go/src/github.com/codefresh-io/cli-v2

@@ -27,7 +27,7 @@ RUN go mod verify

############################### CLI ###############################
### Compile
FROM golang:1.22.5-alpine3.20 as codefresh-build
FROM golang:1.23.3-alpine3.20 as codefresh-build

WORKDIR /go/src/github.com/codefresh-io/cli-v2

4 changes: 2 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
VERSION=v0.1.67
VERSION=v0.1.68

OUT_DIR=dist
YEAR?=$(shell date +"%Y")
@@ -176,4 +176,4 @@ $(GOBIN)/mockgen:
$(GOBIN)/golangci-lint:
@mkdir dist || true
@echo installing: golangci-lint
@curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOBIN) v1.55.2
@curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOBIN) v1.62.2
15 changes: 6 additions & 9 deletions cmd/commands/cluster.go
Original file line number Diff line number Diff line change
@@ -329,9 +329,9 @@ func createAddClusterManifests(opts *ClusterAddOptions, ingressUrl, server, csdp
Behavior: "merge",
KvPairSources: kusttypes.KvPairSources{
LiteralSources: []string{
fmt.Sprintf("ingressUrl=" + ingressUrl),
fmt.Sprintf("contextName=" + opts.clusterName),
fmt.Sprintf("server=" + server),
fmt.Sprint("ingressUrl=" + ingressUrl),
fmt.Sprint("contextName=" + opts.clusterName),
fmt.Sprint("server=" + server),
fmt.Sprintf("skipTLSValidation=%v", opts.skipTLSValidation),
},
},
@@ -346,7 +346,7 @@ func createAddClusterManifests(opts *ClusterAddOptions, ingressUrl, server, csdp
Behavior: "merge",
KvPairSources: kusttypes.KvPairSources{
LiteralSources: []string{
fmt.Sprintf("csdpToken=" + csdpToken),
fmt.Sprint("csdpToken=" + csdpToken),
},
},
},
@@ -401,7 +401,7 @@ func createAddClusterManifests(opts *ClusterAddOptions, ingressUrl, server, csdp
return nil, "", fmt.Errorf("failed encoding annotations: %w", err)
}

k.ConfigMapGenerator[0].KvPairSources.LiteralSources = append(k.ConfigMapGenerator[0].KvPairSources.LiteralSources, fmt.Sprintf("annotations="+annotationsStr))
k.ConfigMapGenerator[0].KvPairSources.LiteralSources = append(k.ConfigMapGenerator[0].KvPairSources.LiteralSources, fmt.Sprint("annotations="+annotationsStr))
}

if len(opts.labels) > 0 {
@@ -410,7 +410,7 @@ func createAddClusterManifests(opts *ClusterAddOptions, ingressUrl, server, csdp
return nil, "", fmt.Errorf("failed encoding labels: %w", err)
}

k.ConfigMapGenerator[0].KvPairSources.LiteralSources = append(k.ConfigMapGenerator[0].KvPairSources.LiteralSources, fmt.Sprintf("labels="+labelsStr))
k.ConfigMapGenerator[0].KvPairSources.LiteralSources = append(k.ConfigMapGenerator[0].KvPairSources.LiteralSources, fmt.Sprint("labels="+labelsStr))
}

if opts.tag != "" {
@@ -422,9 +422,6 @@ func createAddClusterManifests(opts *ClusterAddOptions, ingressUrl, server, csdp
}
}

k.FixKustomizationPostUnmarshalling()
util.Die(k.FixKustomizationPreMarshalling())

manifests, err := kustutil.BuildKustomization(k)
if err != nil {
return nil, "", fmt.Errorf("failed to build kustomization: %w", err)
2 changes: 1 addition & 1 deletion cmd/commands/config.go
Original file line number Diff line number Diff line change
@@ -222,7 +222,7 @@ func newConfigGetRuntimeCommand() *cobra.Command {
func runConfigGetRuntime(ctx context.Context) error {
cur := cfConfig.GetCurrentContext()
if cur.DefaultRuntime == "" {
return fmt.Errorf(util.Doc("no default runtime is set for current context, use '<BIN> config set-runtime' to set one"))
return errors.New(util.Doc("no default runtime is set for current context, use '<BIN> config set-runtime' to set one"))
}

log.G(ctx).Infof("default runtime set to: %s", cur.DefaultRuntime)
2 changes: 1 addition & 1 deletion cmd/commands/runtime.go
Original file line number Diff line number Diff line change
@@ -596,7 +596,7 @@ func runRuntimeUninstall(ctx context.Context, opts *RuntimeUninstallOptions) err
if err != nil {
errorMsg := fmt.Sprintf("failed to do post uninstall cleanup: %v", err)
if !opts.Force {
return fmt.Errorf(errorMsg)
return errors.New(errorMsg)
}
log.G().Warn(errorMsg)
}
4 changes: 2 additions & 2 deletions docs/releases/release_notes.md
Original file line number Diff line number Diff line change
@@ -23,7 +23,7 @@ cf version

```bash
# download and extract the binary
curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/v0.1.63/cf-linux-amd64.tar.gz | tar zx
curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/v0.1.68/cf-linux-amd64.tar.gz | tar zx

# move the binary to your $PATH
mv ./cf-linux-amd64 /usr/local/bin/cf
@@ -36,7 +36,7 @@ cf version

```bash
# download and extract the binary
curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/v0.1.63/cf-darwin-amd64.tar.gz | tar zx
curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/v0.1.68/cf-darwin-amd64.tar.gz | tar zx

# move the binary to your $PATH
mv ./cf-darwin-amd64 /usr/local/bin/cf
Loading

0 comments on commit f85df1f

Please sign in to comment.