Upgrade ap-base from 3.18.9 to 3.20.3 1 (#931)

astronomer · Jan 31, 2025 · 3d55e3d · 3d55e3d
1 parent 9066020
commit 3d55e3d
Show file tree

Hide file tree

Showing 52 changed files with 60 additions and 49 deletions.
diff --git a/alertmanager/Dockerfile b/alertmanager/Dockerfile
@@ -16,7 +16,7 @@
 # https://hub.docker.com/r/prom/alertmanager/tags?page=1&ordering=last_updated
 FROM prom/alertmanager:v0.27.0 AS UPSTREAM
 
-FROM quay.io/astronomer/ap-base:3.18.9
+FROM quay.io/astronomer/ap-base:3.20.3-1
 LABEL maintainer="Astronomer <[email protected]>"
 ARG BUILD_NUMBER=-1
 LABEL io.astronomer.docker=true

diff --git a/alertmanager/trivyignore b/alertmanager/trivyignore
@@ -3,3 +3,5 @@
 CVE-2023-45288
 CVE-2024-24790
 CVE-2024-34156
+CVE-2024-45337
+CVE-2024-45338
diff --git a/alertmanager/twistcliignore b/alertmanager/twistcliignore
@@ -1,5 +1,6 @@
 # Upstream alertmanager images include several CVEs.
 # We should try to remove these each time we update.
+CVE-2023-42366
 CVE-2023-45288
 CVE-2024-24790
 GO-2024-2883
diff --git a/alertmanager/version.txt b/alertmanager/version.txt
@@ -1 +1 @@
-0.27.0-3
+0.27.0-4
diff --git a/awsesproxy/Dockerfile b/awsesproxy/Dockerfile
@@ -25,7 +25,7 @@ RUN git clone  https://github.com/astronomer/aws-es-proxy.git $AWSESPROXY_DIR &&
 
 RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o aws-es-proxy
 
-FROM quay.io/astronomer/ap-base:3.18.9
+FROM quay.io/astronomer/ap-base:3.20.3-1
 LABEL maintainer="Astronomer <[email protected]>"
 
 ARG BUILD_NUMBER=-1

diff --git a/awsesproxy/trivyignore b/awsesproxy/trivyignore
@@ -3,3 +3,4 @@
 CVE-2023-45288
 CVE-2024-24790
 CVE-2024-34156
+CVE-2024-45338
diff --git a/awsesproxy/twistcliignore b/awsesproxy/twistcliignore
@@ -1,2 +1,3 @@
+CVE-2023-42366
 CVE-2023-45288
 CVE-2024-24790
diff --git a/awsesproxy/version.txt b/awsesproxy/version.txt
@@ -1 +1 @@
-1.5.0-11
+1.5.0-12
diff --git a/blackbox-exporter/Dockerfile b/blackbox-exporter/Dockerfile
@@ -35,7 +35,7 @@ RUN git clone https://github.com/prometheus/blackbox_exporter $DISTRIBUTION_DIR
 
 RUN CGO_ENABLED=0 make build
 
-FROM quay.io/astronomer/ap-base:3.18.9
+FROM quay.io/astronomer/ap-base:3.20.3-1
 LABEL maintainer="Astronomer <[email protected]>"
 
 ARG BUILD_NUMBER=-1

diff --git a/blackbox-exporter/trivyignore b/blackbox-exporter/trivyignore
@@ -4,3 +4,5 @@ CVE-2023-45283
 CVE-2023-45288
 CVE-2024-24790
 CVE-2024-34156
+CVE-2024-45337
+CVE-2024-45338
diff --git a/blackbox-exporter/twistcliignore b/blackbox-exporter/twistcliignore
@@ -1 +1,2 @@
+CVE-2023-42366
 CVE-2024-24790
diff --git a/blackbox-exporter/version.txt b/blackbox-exporter/version.txt
@@ -1 +1 @@
-0.25.0-3
+0.25.0-4
diff --git a/curator/Dockerfile b/curator/Dockerfile
@@ -14,7 +14,7 @@
 # limitations under the License.
 
