update manager vulns and handle api migrations

Signed-off-by: ashnamehrotra <ashnamehrotra@gmail.com>

Author: ashnamehrotra

Dockerfile

@@ -1,13 +1,13 @@
 # syntax=docker/dockerfile:1.6
 
 # Default Trivy binary image, overwritten by Makefile
-ARG TRIVY_BINARY_IMG="ghcr.io/aquasecurity/trivy:0.50.0"
+ARG TRIVY_BINARY_IMG="ghcr.io/aquasecurity/trivy:0.58.1"
 ARG BUILDKIT_SBOM_SCAN_STAGE=builder,manager-build,collector-build,remover-build,trivy-scanner-build
 
 FROM --platform=$TARGETPLATFORM $TRIVY_BINARY_IMG AS trivy-binary
 
 # Build the manager binary
-FROM --platform=$BUILDPLATFORM golang:1.25-bookworm AS builder
+FROM --platform=$BUILDPLATFORM golang:1.23.4-bookworm AS builder
 WORKDIR /workspace
 # Copy the Go Modules manifests
 COPY go.mod go.mod

controllers/configmap/configmap.go

@@ -63,7 +63,7 @@ func Add(mgr manager.Manager, cfg *config.Manager) error {
 	}
 
 	err = c.Watch(
-		&source.Kind{Type: &corev1.ConfigMap{}},
+		source.Kind(mgr.GetCache(), &corev1.ConfigMap{}),
 		&handler.EnqueueRequestForObject{},
 		predicate.ResourceVersionChangedPredicate{},
 		predicate.Funcs{

controllers/imagecollector/imagecollector_controller.go

@@ -143,7 +143,7 @@ func add(mgr manager.Manager, r *Reconciler) error {
 	}
 
 	err = c.Watch(
-		&source.Kind{Type: &eraserv1.ImageJob{}},
+		source.Kind(mgr.GetCache(), &eraserv1.ImageJob{}),
 		&handler.EnqueueRequestForObject{}, predicate.Funcs{
 			// Do nothing on Create, Delete, or Generic events
 			CreateFunc:  util.NeverOnCreate,

controllers/imagejob/imagejob_controller.go

@@ -102,7 +102,7 @@ func add(mgr manager.Manager, r reconcile.Reconciler) error {
 	}
 
 	// Watch for changes to ImageJob
-	err = c.Watch(&source.Kind{Type: &eraserv1.ImageJob{}}, &handler.EnqueueRequestForObject{}, predicate.Funcs{
+	err = c.Watch(source.Kind(mgr.GetCache(), &eraserv1.ImageJob{}), &handler.EnqueueRequestForObject{}, predicate.Funcs{
 		UpdateFunc: func(e event.UpdateEvent) bool {
 			if job, ok := e.ObjectNew.(*eraserv1.ImageJob); ok && controllerUtils.IsCompletedOrFailed(job.Status.Phase) {
 				return false // handled by Owning controller
@@ -120,13 +120,8 @@ func add(mgr manager.Manager, r reconcile.Reconciler) error {
 
 	// Watch for changes to pods created by ImageJob (eraser pods)
 	err = c.Watch(
-		&source.Kind{
-			Type: &corev1.Pod{},
-		},
-		&handler.EnqueueRequestForOwner{
-			OwnerType:    &corev1.PodTemplate{},
-			IsController: true,
-		},
+		source.Kind(mgr.GetCache(), &corev1.Pod{}),
+		handler.EnqueueRequestForOwner(mgr.GetScheme(), mgr.GetRESTMapper(), &corev1.PodTemplate{}),
 		predicate.Funcs{
 			CreateFunc: func(e event.CreateEvent) bool {
 				return e.Object.GetNamespace() == eraserUtils.GetNamespace()
@@ -145,13 +140,8 @@ func add(mgr manager.Manager, r reconcile.Reconciler) error {
 
