Merge pull request #1412 from buildpacks-community/0-10-4-dep-bump

[0.10.x] Bump deps and go version for CVE fixes
buildpacks-community · Nov 23, 2023 · 7bf2f1f · 7bf2f1f
2 parents 525b225 + cc368f6
commit 7bf2f1f
Show file tree

Hide file tree

Showing 4 changed files with 93 additions and 27 deletions.
diff --git a/.github/actions/pack-build/action.yml b/.github/actions/pack-build/action.yml
@@ -20,6 +20,10 @@ inputs:
 runs:
   using: "composite"
   steps:
+  - name: Set up Go
+    uses: actions/setup-go@v4
+    with:
+      go-version-file: 'go.mod'
   - name: setup-pack-linux
     if: ${{ runner.os == 'linux' }}
     uses: buildpacks/github-actions/[email protected]
@@ -46,7 +50,7 @@ runs:
       KPACK_VERSION=$version
       KPACK_COMMIT=$GITHUB_SHA
       mkdir report
-      
+
       export PATH="$PATH:$(pwd)"
       pack build ${{ inputs.tag }} \
         --builder ${{ inputs.builder }} \
@@ -55,7 +59,7 @@ runs:
         --report-output-dir . \
         --cache-image ${{ inputs.tag }}-cache \
         --publish ${{ inputs.additional_pack_args }}
-      
+
       mkdir images
       digest=$(go run .github/actions/pack-build/report.go -path ./report.toml)
       name=$(basename ${{ inputs.tag }})

diff --git a/.github/workflows/unit-test.yaml b/.github/workflows/unit-test.yaml
@@ -10,6 +10,10 @@ jobs:
     - uses: actions/checkout@v3
       with:
         fetch-depth: 0
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version-file: 'go.mod'
     - name: Run tests
       uses: ./.github/actions/run-tests
     - name: Report coverage

diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/pivotal/kpack
 
-go 1.18
+go 1.21
 
 require (
 	github.com/BurntSushi/toml v1.3.2
@@ -26,7 +26,7 @@ require (
 	github.com/vdemeester/k8s-pkg-credentialprovider v1.22.4
 	github.com/whilp/git-urls v1.0.0
 	go.uber.org/zap v1.23.0
-	golang.org/x/crypto v0.7.0
+	golang.org/x/crypto v0.14.0
 	golang.org/x/sync v0.1.0
 	k8s.io/api v0.24.8
 	k8s.io/apimachinery v0.24.8
@@ -111,8 +111,8 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dimchansky/utfbom v1.1.1 // indirect
 	github.com/docker/cli v20.10.20+incompatible // indirect
-	github.com/docker/distribution v2.8.1+incompatible // indirect
-	github.com/docker/docker v20.10.20+incompatible // indirect
+	github.com/docker/distribution v2.8.2-beta.1+incompatible // indirect
+	github.com/docker/docker v20.10.24+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
 	github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
@@ -209,7 +209,7 @@ require (
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
 	github.com/open-policy-agent/opa v0.45.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc2 // indirect
+	github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.5 // indirect
@@ -283,11 +283,11 @@ require (
 	go.uber.org/multierr v1.8.0 // indirect
 	golang.org/x/exp v0.0.0-20220823124025-807a23277127 // indirect
 	golang.org/x/mod v0.8.0 // indirect
-	golang.org/x/net v0.8.0 // indirect
+	golang.org/x/net v0.17.0 // indirect
 	golang.org/x/oauth2 v0.1.0 // indirect
-	golang.org/x/sys v0.6.0 // indirect
-	golang.org/x/term v0.6.0 // indirect
-	golang.org/x/text v0.8.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/term v0.13.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
 	golang.org/x/time v0.0.0-20220922220347-f3bd1da661af // indirect
 	golang.org/x/tools v0.6.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect