CR-19603-fix-vulns updated deps (#44)

* updated deps
* updated version to `1.28.0`

Author: ATGardner

Dockerfile

@@ -1,7 +1,7 @@
-ARG DOCKER_VERSION=20.10.24
+ARG DOCKER_VERSION=24.0.5
 
 # dind-cleaner
-FROM golang:1.16-alpine3.15 AS cleaner
+FROM golang:1.21-alpine3.18 AS cleaner
 
 COPY cleaner/dind-cleaner/* /go/src/github.com/codefresh-io/dind-cleaner/
 WORKDIR /go/src/github.com/codefresh-io/dind-cleaner/
@@ -15,11 +15,11 @@ RUN CGO_ENABLED=0 go build -o /usr/local/bin/dind-cleaner ./cmd && \
   rm -rf /go/*
 
 # bolter
-FROM golang:1.19-alpine3.16 AS bolter
+FROM golang:1.21-alpine3.18 AS bolter
 RUN go install github.com/hasit/[email protected]
 
 # node-exporter
-FROM quay.io/prometheus/node-exporter:v1.5.0 AS node-exporter
+FROM quay.io/prometheus/node-exporter:v1.6.1 AS node-exporter
 
 # Main
 FROM docker:${DOCKER_VERSION}-dind

Dockerfile.bolter

@@ -2,4 +2,3 @@
 FROM golang:1.12.6-alpine3.9
 RUN apk add git
 RUN go get -u github.com/hasit/bolter
-

cleaner/dind-cleaner/cmd/main.go

@@ -17,13 +17,14 @@ limitations under the License.
 package main
 
 import (
-	"time"
+	"bufio"
 	"flag"
 	"os"
-	"bufio"
-	"github.com/golang/glog"
+	"time"
+
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
+	"github.com/golang/glog"
 	"golang.org/x/net/context"
 )
 
@@ -34,70 +35,72 @@ func readFileLines(path string) ([]string, error) {
 	}
 	file, err := os.Open(path)
 	if err != nil {
-	  return nil, err
+		return nil, err
 	}
 	defer file.Close()
 
 	scanner := bufio.NewScanner(file)
 	for scanner.Scan() {
-	  lines = append(lines, scanner.Text())
+		lines = append(lines, scanner.Text())
 	}
 	return lines, scanner.Err()
 }
 
 var dryRun *bool
+
 const (
-   cmdImages = "images"
-
-   statusFound = "found"
-   statusRemoved = "removed"
-   statusRetainedByList = "retainedByList"
-   statusRetainedByDate = "retainedByDate"
-   statusChildRetained = "childRetained"
-   statusChildFailedToRemove = "childFailedToRemove"
-   statusFailedToRemove = "failedToRemove"
+	cmdImages = "images"
+
+	statusFound               = "found"
+	statusRemoved             = "removed"
+	statusRetainedByList      = "retainedByList"
+	statusRetainedByDate      = "retainedByDate"
+	statusChildRetained       = "childRetained"
+	statusChildFailedToRemove = "childFailedToRemove"
+	statusFailedToRemove      = "failedToRemove"
 )
 
 func _stringInList(list []string, s string) bool {
 	for _, a := range list {
-        if a == s {
-            return true
-        }
-    }
-    return false
+		if a == s {
+			return true
+		}
+	}
+	return false
 }
 
 func cleanImages(retainedImagesList []string, retainPeriod int64) {
 	glog.Infof("Entering cleanImages, length of retainedImagesList = %d", len(retainedImagesList))
 	if os.Getenv("DOCKER_API_VERSION") == "" {
 		os.Setenv("DOCKER_API_VERSION", "1.35")
 	}
-	
-	cli, err := client.NewEnvClient()
+
+	cli, err := client.NewClientWithOpts(
+		client.FromEnv,
+	)
 	if err != nil {
 		panic(err)
 	}
 
 	type imageToCleanStruct = struct {
-		ID string
-		Created int64
-		ParentID string
-		status string
-		tags []string
+		ID          string
+		Created     int64
+		ParentID    string
+		status      string
+		tags        []string
 		childrenIDs map[string]string
-		size int64
+		size        int64
 	}
 
-
 	/*
-	Purpose: remove images starting from first child excluding ids in retainedImagesList
-	Logic:
-	1. get All images (with All=true)
-	2. fill map of imageToCleanStruct - for each image fill its children in the map of [id]"status"
-	3. find images with no children
-	4. loop by found images with no children and delete them, then update childrenList of whole map of imageToCleanStruct. 
-	   Skip deletion for images in retainedImagesList  
-	--- Repeat 3-4 until images to delete found
+		Purpose: remove images starting from first child excluding ids in retainedImagesList
+		Logic:
+		1. get All images (with All=true)
+		2. fill map of imageToCleanStruct - for each image fill its children in the map of [id]"status"
+		3. find images with no children
+		4. loop by found images with no children and delete them, then update childrenList of whole map of imageToCleanStruct.
+		   Skip deletion for images in retainedImagesList
+		--- Repeat 3-4 until images to delete found
 
