primal/athens
1
0
Fork 0
mirror of https://github.com/gomods/athens synced 2026-02-03 05:20:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
athens/docker-compose.yml
William Fisher cef941bf85 go.mod: vulnerabilities: bump go version to 1.23.12 for (#2077) 
`govulncheck` detects some vulnerabilities from the current builds that
are resolved by bumping the minor Go version to `.12`. I have kept the
major version the same.

On current `main`:

    $ go build -o athens ./cmd/proxy/main.go
    $ govulncheck -mode binary ./athens
    === Symbol Results ===

    Vulnerability #1: GO-2025-3956
        Unexpected paths returned from LookPath in os/exec
      More info: https://pkg.go.dev/vuln/GO-2025-3956
      Standard library
        Found in: os/exec@go1.23.5
        Fixed in: os/exec@go1.23.12
        Vulnerable symbols found:
          #1: exec.LookPath

    Vulnerability #2: GO-2025-3849
        Incorrect results returned from Rows.Scan in database/sql
      More info: https://pkg.go.dev/vuln/GO-2025-3849
      Standard library
        Found in: database/sql@go1.23.5
        Fixed in: database/sql@go1.23.12
        Vulnerable symbols found:
          #1: sql.Row.Scan
          #2: sql.Rows.Scan

    Vulnerability #3: GO-2025-3751
        Sensitive headers not cleared on cross-origin redirect in net/http
      More info: https://pkg.go.dev/vuln/GO-2025-3751
      Standard library
        Found in: net/http@go1.23.5
        Fixed in: net/http@go1.23.10
        Vulnerable symbols found:
          #1: http.Client.Do
          #2: http.Client.Get
          #3: http.Client.Head
          #4: http.Client.Post
          #5: http.Client.PostForm

    Vulnerability #4: GO-2025-3563
        Request smuggling due to acceptance of invalid chunked data in net/http
      More info: https://pkg.go.dev/vuln/GO-2025-3563
      Standard library
        Found in: net/http/internal@go1.23.5
        Fixed in: net/http/internal@go1.23.8
        Vulnerable symbols found:
          #1: internal.chunkedReader.Read

    Your code is affected by 4 vulnerabilities from the Go standard library.
    This scan also found 0 vulnerabilities in packages you import and 2
    vulnerabilities in modules you require, but your code doesn't appear to call
    these vulnerabilities.
    Use '-show verbose' for more details.

After version bump:

    $ go build -o athens ./cmd/proxy/main.go
    $ govulncheck -mode=binary ./athens 
    === Symbol Results ===

    No vulnerabilities found.

    Your code is affected by 0 vulnerabilities.
    This scan also found 0 vulnerabilities in packages you import and 2
    vulnerabilities in modules you require, but your code doesn't appear to call
    these vulnerabilities.
    Use '-show verbose' for more details.
2025-10-23 16:24:05 +02:00

173 lines
3.9 KiB
YAML
Raw Permalink Blame History

version: '3'
services:
dev:
build:
context: .
dockerfile: cmd/proxy/Dockerfile
args:
GOLANG_VERSION: "1.23.12"
environment:
- ATHENS_MONGO_STORAGE_URL=mongodb://mongo:27017
- TIMEOUT=20 # in case the mongo dependency takes longer to start up
- ATHENS_STORAGE_TYPE=mongo
ports:
- 3000:3000
depends_on:
- mongo
- jaeger
testunit:
build:
context: .
dockerfile: Dockerfile.test
args:
GOLANG_VERSION: "1.23.12"
command: ["./scripts/test_unit.sh"]
environment:
- GO_ENV=test
- ATHENS_MINIO_ENDPOINT=http://minio:9000
- ATHENS_MONGO_STORAGE_URL=mongodb://mongo:27017
- TIMEOUT=20 # in case the mongo dependency takes longer to start up
- ATHENS_STORAGE_TYPE=mongo
depends_on:
- mongo
- minio
teste2e:
build:
context: .
dockerfile: Dockerfile.test
args:
GOLANG_VERSION: "1.23.12"
command: ["./scripts/test_e2e.sh"]
azurite:
image: arafato/azurite:2.6.5
ports:
- 10000:10000
environment:
executable: blob
mongo:
image: mongo:3.7.9-jessie
ports:
- 27017:27017
minio:
image: minio/minio:latest
command: server /data
ports:
- "9001:9000"
environment:
MINIO_ACCESS_KEY: minio
MINIO_SECRET_KEY: minio123
datadog:
environment:
- DD_API_KEY=
- DD_LOG_LEVEL=trace
- DD_APM_ENABLED=true
image:
datadog/agent:latest
ports:
- 8126:8126
jaeger:
environment:
- COLLECTOR_ZIPKIN_HTTP_PORT=9441
image: jaegertracing/all-in-one:latest
ports:
- 14268:14268
- 9411:9411
- 5775:5775/udp
- 6831:6831/udp
- 6832:6832/udp
- 5778:5778
- 16686:16686
redis:
image: redis
ports:
- 6379:6379
redis-sentinel:
image: bitnamilegacy/redis-sentinel
environment:
- REDIS_MASTER_HOST=redis
- REDIS_MASTER_SET=redis-1
- REDIS_SENTINEL_PASSWORD=sekret
- REDIS_SENTINEL_QUORUM=1
ports:
- 26379:26379
depends_on:
- "redis"
protectedredis:
image: redis
ports:
- "6380:6380"
volumes:
- "./test/redis.conf:/usr/local/etc/redis/redis.conf"
entrypoint: ["redis-server", "/usr/local/etc/redis/redis.conf"]
etcd0:
image: quay.io/coreos/etcd
ports:
- "2379:2379"
volumes:
- etcd0:/etcd_data
command:
- /usr/local/bin/etcd
- -name
- etcd0
- --data-dir
- /etcd_data
- -advertise-client-urls
- http://etcd0:2379
- -listen-client-urls
- http://0.0.0.0:2379
- -initial-advertise-peer-urls
- http://etcd0:2380
- -listen-peer-urls
- http://0.0.0.0:2380
- -initial-cluster
- etcd0=http://etcd0:2380,etcd1=http://etcd1:2380,etcd2=http://etcd2:2380
etcd1:
image: quay.io/coreos/etcd
ports:
- "22379:2379"
volumes:
- etcd1:/etcd_data
command:
- /usr/local/bin/etcd
- -name
- etcd1
- --data-dir
- /etcd_data
- -advertise-client-urls
- http://etcd1:2379
- -listen-client-urls
- http://0.0.0.0:2379
- -initial-advertise-peer-urls
- http://etcd1:2380
- -listen-peer-urls
- http://0.0.0.0:2380
- -initial-cluster
- etcd0=http://etcd0:2380,etcd1=http://etcd1:2380,etcd2=http://etcd2:2380
etcd2:
image: quay.io/coreos/etcd
ports:
- "32379:2379"
volumes:
- etcd2:/etcd_data
command:
- /usr/local/bin/etcd
- -name
- etcd2
- --data-dir
- /etcd_data
- -advertise-client-urls
- http://etcd2:2379
- -listen-client-urls
- http://0.0.0.0:2379
- -initial-advertise-peer-urls
- http://etcd2:2380
- -listen-peer-urls
- http://0.0.0.0:2380
- -initial-cluster
- etcd0=http://etcd0:2380,etcd1=http://etcd1:2380,etcd2=http://etcd2:2380
volumes:
etcd0:
etcd1:
etcd2:
Reference in New Issue View Git Blame Copy Permalink