 # https://quay.io/repository/astronomer/ap-base?tab=tags
-FROM quay.io/astronomer/ap-base:3.18.9
+FROM quay.io/astronomer/ap-base:3.20.3-1
 LABEL maintainer="Astronomer <[email protected]>"
 
 ARG BUILD_NUMBER=-1

diff --git a/curator/twistcliignore b/curator/twistcliignore
@@ -1,10 +1,11 @@
+CVE-2023-0286
+CVE-2023-32681
+CVE-2023-42366
 CVE-2023-49083
 CVE-2023-50782
 CVE-2023-5752
 CVE-2024-0727
-CVE-2024-26130
 CVE-2024-37891
-CVE-2024-50602
-CVE-2024-9143
-GHSA-h4gh-qq45-vh27
+GHSA-5cpq-8wj7-hf2v
+GHSA-jm77-qphf-c4w8
 GHSA-v8gr-m533-ghj9
diff --git a/curator/version.txt b/curator/version.txt
@@ -1 +1 @@
-8.0.17
+8.0.17-1
diff --git a/git-daemon/Dockerfile b/git-daemon/Dockerfile
@@ -14,7 +14,7 @@
 # limitations under the License.
 
 # https://github.com/kubernetes/git-sync/releases
-FROM quay.io/astronomer/ap-base:3.18.9
+FROM quay.io/astronomer/ap-base:3.20.3-1
 LABEL maintainer="Astronomer <[email protected]>"
 
 ARG BUILD_NUMBER=-1

diff --git a/git-daemon/twistcliignore b/git-daemon/twistcliignore
@@ -1,5 +1 @@
-CVE-2023-39326
-CVE-2023-45283
-CVE-2023-45284
-CVE-2023-45285
-CVE-2023-48795
+CVE-2023-42366
diff --git a/git-daemon/version.txt b/git-daemon/version.txt
@@ -1 +1 @@
-3.18.9
+3.20.3-1
diff --git a/git-sync-relay/Dockerfile b/git-sync-relay/Dockerfile
@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM quay.io/astronomer/ap-base:3.18.9
+FROM quay.io/astronomer/ap-base:3.20.3-1
 LABEL maintainer="Astronomer <[email protected]>"
 
 ARG BUILD_NUMBER=-1

diff --git a/git-sync-relay/version.txt b/git-sync-relay/version.txt
@@ -1 +1 @@
-0.0.3-6
+0.0.3-7
diff --git a/init/Dockerfile b/init/Dockerfile
@@ -1,7 +1,7 @@
 # Used only for kubernetes initContainer tasks
 
 # Inherit dockerize and RDS certificates from ap-base
-FROM quay.io/astronomer/ap-base:3.19.4
+FROM quay.io/astronomer/ap-base:3.20.3-1
 
 RUN apk add --no-cache curl  shadow
 

diff --git a/init/twistcliignore b/init/twistcliignore
@@ -1,2 +1 @@
-CVE-2024-50602
-CVE-2024-9143
+CVE-2023-42366
diff --git a/init/version.txt b/init/version.txt
@@ -1 +1 @@
-3.19.4
+3.20.3-1
diff --git a/nats-exporter/Dockerfile b/nats-exporter/Dockerfile
@@ -30,7 +30,7 @@ RUN git clone --branch v${NATS_EXPORTER_VERSION} https://github.com/nats-io/prom
 RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -v -a -tags netgo -installsuffix netgo -ldflags "-s -w"
 