 	*/
 
@@ -115,12 +118,12 @@ func cleanImages(retainedImagesList []string, retainPeriod int64) {
 	images := make(map[string]*imageToCleanStruct)
 	for _, img := range imagesFullList {
 		images[img.ID] = &imageToCleanStruct{
-			ID: img.ID,
-			Created: img.Created,
-			ParentID: img.ParentID,
-			status: statusFound,
-			tags: img.RepoTags,
-			size: img.Size,
+			ID:          img.ID,
+			Created:     img.Created,
+			ParentID:    img.ParentID,
+			status:      statusFound,
+			tags:        img.RepoTags,
+			size:        img.Size,
 			childrenIDs: make(map[string]string),
 		}
 	}
@@ -131,7 +134,7 @@ func cleanImages(retainedImagesList []string, retainPeriod int64) {
 			parentImage, parentImageInList := images[img.ParentID]
 			if parentImageInList {
 				parentImage.childrenIDs[imageID] = statusFound
-			} 
+			}
 		}
 	}
 
@@ -164,8 +167,8 @@ func cleanImages(retainedImagesList []string, retainPeriod int64) {
 				glog.Infof("   Skiping image %s - %v , it appears in retained list", imageID, images[imageID].tags)
 				images[imageID].status = statusRetainedByList
 			} else if retainPeriod > 0 && images[imageID].Created > 0 && images[imageID].Created < currentTs &&
-			    currentTs - images[imageID].Created < retainPeriod {
-				
+				currentTs-images[imageID].Created < retainPeriod {
+
 				glog.Infof("   Skiping image %s - %v , its created more than retainPeriod %d seconds ago", imageID, images[imageID].tags, retainPeriod)
 				images[imageID].status = statusRetainedByDate
 			} else {
@@ -175,9 +178,9 @@ func cleanImages(retainedImagesList []string, retainPeriod int64) {
 				if !*dryRun {
 					_, err = cli.ImageRemove(ctx, imageID, types.ImageRemoveOptions{Force: true, PruneChildren: false})
 				} else {
-					glog.Infof(    "DRY RUN - do not actually delete")
+					glog.Infof("DRY RUN - do not actually delete")
 				}
-				
+
 				if err == nil {
 					glog.Infof("   image %s - %v has been deleted", imageID, images[imageID].tags)
 					images[imageID].status = statusRemoved
@@ -187,17 +190,17 @@ func cleanImages(retainedImagesList []string, retainPeriod int64) {
 				}
 			}
 
-			glog.Infof("   setting image status to %s",  images[imageID].status)
+			glog.Infof("   setting image status to %s", images[imageID].status)
 			for _, img := range images {
 				if _, ok := img.childrenIDs[imageID]; ok {
 					if images[imageID].status == statusRemoved {
 						glog.Infof("       deleting the child from parent image %s - %v", img.ID, img.tags)
 						delete(img.childrenIDs, imageID)
-					} else if images[imageID].status == statusRetainedByList || images[imageID].status == statusRetainedByDate  {
+					} else if images[imageID].status == statusRetainedByList || images[imageID].status == statusRetainedByDate {
 						glog.Infof("       setting child status %s for image %s - %v", images[imageID].status, img.ID, img.tags)
 						img.childrenIDs[imageID] = images[imageID].status
 						img.status = statusChildRetained
-						
+
 					} else if images[imageID].status == statusFailedToRemove {
 						glog.Infof("       setting child status %s and deleting the from parent image %s - %v", images[imageID].status, img.ID, img.tags)
 						delete(img.childrenIDs, imageID)
@@ -215,7 +218,7 @@ func cleanImages(retainedImagesList []string, retainPeriod int64) {
 		for childID, childStatus := range img.childrenIDs {
 			glog.Infof("      Child: %s - %s (grandchild retained)", childID, childStatus)
 		}
-		
+
 		totalImagesSize += img.size
 		switch img.status {
 		case statusRemoved:
@@ -229,17 +232,17 @@ func cleanImages(retainedImagesList []string, retainPeriod int64) {
 		}
 	}
 
