Skip to content

Commit c077a3c

Browse files
ed382ed382
committed
fix: update packages to patch cves
vendor gomplate to patch cves
1 parent f52d7ef commit c077a3c

File tree

328 files changed

+50346
-285
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

328 files changed

+50346
-285
lines changed

Dockerfile

Lines changed: 25 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ ARG BASE_IMAGE=alpine
22

33
FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.6.1@sha256:923441d7c25f1e2eb5789f82d987693c47b8ed987c4ab3b075d6ed2b5d6779a3 AS xx
44

5-
FROM --platform=$BUILDPLATFORM golang:1.23.6-alpine3.20@sha256:22caeb4deced0138cb4ae154db260b22d1b2ef893dde7f84415b619beae90901 AS builder
5+
FROM --platform=$BUILDPLATFORM golang:1.24.3-alpine3.21@sha256:ef18ee7117463ac1055f5a370ed18b8750f01589f13ea0b48642f5792b234044 AS builder
66

77
COPY --from=xx / /
88

@@ -35,30 +35,46 @@ RUN make release-binary
3535

3636
RUN xx-verify /go/bin/dex && xx-verify /go/bin/docker-entrypoint
3737

38-
FROM alpine:3.21.2@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099 AS stager
38+
FROM alpine:3.21.3@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c AS stager
3939

4040
RUN mkdir -p /var/dex
4141
RUN mkdir -p /etc/dex
4242
COPY config.docker.yaml /etc/dex/
4343

44-
FROM alpine:3.21.2@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099 AS gomplate
44+
FROM golang:1.24-alpine AS gomplate-build
4545

4646
ARG TARGETOS
4747
ARG TARGETARCH
4848
ARG TARGETVARIANT
49+
ENV GOOS=$TARGETOS GOARCH=$TARGETARCH
4950

50-
ENV GOMPLATE_VERSION=v4.3.0
51+
RUN apk add --no-cache make git
5152

52-
RUN wget -O /usr/local/bin/gomplate \
53-
"https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}/gomplate_${TARGETOS:-linux}-${TARGETARCH:-amd64}${TARGETVARIANT}" \
54-
&& chmod +x /usr/local/bin/gomplate
53+
WORKDIR /go/src/github.com/hairyhenderson/gomplate
54+
COPY gomplate/go.mod /go/src/github.com/hairyhenderson/gomplate
55+
COPY gomplate/go.sum /go/src/github.com/hairyhenderson/gomplate
56+
57+
RUN --mount=type=cache,id=go-build-${TARGETOS}-${TARGETARCH}${TARGETVARIANT},target=/root/.cache/go-build \
58+
--mount=type=cache,id=go-pkg-${TARGETOS}-${TARGETARCH}${TARGETVARIANT},target=/go/pkg \
59+
go mod download -x
60+
61+
COPY gomplate/ /go/src/github.com/hairyhenderson/gomplate
62+
63+
RUN --mount=type=cache,id=go-build-${TARGETOS}-${TARGETARCH}${TARGETVARIANT},target=/root/.cache/go-build \
64+
--mount=type=cache,id=go-pkg-${TARGETOS}-${TARGETARCH}${TARGETVARIANT},target=/go/pkg \
65+
make build
66+
RUN mv bin/gomplate* /bin/
5567

5668
# For Dependabot to detect base image versions
57-
FROM alpine:3.21.2@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099 AS alpine
69+
FROM alpine:3.21.3@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c AS alpine
5870
FROM gcr.io/distroless/static-debian12:nonroot@sha256:6ec5aa99dc335666e79dc64e4a6c8b89c33a543a1967f20d360922a80dd21f02 AS distroless
5971

6072
FROM $BASE_IMAGE
6173

74+
ARG TARGETOS
75+
ARG TARGETARCH
76+
ARG TARGETVARIANT
77+
6278
# Dex connectors, such as GitHub and Google logins require root certificates.
6379
# Proper installations should manage those certificates, but it's a bad user
6480
# experience when this doesn't work out of the box.
@@ -77,7 +93,7 @@ COPY --from=builder /go/bin/dex /usr/local/bin/dex
7793
COPY --from=builder /go/bin/docker-entrypoint /usr/local/bin/docker-entrypoint
7894
COPY --from=builder /usr/local/src/dex/web /srv/dex/web
7995

80-
COPY --from=gomplate /usr/local/bin/gomplate /usr/local/bin/gomplate
96+
COPY --from=gomplate-build /bin/gomplate_${TARGETOS}-${TARGETARCH}${TARGETVARIANT} /usr/local/bin/gomplate
8197

8298
USER 1001:1001
8399

go.mod

Lines changed: 63 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -1,104 +1,107 @@
11
module github.com/dexidp/dex
22