 # Final docker image building stage
-FROM quay.io/astronomer/ap-base:3.18.9
+FROM quay.io/astronomer/ap-base:3.20.3-1
 
 ARG BUILD_NUMBER=-1
 LABEL io.astronomer.docker=true

diff --git a/nats-exporter/trivyignore b/nats-exporter/trivyignore
@@ -2,3 +2,4 @@
 # We should try to remove these each time we update.
 CVE-2024-24790
 CVE-2024-34156
+CVE-2024-45337
diff --git a/nats-exporter/twistcliignore b/nats-exporter/twistcliignore
@@ -1 +1,2 @@
+CVE-2023-42366
 CVE-2024-24790
diff --git a/nats-exporter/version.txt b/nats-exporter/version.txt
@@ -1 +1 @@
-0.15.0-3
+0.15.0-4
diff --git a/nats-server/Dockerfile b/nats-server/Dockerfile
@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM quay.io/astronomer/ap-base:3.18.9
+FROM quay.io/astronomer/ap-base:3.20.3-1
 
 LABEL maintainer="Astronomer <[email protected]>"
 

diff --git a/nats-server/trivyignore b/nats-server/trivyignore
@@ -2,3 +2,4 @@ CVE-2023-45283
 CVE-2023-45288
 CVE-2024-24790
 CVE-2024-34156
+CVE-2024-45337
diff --git a/nats-server/twistcliignore b/nats-server/twistcliignore
@@ -1 +1 @@
-CVE-2024-24790
+CVE-2023-42366
diff --git a/nats-server/version.txt b/nats-server/version.txt
@@ -1 +1 @@
-2.10.18-1
+2.10.18-2
diff --git a/nats-streaming/Dockerfile b/nats-streaming/Dockerfile
@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM quay.io/astronomer/ap-base:3.18.9
+FROM quay.io/astronomer/ap-base:3.20.3-1
 
 LABEL maintainer="Astronomer <[email protected]>"
 

diff --git a/nats-streaming/trivyignore b/nats-streaming/trivyignore
@@ -1,3 +1,4 @@
 CVE-2023-45288
 CVE-2024-24790
 CVE-2024-34156
+CVE-2024-45337
diff --git a/nats-streaming/version.txt b/nats-streaming/version.txt
@@ -1 +1 @@
-0.25.6-6
+0.25.6-7
diff --git a/pgbouncer-exporter/Dockerfile b/pgbouncer-exporter/Dockerfile
@@ -16,7 +16,7 @@
 # https://hub.docker.com/r/jbub/pgbouncer_exporter
 FROM jbub/pgbouncer_exporter:v0.18.0 AS upstream
 
-FROM quay.io/astronomer/ap-base:3.20.3
+FROM quay.io/astronomer/ap-base:3.20.3-1
 
 LABEL maintainer="Astronomer <[email protected]>"
 

diff --git a/pgbouncer-exporter/version.txt b/pgbouncer-exporter/version.txt
@@ -1 +1 @@
-0.18.0
+0.18.0-1
diff --git a/pgbouncer-krb/Dockerfile b/pgbouncer-krb/Dockerfile
@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM quay.io/astronomer/ap-base:3.20.3
+FROM quay.io/astronomer/ap-base:3.20.3-1
 LABEL maintainer="Astronomer <[email protected]>"
 
 ARG BUILD_NUMBER=-1

diff --git a/pgbouncer-krb/twistcliignore b/pgbouncer-krb/twistcliignore
@@ -1 +1 @@
-CVE-2024-50602
+CVE-2023-42366
diff --git a/pgbouncer-krb/version.txt b/pgbouncer-krb/version.txt
@@ -1 +1 @@
-1.17.0-15
+1.17.0-16
diff --git a/pgbouncer/Dockerfile b/pgbouncer/Dockerfile
@@ -15,7 +15,7 @@
 
 # https://github.com/CenterForOpenScience/docker-library/blob/master/pgbouncer/Dockerfile
 # https://quay.io/repository/centerforopenscience/pgbouncer
-FROM quay.io/astronomer/ap-base:3.18.9
+FROM quay.io/astronomer/ap-base:3.20.3-1
 LABEL maintainer="Astronomer <[email protected]>"
 