 	// watch for changes to imagejob podTemplate (owned by controller manager pod)
 	err = c.Watch(
-		&source.Kind{
-			Type: &corev1.PodTemplate{},
-		},
-		&handler.EnqueueRequestForOwner{
-			OwnerType:    &corev1.Pod{},
-			IsController: true,
-		},
+		source.Kind(mgr.GetCache(), &corev1.PodTemplate{}),
+		handler.EnqueueRequestForOwner(mgr.GetScheme(), mgr.GetRESTMapper(), &corev1.Pod{}),
 		predicate.Funcs{
 			CreateFunc: func(e event.CreateEvent) bool {
 				ownerLabels, ok := e.Object.GetLabels()[managerLabelKey]

controllers/imagelist/imagelist_controller.go

@@ -441,14 +441,14 @@ func add(mgr manager.Manager, r reconcile.Reconciler) error {
 	}
 
 	err = c.Watch(
-		&source.Kind{Type: &eraserv1.ImageList{}},
+		source.Kind(mgr.GetCache(), &eraserv1.ImageList{}),
 		&handler.EnqueueRequestForObject{}, predicate.GenerationChangedPredicate{})
 	if err != nil {
 		return err
 	}
 	err = c.Watch(
-		&source.Kind{Type: &eraserv1.ImageJob{}},
-		&handler.EnqueueRequestForOwner{OwnerType: &eraserv1.ImageList{}, IsController: true},
+		source.Kind(mgr.GetCache(), &eraserv1.ImageJob{}),
+		handler.EnqueueRequestForOwner(mgr.GetScheme(), mgr.GetRESTMapper(), &eraserv1.ImageList{}),
 		predicate.Funcs{
 			// Do nothing on Create, Delete, or Generic events
 			CreateFunc:  util.NeverOnCreate,

go.mod

@@ -6,8 +6,8 @@ require (
 	github.com/aquasecurity/trivy v0.35.0
 	github.com/aquasecurity/trivy-db v0.0.0-20220627104749-930461748b63 // indirect
 	github.com/go-logr/logr v1.2.4
-	github.com/onsi/ginkgo/v2 v2.6.1
-	github.com/onsi/gomega v1.24.2
+	github.com/onsi/ginkgo/v2 v2.9.5
+	github.com/onsi/gomega v1.27.7
 	github.com/stretchr/testify v1.8.4
 	go.opentelemetry.io/otel v1.14.0
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.34.0
@@ -18,16 +18,16 @@ require (
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29
 	golang.org/x/sys v0.31.0
 	google.golang.org/grpc v1.58.3
-	k8s.io/api v0.26.11
-	k8s.io/apimachinery v0.26.11
-	k8s.io/client-go v0.26.11
+	k8s.io/api v0.27.16
+	k8s.io/apimachinery v0.27.16
+	k8s.io/client-go v0.27.16
 	// keeping this on 0.25 as updating to 0.26 will remove CRI v1alpha2 version
 	k8s.io/cri-api v0.25.16
 	k8s.io/klog/v2 v2.100.1
-	k8s.io/kubernetes v1.26.15
-	k8s.io/utils v0.0.0-20230115233650-391b47cb4029
+	k8s.io/kubernetes v1.27.16
+	k8s.io/utils v0.0.0-20230209194617-a36077c30491
 	oras.land/oras-go v1.2.2
-	sigs.k8s.io/controller-runtime v0.14.7
+	sigs.k8s.io/controller-runtime v0.15.0
 	sigs.k8s.io/e2e-framework v0.0.8
 	sigs.k8s.io/kind v0.15.0
 	sigs.k8s.io/yaml v1.3.0
@@ -59,17 +59,19 @@ require (
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/go-logr/zapr v1.2.3 // indirect
-	github.com/go-openapi/jsonpointer v0.19.5 // indirect
-	github.com/go-openapi/jsonreference v0.20.0 // indirect
+	github.com/go-logr/zapr v1.2.4 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.1 // indirect
 	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/gnostic v0.5.7-v3refs // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/go-containerregistry v0.14.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 // indirect
@@ -108,63 +110,63 @@ require (
 	go.opentelemetry.io/otel/trace v1.14.0 // indirect
 	go.opentelemetry.io/proto/otlp v0.19.0 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
-	go.uber.org/goleak v1.2.1 // indirect
 	go.uber.org/multierr v1.9.0 // indirect
 	golang.org/x/net v0.38.0 // indirect
 	golang.org/x/oauth2 v0.27.0 // indirect
 	golang.org/x/sync v0.12.0 // indirect
 	golang.org/x/term v0.30.0 // indirect
 	golang.org/x/text v0.23.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
+	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
-	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
 	google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20230711160842-782d3b101e98 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.26.11 // indirect
-	k8s.io/apiserver v0.26.11 // indirect
-	k8s.io/component-base v0.26.11 // indirect
-	k8s.io/component-helpers v0.26.11 // indirect
-	k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
+	k8s.io/apiextensions-apiserver v0.27.2 // indirect
+	k8s.io/apiserver v0.27.16 // indirect
+	k8s.io/component-base v0.27.16 // indirect
+	k8s.io/component-helpers v0.27.16 // indirect
+	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
 	k8s.io/kube-scheduler v0.0.0 // indirect
-	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 )
 
 replace (
 	// v0.3.1-0.20230104082527-d6f58551be3f is taken from github.com/moby/buildkit v0.11.0
 	// spdx logic write on v0.3.0 and incompatible with v0.3.1-0.20230104082527-d6f58551be3f
 	github.com/spdx/tools-golang => github.com/spdx/tools-golang v0.3.0
-	k8s.io/api => k8s.io/api v0.26.11
-	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.26.11
-	k8s.io/apimachinery => k8s.io/apimachinery v0.26.11
-	k8s.io/apiserver => k8s.io/apiserver v0.26.11
-	k8s.io/cli-runtime => k8s.io/cli-runtime v0.26.11
-	k8s.io/client-go => k8s.io/client-go v0.26.11
-	k8s.io/cloud-provider => k8s.io/cloud-provider v0.26.11
-	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.26.11
-	k8s.io/code-generator => k8s.io/code-generator v0.26.11
-	k8s.io/component-base => k8s.io/component-base v0.26.11
-	k8s.io/component-helpers => k8s.io/component-helpers v0.26.11
-	k8s.io/controller-manager => k8s.io/controller-manager v0.26.11
-	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.26.11
-	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.26.11
-	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.26.11
-	k8s.io/kube-proxy => k8s.io/kube-proxy v0.26.11
-	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.26.11
-	k8s.io/kubectl => k8s.io/kubectl v0.26.11
-	k8s.io/kubelet => k8s.io/kubelet v0.26.11
-	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.26.11
-	k8s.io/metrics => k8s.io/metrics v0.26.11
-	k8s.io/mount-utils => k8s.io/mount-utils v0.26.11
-	k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.26.11
-	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.26.11
-	k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.26.11
-	k8s.io/sample-controller => k8s.io/sample-controller v0.26.11
+	k8s.io/api => k8s.io/api v0.27.16
+	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.27.16
+	k8s.io/apimachinery => k8s.io/apimachinery v0.27.16
+	k8s.io/apiserver => k8s.io/apiserver v0.27.16
+	k8s.io/cli-runtime => k8s.io/cli-runtime v0.27.16
+	k8s.io/client-go => k8s.io/client-go v0.27.16
+	k8s.io/cloud-provider => k8s.io/cloud-provider v0.27.16
+	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.27.16
+	k8s.io/code-generator => k8s.io/code-generator v0.27.16
+	k8s.io/component-base => k8s.io/component-base v0.27.16
+	k8s.io/component-helpers => k8s.io/component-helpers v0.27.16
+	k8s.io/controller-manager => k8s.io/controller-manager v0.27.16
+	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.27.16
+	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.27.16
+	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.27.16
+	k8s.io/kube-proxy => k8s.io/kube-proxy v0.27.16
+	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.27.16
+	k8s.io/kubectl => k8s.io/kubectl v0.27.16
+	k8s.io/kubelet => k8s.io/kubelet v0.27.16
+	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.27.16
+	k8s.io/metrics => k8s.io/metrics v0.27.16
+	k8s.io/mount-utils => k8s.io/mount-utils v0.27.16
+	k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.27.16
+	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.27.16
+	k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.27.16
+	k8s.io/sample-controller => k8s.io/sample-controller v0.27.16
 	// v1.2.0 is taken from github.com/open-policy-agent/opa v0.42.0
 	// v1.2.0 incompatible with github.com/docker/docker v23.0.0-rc.1+incompatible
 	oras.land/oras-go => oras.land/oras-go v1.1.1