fix some minor cves

update golang to 1.21.5
fix featureflags init in go tests
2023-12-27 08:48:30 +13:00 · 2023-12-27 08:33:22 +13:00 · 2023-12-27 08:33:02 +13:00
12 changed files with 30 additions and 25 deletions
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -17,7 +17,7 @@ on:
 env:
  DOCKER_HUB_REPO: portainerci/portainer
  NODE_ENV: testing
-  GO_VERSION: 1.21.3
+  GO_VERSION: 1.21.5
  NODE_VERSION: 18.x

 jobs:
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -13,7 +13,7 @@ on:
      - release/*

 env:
-  GO_VERSION: 1.21.3
+  GO_VERSION: 1.21.5

 jobs:
  run-linters:
--- a/.github/workflows/nightly-security-scan.yml
+++ b/.github/workflows/nightly-security-scan.yml
@@ -6,7 +6,7 @@ on:
  workflow_dispatch:

 env:
-  GO_VERSION: 1.21.3
+  GO_VERSION: 1.21.5

 jobs:
  client-dependencies:
@@ -144,7 +144,7 @@ jobs:
          image: portainerci/portainer:develop
          sarif-file: image-docker-scout.json
          dockerhub-user: ${{ secrets.DOCKER_HUB_USERNAME }}
-          dockerhub-password: ${{ secrets.DOCKER_HUB_PASSWORD }} 
+          dockerhub-password: ${{ secrets.DOCKER_HUB_PASSWORD }}

      - name: upload Docker Scout image security scan result as artifact
        uses: actions/upload-artifact@v3
@@ -197,7 +197,7 @@ jobs:
          matrix.js.status == 'failure' ||
          matrix.go.status == 'failure' || 
          matrix.image-trivy.status == 'failure' || 
-          matrix.image-docker-scout.status == 'failure' 
+          matrix.image-docker-scout.status == 'failure'
        uses: slackapi/slack-github-action@v1.23.0
        with:
          payload: |
--- a/.github/workflows/pr-security.yml
+++ b/.github/workflows/pr-security.yml
@@ -14,7 +14,7 @@ on:
      - '.github/workflows/pr-security.yml'

 env:
-  GO_VERSION: 1.21.3
+  GO_VERSION: 1.21.5
  NODE_VERSION: 18.x

 jobs:
--- a/.github/workflows/rebase.yml
+++ b/.github/workflows/rebase.yml
@@ -16,4 +16,4 @@ jobs:
      - name: Automatic Rebase
        uses: cirrus-actions/rebase@1.4
        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/validate-openapi-spec.yaml
+++ b/.github/workflows/validate-openapi-spec.yaml
@@ -8,7 +8,7 @@ on:
      - 'release/*'

 env:
-  GO_VERSION: 1.21.3
+  GO_VERSION: 1.21.5
  NODE_VERSION: 18.x

 jobs:
--- a/api/http/handler/auth/authenticate.go
+++ b/api/http/handler/auth/authenticate.go
@@ -26,7 +26,7 @@ type authenticatePayload struct {

 type authenticateResponse struct {
 	// JWT token used to authenticate against the API
-	JWT string `json:"jwt" example:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTQ5OTM3NjE1NH0.NJ6vE8FY1WG6jsRQzfMqeatJ4vh2TWAeeYfDhP71YEE"`
+	JWT string `json:"jwt" example:"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzAB"`
 }

 func (payload *authenticatePayload) Validate(r *http.Request) error {
--- a/api/swagger.yaml
+++ b/api/swagger.yaml
@@ -18,7 +18,7 @@ definitions:
    properties:
      jwt:
        description: JWT token used to authenticate against the API
-        example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTQ5OTM3NjE1NH0.NJ6vE8FY1WG6jsRQzfMqeatJ4vh2TWAeeYfDhP71YEE
+        example: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuvwxyzAB
        type: string
    type: object
  auth.oauthPayload:
@@ -2524,7 +2524,7 @@ info:
    Example:

    ```
-    Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTQ5OTM3NjE1NH0.NJ6vE8FY1WG6jsRQzfMqeatJ4vh2TWAeeYfDhP71YEE
+    Bearer abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuvwxyzAB
    ```

    # Security
--- a/binary-version.json
+++ b/binary-version.json
@@ -1,7 +1,7 @@
 {
-  "docker": "v24.0.6",
-  "dockerCompose": "v2.23.0",
-  "helm": "v3.13.1",
-  "kubectl": "v1.28.3",
+  "docker": "v24.0.7",
+  "dockerCompose": "v2.23.3",
+  "helm": "v3.13.3",
+  "kubectl": "v1.29.0",
  "mingit": "2.42.0.2"
 }
--- a/package.json
+++ b/package.json
@@ -196,7 +196,7 @@
    "msw-storybook-addon": "^1.8.0",
    "ngtemplate-loader": "^2.1.0",
    "plop": "^4.0.0",
-    "postcss": "^8.4.31",
+    "postcss": "^8.4.32",
    "postcss-loader": "^7.3.3",
    "prettier": "^3.0.3",
    "prettier-plugin-tailwindcss": "^0.5.4",
--- a/pkg/featureflags/featureflags_test.go
+++ b/pkg/featureflags/featureflags_test.go
@@ -14,7 +14,7 @@ func Test_enableFeaturesFromFlags(t *testing.T) {
 	supportedFeatures := []Feature{"supported", "supported2", "supported3", "supported4", "supported5"}

 	t.Run("supported features should be supported", func(t *testing.T) {
-		Init(supportedFeatures)
+		initSupportedFeatures(supportedFeatures)

 		for _, featureFlag := range supportedFeatures {
 			is.True(IsSupported(featureFlag))
@@ -22,7 +22,7 @@ func Test_enableFeaturesFromFlags(t *testing.T) {
 	})

 	t.Run("unsupported features should not be supported", func(t *testing.T) {
-		Init(supportedFeatures)
+		initSupportedFeatures(supportedFeatures)

 		is.False(IsSupported("unsupported"))
 	})
@@ -35,13 +35,13 @@ func Test_enableFeaturesFromFlags(t *testing.T) {
 	}

 	for _, test := range tests {
-		Init(supportedFeatures)
+		initSupportedFeatures(supportedFeatures)

 		os.Unsetenv("PORTAINER_FEATURE_FLAGS")
 		os.Setenv("PORTAINER_FEATURE_FLAGS", strings.Join(test.envFeatureFlags, ","))

 		t.Run("testing", func(t *testing.T) {
-			Parse(test.cliFeatureFlags)
+			Parse(test.cliFeatureFlags, supportedFeatures)
 			supported := toFeatureMap(test.cliFeatureFlags, test.envFeatureFlags)

 			// add env flags to supported flags
--- a/yarn.lock
+++ b/yarn.lock
@@ -12648,6 +12648,11 @@ nanoid@^3.3.4:
  resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.4.tgz#730b67e3cd09e2deacf03c027c81c9d9dbc5e8ab"
  integrity sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==

+nanoid@^3.3.7:
+  version "3.3.7"
+  resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.7.tgz#d0c301a691bc8d54efa0a2226ccf3fe2fd656bd8"
+  integrity sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==
+
 natural-compare@^1.4.0:
  version "1.4.0"
  resolved "https://registry.yarnpkg.com/natural-compare/-/natural-compare-1.4.0.tgz#4abebfeed7541f2c27acfb29bdbbd15c8d5ba4f7"
@@ -13900,12 +13905,12 @@ postcss@^8.4.23:
    picocolors "^1.0.0"
    source-map-js "^1.0.2"

-postcss@^8.4.31:
-  version "8.4.31"
-  resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.31.tgz#92b451050a9f914da6755af352bdc0192508656d"
-  integrity sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==
+postcss@^8.4.32:
+  version "8.4.32"
+  resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.32.tgz#1dac6ac51ab19adb21b8b34fd2d93a86440ef6c9"
+  integrity sha512-D/kj5JNu6oo2EIy+XL/26JEDTlIbB8hw85G8StOE6L74RQAVVP5rej6wxCNqyMbR4RkPfqvezVbPw81Ngd6Kcw==
  dependencies:
-    nanoid "^3.3.6"
+    nanoid "^3.3.7"
    picocolors "^1.0.0"
    source-map-js "^1.0.2"
Author	SHA1	Message	Date
Matt Hook	a2eda1d19e	fix some minor cves	2023-12-27 08:48:30 +13:00
Matt Hook	7cf511ff8b	update golang to 1.21.5	2023-12-27 08:33:22 +13:00
Matt Hook	7ecb8a6a44	fix featureflags init in go tests	2023-12-27 08:33:02 +13:00