Skip to content

chore: update base images and Golang dependencies #1846

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
hardcoretime merged 3 commits into from
Jan 13, 2026
Merged

chore: update base images and Golang dependencies #1846

hardcoretime merged 3 commits into from
Jan 13, 2026
+143 −195

Conversation

@hardcoretime
Copy link
Contributor

@hardcoretime hardcoretime commented Dec 22, 2025
edited
Loading

Description

  • Used the builder/golang-alt image instead of builder/alt and package installation.
  • Updated base image to Golang 1.24.11 to resolve CVE-2025-61729.
  • Updated golang.org/x/crypto to version 0.45.0 to resolve CVE-2025-47914.

Why do we need it, and what problem does it solve?

This is required to resolve CVE-2025-61729 and CVE-2025-47914.

What is the expected result?

The security check should pass.

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

Changelog entries

section: core
type: chore
summary: "Fix CVEs."
impact_level: low

@hardcoretime hardcoretime added this to the v1.4.0 milestone Dec 22, 2025
@hardcoretime hardcoretime force-pushed the chore/update-base-images-and-go-deps branch from 0284794 to c3c3d7a Compare December 23, 2025 14:30
@hardcoretime hardcoretime added the e2e/run Run e2e test on cluster of PR author label Dec 23, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Dec 23, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: failure.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Dec 23, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Dec 23, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: failure.

@hardcoretime hardcoretime added the e2e/run Run e2e test on cluster of PR author label Dec 23, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Dec 23, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: failure.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Dec 24, 2025
@hardcoretime hardcoretime added the e2e/run Run e2e test on cluster of PR author label Dec 25, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Dec 25, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: failure.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Dec 25, 2025
@hardcoretime hardcoretime force-pushed the chore/update-base-images-and-go-deps branch from c3c3d7a to ce350d7 Compare December 30, 2025 10:18
@hardcoretime hardcoretime added the e2e/run Run e2e test on cluster of PR author label Dec 30, 2025
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Dec 30, 2025
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: failure.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Dec 30, 2025
@hardcoretime hardcoretime added the e2e/run Run e2e test on cluster of PR author label Jan 12, 2026
Roman Sysoev added 3 commits January 12, 2026 10:29
chore: update base images and Golang dependencies
ae0b33d 
Signed-off-by: Roman Sysoev <[email protected]>
chore: update Cilium version and use fixed CDI
76c57e3 
Signed-off-by: Roman Sysoev <[email protected]>
chore: do not install additional packages
ccc2906 
- git
- binutils
- make
- gcc

Signed-off-by: Roman Sysoev <[email protected]>
@hardcoretime hardcoretime force-pushed the chore/update-base-images-and-go-deps branch from ce350d7 to ccc2906 Compare January 12, 2026 07:40
@hardcoretime hardcoretime added e2e/run Run e2e test on cluster of PR author and removed e2e/run Run e2e test on cluster of PR author labels Jan 12, 2026
@deckhouse-BOaTswain
Copy link
Contributor

deckhouse-BOaTswain commented Jan 12, 2026
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: failure.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Jan 12, 2026
@hardcoretime hardcoretime marked this pull request as ready for review January 12, 2026 15:35
@hardcoretime hardcoretime requested review from diafour and removed request for diafour January 12, 2026 15:36
@hardcoretime hardcoretime merged commit 95f95e4 into main Jan 13, 2026
105 of 107 checks passed
@hardcoretime hardcoretime deleted the chore/update-base-images-and-go-deps branch January 13, 2026 10:31
Isteb4k pushed a commit that referenced this pull request Jan 13, 2026
@hardcoretime @Isteb4k
chore: update base images and Golang dependencies (#1846)
54f0ec5 
- Used the builder/golang-alt image instead of builder/alt and package installation.
- Updated base image to Golang 1.24.11 to resolve CVE-2025-61729.
- Updated golang.org/x/crypto to version 0.45.0 to resolve CVE-2025-47914.

Signed-off-by: Roman Sysoev <[email protected]>
(cherry picked from commit 95f95e4)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@diafour diafour diafour approved these changes

@universal-itengineer universal-itengineer Awaiting requested review from universal-itengineer universal-itengineer is a code owner

@nevermarine nevermarine Awaiting requested review from nevermarine nevermarine is a code owner

@yaroslavborbat yaroslavborbat Awaiting requested review from yaroslavborbat yaroslavborbat is a code owner

@fl64 fl64 Awaiting requested review from fl64 fl64 is a code owner

@Isteb4k Isteb4k Awaiting requested review from Isteb4k Isteb4k is a code owner

Assignees

@hardcoretime hardcoretime

Labels

None yet

Projects

None yet

Milestone

v1.4.0

Development

Successfully merging this pull request may close these issues.

4 participants

@hardcoretime @deckhouse-BOaTswain @diafour