-	glog.Infof("\n-----------\n" +
-	"    total images shared size: %.3f Mb \n" +
-	"         removed shared size: %.3f  Mb \n" +
-	"retained shared by list size: %.3f  Mb \n" +
-	"retained shared by date size: %.3f  Mb \n" +
-	"       failed to remove size: %.3f  Mb ", 
-	float64(totalImagesSize)/1024/1024.0, 
-	float64(removedSize)/1024/1024.0, 
-	float64(retainedByListSize)/1024/1024.0,
-	float64(retainedByDateSize)/1024/1024.0, 
-	float64(failedToRemoveSize)/1024/1024.0)	 
+	glog.Infof("\n-----------\n"+
+		"    total images shared size: %.3f Mb \n"+
+		"         removed shared size: %.3f  Mb \n"+
+		"retained shared by list size: %.3f  Mb \n"+
+		"retained shared by date size: %.3f  Mb \n"+
+		"       failed to remove size: %.3f  Mb ",
+		float64(totalImagesSize)/1024/1024.0,
+		float64(removedSize)/1024/1024.0,
+		float64(retainedByListSize)/1024/1024.0,
+		float64(retainedByDateSize)/1024/1024.0,
+		float64(failedToRemoveSize)/1024/1024.0)
 }
 
 func main() {
@@ -254,18 +257,18 @@ Commands:
 	flag.Set("v", "4")
 	flag.Set("alsologtostderr", "true")
 	validCommands := []string{"images"}
-    if len(os.Args) < 2 {
+	if len(os.Args) < 2 {
 		glog.Errorf("%s", usage)
 		os.Exit(2)
-	} else if !_stringInList(validCommands,os.Args[1]) {
+	} else if !_stringInList(validCommands, os.Args[1]) {
 		glog.Errorf("Invalid command %s\n%s", os.Args[1], usage)
 		os.Exit(2)
 	}
 
 	imagesCommand := flag.NewFlagSet("images", flag.ExitOnError)
 	retainedImagesListFile := imagesCommand.String("retained-images-file", "", "Retained images list file")
 	imageRetainPeriod := imagesCommand.Int64("image-retain-period", 86400, "image retain period")
-	
+
 	dryRun = imagesCommand.Bool("dry-run", false, "dry run - only print actions")
 
 	switch os.Args[1] {
@@ -281,13 +284,12 @@ Commands:
 		*dryRun = true
 	}
 
-
 	glog.Infof("\n----------------\n Started dind-cleaner")
-	
-	glog.Infof("First verson - only image cleaner. " +
-			   "retainedImagesListFile = %s " +
-			   "retainedImagesPeriod = %d " +  
-			   "dry-run = %t" , *retainedImagesListFile, *imageRetainPeriod, *dryRun)
+
+	glog.Infof("First verson - only image cleaner. "+
+		"retainedImagesListFile = %s "+
+		"retainedImagesPeriod = %d "+
+		"dry-run = %t", *retainedImagesListFile, *imageRetainPeriod, *dryRun)
 
 	retainedImagesList, err := readFileLines(*retainedImagesListFile)
 	if err != nil {

cleaner/dind-cleaner/go.mod

@@ -1,25 +1,29 @@
 module github.com/codefresh-io/dind-cleaner
 
-go 1.16
+go 1.21
 
 require (
-	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
-	github.com/Microsoft/go-winio v0.4.11 // indirect
-	github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect
-	github.com/docker/distribution v2.6.0-rc.1.0.20170726174610-edc3ab29cdff+incompatible // indirect
-	github.com/docker/docker v17.12.0-ce-rc1.0.20180826111245-fe3bc75cc44e+incompatible
+	github.com/docker/docker v24.0.5+incompatible
+	github.com/golang/glog v1.1.2
+	golang.org/x/net v0.14.0
+)
+
+require (
+	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/docker/distribution v2.8.2+incompatible // indirect
 	github.com/docker/go-connections v0.4.1-0.20180821093606-97c2040d34df // indirect
-	github.com/docker/go-units v0.3.3 // indirect
-	github.com/gogo/protobuf v0.0.0-20170330071051-c0656edd0d9e // indirect
-	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
-	github.com/gorilla/mux v1.8.0 // indirect
-	github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420 // indirect
-	github.com/opencontainers/image-spec v1.0.1-0.20180411145040-e562b0440392 // indirect
-	github.com/pkg/errors v0.8.1-0.20180311214515-816c9085562c // indirect
-	github.com/sirupsen/logrus v1.8.1 // indirect
+	github.com/docker/go-units v0.5.0 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/moby/term v0.5.0 // indirect
+	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/opencontainers/image-spec v1.0.2 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
 	github.com/stretchr/testify v1.7.0 // indirect
-	golang.org/x/net v0.10.0
+	golang.org/x/mod v0.12.0 // indirect
+	golang.org/x/sys v0.11.0 // indirect
 	golang.org/x/time v0.0.0-20210611083556-38a9dc6acbc6 // indirect
-	google.golang.org/grpc v1.39.0 // indirect
-	gotest.tools v2.2.0+incompatible // indirect
+	golang.org/x/tools v0.12.0 // indirect
+	gotest.tools/v3 v3.5.0 // indirect
 )