From bddbd900321ea73028c4d4754ed33453702e2fba Mon Sep 17 00:00:00 2001
From: vinayakharness2026 <vinayak.bhardwaj@harness.io>
Date: Thu, 18 Jun 2026 22:05:06 +0530
Subject: [PATCH] fix: remediate vulnerabilities in plugins/kaniko - upgrade
 kaniko-executor base to 1.25.15 and x/crypto to v0.43.0 (#169)

---
 docker/acr/Dockerfile.linux.amd64    |  4 ++--
 docker/acr/Dockerfile.linux.arm64    |  4 ++--
 docker/docker/Dockerfile.linux.amd64 |  4 ++--
 docker/docker/Dockerfile.linux.arm64 |  4 ++--
 docker/ecr/Dockerfile.linux.amd64    |  4 ++--
 docker/ecr/Dockerfile.linux.arm64    |  4 ++--
 docker/gar/Dockerfile.linux.amd64    |  4 ++--
 docker/gar/Dockerfile.linux.arm64    |  4 ++--
 docker/gcr/Dockerfile.linux.amd64    |  4 ++--
 docker/gcr/Dockerfile.linux.arm64    |  4 ++--
 go.mod                               | 12 ++++++------
 go.sum                               | 24 ++++++++++++------------
 12 files changed, 38 insertions(+), 38 deletions(-)

diff --git a/docker/acr/Dockerfile.linux.amd64 b/docker/acr/Dockerfile.linux.amd64
index 7efbaa4..aaae4fd 100644
--- a/docker/acr/Dockerfile.linux.amd64
+++ b/docker/acr/Dockerfile.linux.amd64
@@ -1,5 +1,5 @@
-FROM harnesscommunity/kaniko-executor:1.25.0-linux-amd64
+FROM harnesscommunity/kaniko-executor:1.25.15-linux-amd64
 
-ENV KANIKO_VERSION=1.25.0
+ENV KANIKO_VERSION=1.25.15
 ADD release/linux/amd64/kaniko-acr /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-acr"]
diff --git a/docker/acr/Dockerfile.linux.arm64 b/docker/acr/Dockerfile.linux.arm64
index f4cf74e..5f9e8f8 100644
--- a/docker/acr/Dockerfile.linux.arm64
+++ b/docker/acr/Dockerfile.linux.arm64
@@ -1,8 +1,8 @@
-FROM harnesscommunity/kaniko-executor:1.25.0-linux-arm64
+FROM harnesscommunity/kaniko-executor:1.25.15-linux-arm64
 
 ENV HOME /root
 ENV USER root
 
-ENV KANIKO_VERSION=1.25.0
+ENV KANIKO_VERSION=1.25.15
 ADD release/linux/arm64/kaniko-acr /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-acr"]
diff --git a/docker/docker/Dockerfile.linux.amd64 b/docker/docker/Dockerfile.linux.amd64
index a57b285..fef939b 100644
--- a/docker/docker/Dockerfile.linux.amd64
+++ b/docker/docker/Dockerfile.linux.amd64
@@ -1,5 +1,5 @@
-FROM harnesscommunity/kaniko-executor:1.25.0-linux-amd64
+FROM harnesscommunity/kaniko-executor:1.25.15-linux-amd64
 
-ENV KANIKO_VERSION=1.25.0
+ENV KANIKO_VERSION=1.25.15
 ADD release/linux/amd64/kaniko-docker /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-docker"]
diff --git a/docker/docker/Dockerfile.linux.arm64 b/docker/docker/Dockerfile.linux.arm64
index 8b77328..f0972b2 100644
--- a/docker/docker/Dockerfile.linux.arm64
+++ b/docker/docker/Dockerfile.linux.arm64
@@ -1,8 +1,8 @@
-FROM harnesscommunity/kaniko-executor:1.25.0-linux-arm64
+FROM harnesscommunity/kaniko-executor:1.25.15-linux-arm64
 
 ENV HOME /root
 ENV USER root
 
-ENV KANIKO_VERSION=1.25.0
+ENV KANIKO_VERSION=1.25.15
 ADD release/linux/arm64/kaniko-docker /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-docker"]
diff --git a/docker/ecr/Dockerfile.linux.amd64 b/docker/ecr/Dockerfile.linux.amd64
index 531c67e..a0249e5 100644
--- a/docker/ecr/Dockerfile.linux.amd64
+++ b/docker/ecr/Dockerfile.linux.amd64
@@ -1,5 +1,5 @@
-FROM harnesscommunity/kaniko-executor:1.25.0-linux-amd64
+FROM harnesscommunity/kaniko-executor:1.25.15-linux-amd64
 
-ENV KANIKO_VERSION=1.25.0
+ENV KANIKO_VERSION=1.25.15
 ADD release/linux/amd64/kaniko-ecr /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-ecr"]
diff --git a/docker/ecr/Dockerfile.linux.arm64 b/docker/ecr/Dockerfile.linux.arm64
index 5355c56..533bd21 100644
--- a/docker/ecr/Dockerfile.linux.arm64
+++ b/docker/ecr/Dockerfile.linux.arm64
@@ -1,8 +1,8 @@
-FROM harnesscommunity/kaniko-executor:1.25.0-linux-arm64
+FROM harnesscommunity/kaniko-executor:1.25.15-linux-arm64
 
