From 69f92b31c45f364a69b87e3bf846bbb3135941a3 Mon Sep 17 00:00:00 2001 From: Suresh Prakash <93120060+suresh-prakash@users.noreply.github.com> Date: Thu, 16 Apr 2026 16:20:01 +0530 Subject: [PATCH 1/3] Update plugin versions in build.gradle.kts --- build.gradle.kts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build.gradle.kts b/build.gradle.kts index d0ee003..3a28ba2 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -1,5 +1,5 @@ plugins { - id("org.hypertrace.repository-plugin") version "0.4.0" - id("org.hypertrace.docker-plugin") version "0.9.9" - id("org.hypertrace.docker-publish-plugin") version "0.9.9" + id("org.hypertrace.repository-plugin") version "0.5.0" + id("org.hypertrace.docker-plugin") version "0.11.3" + id("org.hypertrace.docker-publish-plugin") version "0.11.3" } From fe003267a43ef28d7061b0bc859e31b4b31b9138 Mon Sep 17 00:00:00 2001 From: Suresh Prakash Date: Thu, 16 Apr 2026 16:52:10 +0530 Subject: [PATCH 2/3] ASP-1893: Bump Alpine to 3.23 and kubectl to v1.35.4 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes security vulnerabilities (CVE-2025-68121, CVE-2025-15467, etc.) in the kstreams-app-version-checker image by upgrading: - Alpine: 3.20 → 3.23 (patches OpenSSL 3.3.7+ and curl 8.14.1+) - kubectl: v1.28.14 → v1.35.4 (compiled with Go ≥1.24.13) Co-Authored-By: Claude Opus 4.6 --- kstreams-app-version-checker/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kstreams-app-version-checker/Dockerfile b/kstreams-app-version-checker/Dockerfile index a26cad5..1f08281 100644 --- a/kstreams-app-version-checker/Dockerfile +++ b/kstreams-app-version-checker/Dockerfile @@ -1,6 +1,6 @@ -FROM alpine:3.20 +FROM alpine:3.23 -ENV KUBECTL_VERSION=v1.28.14 +ENV KUBECTL_VERSION=v1.35.4 RUN apk add curl jq --no-cache && \ curl -LO "https://dl.k8s.io/release/$KUBECTL_VERSION/bin/linux/amd64/kubectl" && \ From f46634f821095749e4836e67c3f1722c8edacbea Mon Sep 17 00:00:00 2001 From: Suresh Prakash Date: Thu, 16 Apr 2026 17:00:07 +0530 Subject: [PATCH 3/3] ASP-1893: Bump Go to 1.26.2 for kafka-topic-creator image MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes Go stdlib CVEs (CVE-2025-68121, CVE-2025-61726, CVE-2026-25679, CVE-2026-32280, etc.) flagged by Trivy scan in CI. - Dockerfile: golang 1.22.7 → 1.26.2 - go.mod: go 1.22.7 → 1.26.2 Co-Authored-By: Claude Opus 4.6 --- kafka-topic-creator/Dockerfile | 2 +- kafka-topic-creator/src/main/go/go.mod | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/kafka-topic-creator/Dockerfile b/kafka-topic-creator/Dockerfile index e2c0990..d502c76 100644 --- a/kafka-topic-creator/Dockerfile +++ b/kafka-topic-creator/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22.7 AS builder +FROM golang:1.26.2 AS builder COPY src/main/go /opt WORKDIR /opt diff --git a/kafka-topic-creator/src/main/go/go.mod b/kafka-topic-creator/src/main/go/go.mod index 112d671..04646fb 100644 --- a/kafka-topic-creator/src/main/go/go.mod +++ b/kafka-topic-creator/src/main/go/go.mod @@ -1,6 +1,6 @@ module hypertrace.org/kafka-topic-creator -go 1.22.7 +go 1.26.2 require ( github.com/confluentinc/confluent-kafka-go/v2 v2.5.3