3-
go 1.23
3+
go 1.24
44

55
require (
6-
cloud.google.com/go/compute/metadata v0.6.0
7-
entgo.io/ent v0.14.0
6+
cloud.google.com/go/compute/metadata v0.7.0
7+
entgo.io/ent v0.14.4
88
github.com/AppsFlyer/go-sundheit v0.6.0
99
github.com/Masterminds/semver v1.5.0
1010
github.com/Masterminds/sprig/v3 v3.3.0
11-
github.com/beevik/etree v1.5.0
12-
github.com/coreos/go-oidc/v3 v3.12.0
13-
github.com/dexidp/dex/api/v2 v2.1.0
14-
github.com/fsnotify/fsnotify v1.8.0
11+
github.com/beevik/etree v1.5.1
12+
github.com/coreos/go-oidc/v3 v3.14.1
13+
github.com/dexidp/dex/api/v2 v2.3.0
14+
github.com/fsnotify/fsnotify v1.9.0
1515
github.com/ghodss/yaml v1.0.0
16-
github.com/go-jose/go-jose/v4 v4.0.4
17-
github.com/go-ldap/ldap/v3 v3.4.10
18-
github.com/go-sql-driver/mysql v1.8.1
16+
github.com/go-jose/go-jose/v4 v4.1.0
17+
github.com/go-ldap/ldap/v3 v3.4.11
18+
github.com/go-sql-driver/mysql v1.9.2
1919
github.com/google/uuid v1.6.0
2020
github.com/gorilla/handlers v1.5.2
2121
github.com/gorilla/mux v1.8.1
2222
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
2323
github.com/kylelemons/godebug v1.1.0
2424
github.com/lib/pq v1.10.9
2525
github.com/mattermost/xml-roundtrip-validator v0.1.0
26-
github.com/mattn/go-sqlite3 v1.14.24
26+
github.com/mattn/go-sqlite3 v1.14.28
2727
github.com/oklog/run v1.1.0
2828
github.com/pkg/errors v0.9.1
29-
github.com/prometheus/client_golang v1.20.5
30-
github.com/russellhaering/goxmldsig v1.4.0
31-
github.com/spf13/cobra v1.8.1
29+
github.com/prometheus/client_golang v1.22.0
30+
github.com/russellhaering/goxmldsig v1.5.0
31+
github.com/spf13/cobra v1.9.1
3232
github.com/stretchr/testify v1.10.0
33-
go.etcd.io/etcd/client/pkg/v3 v3.5.18
34-
go.etcd.io/etcd/client/v3 v3.5.18
35-
golang.org/x/crypto v0.32.0
36-
golang.org/x/exp v0.0.0-20221004215720-b9f4876ce741
37-
golang.org/x/net v0.34.0
38-
golang.org/x/oauth2 v0.26.0
39-
google.golang.org/api v0.220.0
40-
google.golang.org/grpc v1.70.0
41-
google.golang.org/protobuf v1.36.4
33+
go.etcd.io/etcd/client/pkg/v3 v3.6.0
34+
go.etcd.io/etcd/client/v3 v3.6.0
35+
golang.org/x/crypto v0.38.0
36+
golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6
37+
golang.org/x/net v0.40.0
38+
golang.org/x/oauth2 v0.30.0
39+
google.golang.org/api v0.234.0
40+
google.golang.org/grpc v1.72.1
41+
google.golang.org/protobuf v1.36.6
4242
)
4343

4444
require (
45-
ariga.io/atlas v0.19.1-0.20240203083654-5948b60a8e43 // indirect
46-
cloud.google.com/go/auth v0.14.1 // indirect
47-
cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect
48-
dario.cat/mergo v1.0.1 // indirect
45+
ariga.io/atlas v0.33.1 // indirect
46+
cloud.google.com/go/auth v0.16.1 // indirect
47+
cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
48+
dario.cat/mergo v1.0.2 // indirect
4949
filippo.io/edwards25519 v1.1.0 // indirect
5050
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
5151
github.com/Masterminds/goutils v1.1.1 // indirect
52-
github.com/Masterminds/semver/v3 v3.3.0 // indirect
53-
github.com/agext/levenshtein v1.2.1 // indirect
54-
github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
52+
github.com/Masterminds/semver/v3 v3.3.1 // indirect
53+
github.com/agext/levenshtein v1.2.3 // indirect
54+
github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
5555
github.com/beorn7/perks v1.0.1 // indirect
56+
github.com/bmatcuk/doublestar v1.3.4 // indirect
5657
github.com/cespare/xxhash/v2 v2.3.0 // indirect
57-
github.com/coreos/go-semver v0.3.0 // indirect
58-
github.com/coreos/go-systemd/v22 v22.3.2 // indirect
58+
github.com/coreos/go-semver v0.3.1 // indirect
59+
github.com/coreos/go-systemd/v22 v22.5.0 // indirect
5960
github.com/davecgh/go-spew v1.1.1 // indirect
6061
github.com/felixge/httpsnoop v1.0.4 // indirect
61-
github.com/go-asn1-ber/asn1-ber v1.5.7 // indirect
62+
github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
6263
github.com/go-logr/logr v1.4.2 // indirect
6364
github.com/go-logr/stdr v1.2.2 // indirect
64-
github.com/go-openapi/inflect v0.19.0 // indirect
65+
github.com/go-openapi/inflect v0.21.2 // indirect
6566
github.com/gogo/protobuf v1.3.2 // indirect
6667
github.com/golang/protobuf v1.5.4 // indirect
67-
github.com/google/go-cmp v0.6.0 // indirect
68+
github.com/google/go-cmp v0.7.0 // indirect
6869
github.com/google/s2a-go v0.1.9 // indirect
69-
github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
70-
github.com/googleapis/gax-go/v2 v2.14.1 // indirect
71-
github.com/hashicorp/hcl/v2 v2.13.0 // indirect
70+
github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
71+
github.com/googleapis/gax-go/v2 v2.14.2 // indirect
72+
github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 // indirect
73+
github.com/hashicorp/hcl/v2 v2.23.0 // indirect
7274
github.com/huandu/xstrings v1.5.0 // indirect
7375
github.com/inconshreveable/mousetrap v1.1.0 // indirect
74-
github.com/jonboulle/clockwork v0.2.2 // indirect
75-
github.com/klauspost/compress v1.17.9 // indirect
76+
github.com/jonboulle/clockwork v0.5.0 // indirect
7677
github.com/mitchellh/copystructure v1.2.0 // indirect
77-
github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7 // indirect
78+
github.com/mitchellh/go-wordwrap v1.0.1 // indirect
7879
github.com/mitchellh/reflectwalk v1.0.2 // indirect
7980
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
8081
github.com/pmezard/go-difflib v1.0.0 // indirect
81-
github.com/prometheus/client_model v0.6.1 // indirect
82-
github.com/prometheus/common v0.55.0 // indirect
83-
github.com/prometheus/procfs v0.15.1 // indirect
82+
github.com/prometheus/client_model v0.6.2 // indirect
83+
github.com/prometheus/common v0.64.0 // indirect
84+
github.com/prometheus/procfs v0.16.1 // indirect
8485
github.com/shopspring/decimal v1.4.0 // indirect
85-
github.com/spf13/cast v1.7.0 // indirect
86-
github.com/spf13/pflag v1.0.5 // indirect
87-
github.com/zclconf/go-cty v1.8.0 // indirect
88-
go.etcd.io/etcd/api/v3 v3.5.18 // indirect
86+
github.com/spf13/cast v1.8.0 // indirect
87+
github.com/spf13/pflag v1.0.6 // indirect
88+
github.com/zclconf/go-cty v1.16.3 // indirect
89+
github.com/zclconf/go-cty-yaml v1.1.0 // indirect
90+
go.etcd.io/etcd/api/v3 v3.6.0 // indirect
8991
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
90-
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect
91-
go.opentelemetry.io/otel v1.34.0 // indirect
92-
go.opentelemetry.io/otel/metric v1.34.0 // indirect
93-
go.opentelemetry.io/otel/trace v1.34.0 // indirect
94-
go.uber.org/atomic v1.7.0 // indirect
95-
go.uber.org/multierr v1.6.0 // indirect
96-
go.uber.org/zap v1.17.0 // indirect
97-
golang.org/x/mod v0.17.0 // indirect
98-
golang.org/x/sys v0.29.0 // indirect
99-
golang.org/x/text v0.21.0 // indirect
100-
google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect
101-
google.golang.org/genproto/googleapis/rpc v0.0.0-20250127172529-29210b9bc287 // indirect
92+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
93+
go.opentelemetry.io/otel v1.36.0 // indirect
94+
go.opentelemetry.io/otel/metric v1.36.0 // indirect
95+
go.opentelemetry.io/otel/trace v1.36.0 // indirect
96+
go.uber.org/multierr v1.11.0 // indirect
97+
go.uber.org/zap v1.27.0 // indirect
98+
golang.org/x/mod v0.24.0 // indirect
99+
golang.org/x/sync v0.14.0 // indirect
100+
golang.org/x/sys v0.33.0 // indirect
101+
golang.org/x/text v0.25.0 // indirect
102+
golang.org/x/tools v0.33.0 // indirect
103+
google.golang.org/genproto/googleapis/api v0.0.0-20250519155744-55703ea1f237 // indirect
104+
google.golang.org/genproto/googleapis/rpc v0.0.0-20250519155744-55703ea1f237 // indirect
102105
gopkg.in/yaml.v2 v2.4.0 // indirect
103106
gopkg.in/yaml.v3 v3.0.1 // indirect
104107
)

0 commit comments

Comments
 (0)