 # Make it possible to override the UID/GID/username of the user running

diff --git a/pgbouncer/version.txt b/pgbouncer/version.txt
@@ -1 +1 @@
-1.23.1-2
+1.23.1-3
diff --git a/postgres-exporter/Dockerfile b/postgres-exporter/Dockerfile
@@ -18,7 +18,7 @@
 
 FROM quay.io/prometheuscommunity/postgres-exporter:v0.16.0 AS upstream
 
-FROM quay.io/astronomer/ap-base:3.18.9
+FROM quay.io/astronomer/ap-base:3.20.3-1
 
 ARG BUILD_NUMBER=-1
 LABEL io.astronomer.docker=true

diff --git a/postgres-exporter/trivyignore b/postgres-exporter/trivyignore
@@ -4,3 +4,5 @@ CVE-2023-45283
 CVE-2023-45288
 CVE-2024-24790
 CVE-2024-34156
+CVE-2024-45337
+CVE-2024-45338
diff --git a/postgres-exporter/twistcliignore b/postgres-exporter/twistcliignore
@@ -1,2 +1 @@
-CVE-2024-50602
-CVE-2024-9143
+CVE-2023-42366
diff --git a/postgres-exporter/version.txt b/postgres-exporter/version.txt
@@ -1 +1 @@
-0.16.0
+0.16.0-1
diff --git a/registry/Dockerfile b/registry/Dockerfile
@@ -36,7 +36,7 @@ RUN git clone https://github.com/astronomer/distribution.git $DISTRIBUTION_DIR &
 
 RUN CGO_ENABLED=0 make PREFIX=/go clean binaries && file ./bin/registry | grep "statically linked"
 
-FROM quay.io/astronomer/ap-base:3.18.9
+FROM quay.io/astronomer/ap-base:3.20.3-1
 LABEL maintainer="Astronomer <[email protected]>"
 
 ARG BUILD_NUMBER=-1

diff --git a/registry/trivyignore b/registry/trivyignore
@@ -46,4 +46,6 @@ CVE-2023-45287
 CVE-2023-45288
 CVE-2024-24790
 CVE-2024-34156
+CVE-2024-45337
+CVE-2024-45338
 GHSA-m425-mq94-257g
diff --git a/registry/twistcliignore b/registry/twistcliignore
@@ -35,9 +35,11 @@ CVE-2023-39318
 CVE-2023-39319
 CVE-2023-39325
 CVE-2023-39326
+CVE-2023-42366
 CVE-2023-45284
 CVE-2023-45287
 CVE-2023-45288
+CVE-2024-51744
 GHSA-77vh-xpmg-72qh
 PRISMA-2022-0164
 PRISMA-2023-0056
diff --git a/registry/version.txt b/registry/version.txt
@@ -1 +1 @@
-3.18.9
+3.20.3-1
diff --git a/vector/Dockerfile b/vector/Dockerfile
@@ -21,7 +21,7 @@ ENV VECTOR_VERSION 0.44.0
 RUN curl -fsSL https://github.com/vectordotdev/vector/releases/download/v${VECTOR_VERSION}/vector-${VECTOR_VERSION}-x86_64-unknown-linux-musl.tar.gz \
     | tar --directory=/tmp --strip-components=3 -xzf - ./vector-x86_64-unknown-linux-musl/bin/vector
 
-FROM quay.io/astronomer/ap-base:3.18.9-1
+FROM quay.io/astronomer/ap-base:3.20.3-1
 
 LABEL maintainer="Astronomer <[email protected]>"
 

diff --git a/vector/twistcliignore b/vector/twistcliignore
@@ -1,3 +1 @@
 CVE-2023-42366
-CVE-2024-50602
-CVE-2024-9143
diff --git a/vector/version.txt b/vector/version.txt
@@ -1 +1 @@
-0.44.0
+0.44.0-1