From 321459ec515352b5bee6155bd432710fa9fdb673 Mon Sep 17 00:00:00 2001 From: Piotr Grabowski Date: Fri, 17 Nov 2023 11:36:46 +0100 Subject: [PATCH] install-dependencies.sh: update node_exporter to 1.7.0 Update node_exporter to 1.7.0. The previous version (1.6.1) was flagged by security scanners (such as Trivy) with HIGH-severity CVE-2023-39325. 1.7.0 release fixed that problem. [Botond: regenerate frozen toolchain] Fixes #16085 Closes scylladb/scylladb#16086 Closes scylladb/scylladb#16090 --- install-dependencies.sh | 8 ++++---- tools/toolchain/image | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/install-dependencies.sh b/install-dependencies.sh index b33ab43ea6..28dad30d80 100755 --- a/install-dependencies.sh +++ b/install-dependencies.sh @@ -187,11 +187,11 @@ go_arch() { echo ${GO_ARCH["$(arch)"]} } -NODE_EXPORTER_VERSION=1.6.1 +NODE_EXPORTER_VERSION=1.7.0 declare -A NODE_EXPORTER_CHECKSUM=( - ["x86_64"]=ecc41b3b4d53f7b9c16a370419a25a133e48c09dfc49499d63bcc0c5e0cf3d01 - ["aarch64"]=f99ea62cec600bca5c926d300522d7a3bb797592d70dc1bcdc20b57811f1d439 - ["s390x"]=3c2d3b8f4da2adda2897195257fc5a633795811893ac11208f525bfb75402734 + ["x86_64"]=a550cd5c05f760b7934a2d0afad66d2e92e681482f5f57a917465b1fba3b02a6 + ["aarch64"]=e386c7b53bc130eaf5e74da28efc6b444857b77df8070537be52678aefd34d96 + ["s390x"]=aeda68884918f10b135b76bbcd4977cb7a1bb3c4c98a8551f8d2183bafdd9264 ) NODE_EXPORTER_DIR=/opt/scylladb/dependencies diff --git a/tools/toolchain/image b/tools/toolchain/image index adc19e5bee..a4e2d12026 100644 --- a/tools/toolchain/image +++ b/tools/toolchain/image @@ -1 +1 @@ -docker.io/scylladb/scylla-toolchain:fedora-38-20231101 +docker.io/scylladb/scylla-toolchain:fedora-38-20231117