Update the fluent-bit plugins and telegraf to version 1.27.3 (#1107)

* Update the fluent-bit-packages for CVEs reported by fedramp * update telegraf to version 1.27.3 * Update the trivyignore --------- Co-authored-by: Janvi Jatakia (from Dev Box) <[email protected]>
microsoft · Nov 1, 2023 · 3f6b383 · 3f6b383
1 parent 4b4730b
commit 3f6b383
Show file tree

Hide file tree

Showing 4 changed files with 1,399 additions and 99 deletions.
diff --git a/.trivyignore b/.trivyignore
@@ -1,13 +1,13 @@
 #telegraf MEDIUM
-GHSA-2w8w-qhg4-f78j
-GHSA-fr2g-9hjm-wr23
-CVE-2023-39325
+CVE-2023-39325 #same as CVE-2023-44487
 CVE-2023-3978
-CVE-2023-44487
+CVE-2023-44487 #false positive according to Mariner team
 GHSA-jq35-85cj-fj4p
 
 #telegraf HIGH
 GHSA-m425-mq94-257g
+CVE-2023-46129
+CVE-2023-47090 
 
 # ruby HIGH
 CVE-2017-10784
diff --git a/kubernetes/linux/setup.sh b/kubernetes/linux/setup.sh
@@ -61,7 +61,7 @@ sudo tdnf install jq-1.6-1.cm2 -y
 #used to setcaps for ruby process to read /proc/env
 sudo tdnf install libcap -y
 
-sudo tdnf install telegraf-1.27.2 -y
+sudo tdnf install telegraf-1.27.3 -y
 telegraf_version=$(sudo tdnf list installed | grep telegraf | awk '{print $2}')
 echo "telegraf $telegraf_version" >> packages_version.txt
 mv /usr/bin/telegraf /opt/telegraf

diff --git a/source/plugins/go/src/go.mod b/source/plugins/go/src/go.mod
@@ -9,16 +9,25 @@ require (
 	github.com/Azure/go-autorest/autorest/azure/auth v0.5.12
 	github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect
 	github.com/Microsoft/go-winio v0.5.2
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/fluent/fluent-bit-go v0.0.0-20171103221316-c4a158a6e3a7
+	github.com/go-logr/logr v1.3.0 // indirect
+	github.com/go-openapi/jsonpointer v0.20.0 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
-	github.com/golang/mock v1.4.1
-	github.com/google/uuid v1.3.0
+	github.com/golang/mock v1.6.0
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/uuid v1.4.0
 	github.com/microsoft/ApplicationInsights-Go v0.4.4
 	github.com/tinylib/msgp v1.1.8
 	github.com/ugorji/go v1.1.2-0.20180813092308-00b869d2f4a5
-	golang.org/x/crypto v0.7.0 // indirect
+	golang.org/x/oauth2 v0.13.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0-20170531160350-a96e63847dc3
-	k8s.io/api v0.21.0
-	k8s.io/apimachinery v0.21.0
-	k8s.io/client-go v0.21.0
+	k8s.io/api v0.28.3
+	k8s.io/apimachinery v0.28.3
+	k8s.io/client-go v0.28.3
+	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
+	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
 )