updating helm to 3.16.4, fixing CVE-2024-45337 (#250)

nihussmann · web-flow · commit 79080b6a6de0 · 2024-12-18T13:21:17.000+01:00
diff --git a/.trivyignore b/.trivyignore
@@ -1,6 +0,0 @@
-# Right now there is no fix in helm, and it is likely not exploitable via our image,
-# so ignore issue for some time to be able to continue development
-# https://github.com/helm/helm/blob/v3.16.3/go.mod#L36
-# https://github.com/helm/helm/commit/194d989b235cf6f5821f068ce5ba81c55eb6be2f
-# The mean time between the last 10 helm releases is about three weeks. Lets hope for the best.
-CVE-2024-45337 exp:2025-01-15
diff --git a/Dockerfile b/Dockerfile
@@ -48,7 +48,7 @@ RUN apk add curl grep
 ARG K8S_VERSION=1.29.8
 ARG KUBECTL_CHECKSUM=038454e0d79748aab41668f44ca6e4ac8affd1895a94f592b9739a0ae2a5f06a
 # When updating, also upgrade helm image in Config
-ARG HELM_VERSION=3.16.3
+ARG HELM_VERSION=3.16.4
 # bash curl unzip required for Jenkins downloader
 RUN apk add --no-cache \
       gnupg \
diff --git a/src/main/groovy/com/cloudogu/gitops/config/Config.groovy b/src/main/groovy/com/cloudogu/gitops/config/Config.groovy
@@ -48,7 +48,7 @@ import static picocli.CommandLine.ScopeType
 class Config {
 
     // When updating please also update in Dockerfile
-    public static final String HELM_IMAGE = "ghcr.io/cloudogu/helm:3.16.3-1"
+    public static final String HELM_IMAGE = "ghcr.io/cloudogu/helm:3.16.4-1"
     // When updating please also adapt in Dockerfile, vars.tf and init-cluster.sh
     public static final String K8S_VERSION = "1.29"
     public static final String DEFAULT_ADMIN_USER = 'admin'
