Skip to content

Commit 8250d18

Browse files
coadlercoadler
committed
chore: update git -> 2.43.4 and terraform -> 1.7.3
This fixes an RCE in git and gets us one minor version closer to fixing a critical Terraform vulnerability. In the next release we'll bump to 1.8.x.
1 parent a0fce36 commit 8250d18

File tree

3 files changed

+5
-5
lines changed

3 files changed

+5
-5
lines changed

install.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -250,7 +250,7 @@ EOF
250250
main() {
251251
MAINLINE=1
252252
STABLE=0
253-
TERRAFORM_VERSION="1.6.6"
253+
TERRAFORM_VERSION="1.7.4"
254254

255255
if [ "${TRACE-}" ]; then
256256
set -x

provisioner/terraform/install.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,10 +20,10 @@ var (
2020
// when Terraform is not available on the system.
2121
// NOTE: Keep this in sync with the version in scripts/Dockerfile.base.
2222
// NOTE: Keep this in sync with the version in install.sh.
23-
TerraformVersion = version.Must(version.NewVersion("1.6.6"))
23+
TerraformVersion = version.Must(version.NewVersion("1.7.4"))
2424

2525
minTerraformVersion = version.Must(version.NewVersion("1.1.0"))
26-
maxTerraformVersion = version.Must(version.NewVersion("1.6.9")) // use .9 to automatically allow patch releases
26+
maxTerraformVersion = version.Must(version.NewVersion("1.7.9")) // use .9 to automatically allow patch releases
2727

2828
terraformMinorVersionMismatch = xerrors.New("Terraform binary minor version mismatch.")
2929
)

scripts/Dockerfile.base

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ RUN apk add --no-cache \
1010
curl \
1111
wget \
1212
bash \
13-
git \
13+
git=2.43.4-r0 \
1414
openssl \
1515
openssh-client && \
1616
addgroup \
@@ -26,7 +26,7 @@ RUN apk add --no-cache \
2626
# Terraform was disabled in the edge repo due to a build issue.
2727
# https://gitlab.alpinelinux.org/alpine/aports/-/commit/f3e263d94cfac02d594bef83790c280e045eba35
2828
# Using wget for now. Note that busybox unzip doesn't support streaming.
29-
RUN ARCH="$(arch)"; if [ "${ARCH}" == "x86_64" ]; then ARCH="amd64"; elif [ "${ARCH}" == "aarch64" ]; then ARCH="arm64"; fi; wget -O /tmp/terraform.zip "https://releases.hashicorp.com/terraform/1.6.6/terraform_1.6.6_linux_${ARCH}.zip" && \
29+
RUN ARCH="$(arch)"; if [ "${ARCH}" == "x86_64" ]; then ARCH="amd64"; elif [ "${ARCH}" == "aarch64" ]; then ARCH="arm64"; fi; wget -O /tmp/terraform.zip "https://releases.hashicorp.com/terraform/1.7.4/terraform_1.7.4_linux_${ARCH}.zip" && \
3030
busybox unzip /tmp/terraform.zip -d /usr/local/bin && \
3131
rm -f /tmp/terraform.zip && \
3232
chmod +x /usr/local/bin/terraform && \

0 commit comments

Comments
 (0)