diff --git a/.ci/image/Dockerfile b/.ci/image/Dockerfile index 05536bfb..817ffaaa 100644 --- a/.ci/image/Dockerfile +++ b/.ci/image/Dockerfile @@ -1,13 +1,12 @@ ARG CLOUDFLARE_DOCKER_REGISTRY_HOST -FROM ${CLOUDFLARE_DOCKER_REGISTRY_HOST:-registry.cfdata.org}/stash/cf/debian-images/bookworm/main:2025.7.0@sha256:6350da2f7e728dae2c1420f6dafc38e23cacc0b399d3d5b2f40fe48d9c8ff1ca - +FROM ${CLOUDFLARE_DOCKER_REGISTRY_HOST:-registry.cfdata.org}/stash/cf/debian-images/trixie/main:2026.1.0@sha256:e32092fd01520f5ae7de1fa6bb5a721720900ebeaa48e98f36f6f86168833cd7 RUN apt-get update && \ apt-get upgrade -y && \ apt-get install --no-install-recommends --allow-downgrades -y \ build-essential \ git \ - go-boring=1.24.9-1 \ + go-boring=1.24.11-1 \ libffi-dev \ procps \ python3-dev \ diff --git a/.ci/linux.gitlab-ci.yml b/.ci/linux.gitlab-ci.yml index 92cfdc79..2f2430db 100644 --- a/.ci/linux.gitlab-ci.yml +++ b/.ci/linux.gitlab-ci.yml @@ -5,7 +5,7 @@ runner: linux-x86-8cpu-16gb stage: build golangVersion: "boring-1.24" - imageVersion: "3371-f5539bd6f83d@sha256:a2a68f580070f9411d0d3155959ed63b700ef319b5fcc62db340e92227bbc628" + imageVersion: "3393-947ec7a@sha256:f81acc2c8ecaa84acb290c43c080702ae3aba6464201a20f9d6eff619be7c878" CGO_ENABLED: 1 .default-packaging-job: &packaging-job-defaults diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index bfc88f37..1b81f6b3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - GO_VERSION: "go1.24.9" + GO_VERSION: "go1.24.11" GIT_DEPTH: "0" default: diff --git a/.vulnignore b/.vulnignore index f95addd3..21a56236 100644 --- a/.vulnignore +++ b/.vulnignore @@ -1,3 +1,4 @@ # Add vulnerability IDs (e.g., GO-2022-0450) to ignore, one per line. # You can also add comments on the same line after the ID. GO-2025-3942 # Ignore core-dns vulnerability since we will be removing the proxy-dns feature in the near future +GO-2026-4289 # Ignore core-dns vulnerability since we will be removing the proxy-dns feature in the near future diff --git a/Dockerfile b/Dockerfile index d861f82c..2cf735ab 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # use a builder image for building cloudflare ARG TARGET_GOOS ARG TARGET_GOARCH -FROM golang:1.24.9 AS builder +FROM golang:1.24.11 AS builder ENV GO111MODULE=on \ CGO_ENABLED=0 \ TARGET_GOOS=${TARGET_GOOS} \ @@ -20,7 +20,7 @@ COPY . . RUN make cloudflared # use a distroless base image with glibc -FROM gcr.io/distroless/base-debian12:nonroot +FROM gcr.io/distroless/base-debian13:nonroot LABEL org.opencontainers.image.source="https://github.com/cloudflare/cloudflared" diff --git a/Dockerfile.amd64 b/Dockerfile.amd64 index c28b5679..871d0e24 100644 --- a/Dockerfile.amd64 +++ b/Dockerfile.amd64 @@ -1,5 +1,5 @@ # use a builder image for building cloudflare -FROM golang:1.24.9 AS builder +FROM golang:1.24.11 AS builder ENV GO111MODULE=on \ CGO_ENABLED=0 \ # the CONTAINER_BUILD envvar is used set github.com/cloudflare/cloudflared/metrics.Runtime=virtual @@ -15,7 +15,7 @@ COPY . . RUN GOOS=linux GOARCH=amd64 make cloudflared # use a distroless base image with glibc -FROM gcr.io/distroless/base-debian12:nonroot +FROM gcr.io/distroless/base-debian13:nonroot LABEL org.opencontainers.image.source="https://github.com/cloudflare/cloudflared" diff --git a/Dockerfile.arm64 b/Dockerfile.arm64 index 79b3147f..6dba868c 100644 --- a/Dockerfile.arm64 +++ b/Dockerfile.arm64 @@ -1,5 +1,5 @@ # use a builder image for building cloudflare -FROM golang:1.24.9 AS builder +FROM golang:1.24.11 AS builder ENV GO111MODULE=on \ CGO_ENABLED=0 \ # the CONTAINER_BUILD envvar is used set github.com/cloudflare/cloudflared/metrics.Runtime=virtual @@ -15,7 +15,7 @@ COPY . . RUN GOOS=linux GOARCH=arm64 make cloudflared # use a distroless base image with glibc -FROM gcr.io/distroless/base-debian12:nonroot-arm64 +FROM gcr.io/distroless/base-debian13:nonroot-arm64 LABEL org.opencontainers.image.source="https://github.com/cloudflare/cloudflared"