 ENV HOME /root
 ENV USER root
-ENV KANIKO_VERSION=1.25.0
+ENV KANIKO_VERSION=1.25.15
 
 ADD release/linux/arm64/kaniko-ecr /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-ecr"]
diff --git a/docker/gar/Dockerfile.linux.amd64 b/docker/gar/Dockerfile.linux.amd64
index a32507a..086226b 100644
--- a/docker/gar/Dockerfile.linux.amd64
+++ b/docker/gar/Dockerfile.linux.amd64
@@ -1,5 +1,5 @@
-FROM harnesscommunity/kaniko-executor:1.25.0-linux-amd64
+FROM harnesscommunity/kaniko-executor:1.25.15-linux-amd64
 
-ENV KANIKO_VERSION=1.25.0
+ENV KANIKO_VERSION=1.25.15
 ADD release/linux/amd64/kaniko-gar /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-gar"]
diff --git a/docker/gar/Dockerfile.linux.arm64 b/docker/gar/Dockerfile.linux.arm64
index 39a954a..025642c 100644
--- a/docker/gar/Dockerfile.linux.arm64
+++ b/docker/gar/Dockerfile.linux.arm64
@@ -1,8 +1,8 @@
-FROM harnesscommunity/kaniko-executor:1.25.0-linux-arm64
+FROM harnesscommunity/kaniko-executor:1.25.15-linux-arm64
 
 ENV HOME /root
 ENV USER root
-ENV KANIKO_VERSION=1.25.0
+ENV KANIKO_VERSION=1.25.15
 
 ADD release/linux/arm64/kaniko-gar /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-gar"]
diff --git a/docker/gcr/Dockerfile.linux.amd64 b/docker/gcr/Dockerfile.linux.amd64
index cf39003..009461c 100644
--- a/docker/gcr/Dockerfile.linux.amd64
+++ b/docker/gcr/Dockerfile.linux.amd64
@@ -1,5 +1,5 @@
-FROM harnesscommunity/kaniko-executor:1.25.0-linux-amd64
+FROM harnesscommunity/kaniko-executor:1.25.15-linux-amd64
 
-ENV KANIKO_VERSION=1.23.2
+ENV KANIKO_VERSION=1.25.15
 ADD release/linux/amd64/kaniko-gcr /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-gcr"]
diff --git a/docker/gcr/Dockerfile.linux.arm64 b/docker/gcr/Dockerfile.linux.arm64
index 70a7f1f..dfaa0bb 100644
--- a/docker/gcr/Dockerfile.linux.arm64
+++ b/docker/gcr/Dockerfile.linux.arm64
@@ -1,8 +1,8 @@
-FROM harnesscommunity/kaniko-executor:1.25.0-linux-arm64
+FROM harnesscommunity/kaniko-executor:1.25.15-linux-arm64
 
 ENV HOME /root
 ENV USER root
-ENV KANIKO_VERSION=1.23.2
+ENV KANIKO_VERSION=1.25.15
 
 ADD release/linux/arm64/kaniko-gcr /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-gcr"]
diff --git a/go.mod b/go.mod
index a2b1b4d..64d5456 100644
--- a/go.mod
+++ b/go.mod
@@ -18,7 +18,7 @@ require (
 	github.com/sirupsen/logrus v1.9.3
 	github.com/stretchr/testify v1.11.1
 	github.com/urfave/cli v1.22.15
-	golang.org/x/mod v0.26.0
+	golang.org/x/mod v0.28.0
 )
 
 require (
@@ -50,11 +50,11 @@ require (
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/vbatts/tar-split v0.11.6 // indirect
-	golang.org/x/crypto v0.41.0 // indirect
-	golang.org/x/net v0.43.0 // indirect
-	golang.org/x/sync v0.16.0 // indirect
-	golang.org/x/sys v0.35.0 // indirect
-	golang.org/x/text v0.28.0 // indirect
+	golang.org/x/crypto v0.43.0 // indirect
+	golang.org/x/net v0.45.0 // indirect
+	golang.org/x/sync v0.17.0 // indirect
+	golang.org/x/sys v0.37.0 // indirect
+	golang.org/x/text v0.30.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
diff --git a/go.sum b/go.sum
index ec2e895..41c4681 100644
--- a/go.sum
+++ b/go.sum
@@ -115,25 +115,25 @@ github.com/urfave/cli v1.22.15 h1:nuqt+pdC/KqswQKhETJjo7pvn/k4xMUxgW6liI7XpnM=
 github.com/urfave/cli v1.22.15/go.mod h1:wSan1hmo5zeyLGBjRJbzRTNk8gwoYa2B9n4q9dmRIc0=
 github.com/vbatts/tar-split v0.11.6 h1:4SjTW5+PU11n6fZenf2IPoV8/tz3AaYHMWjf23envGs=
 github.com/vbatts/tar-split v0.11.6/go.mod h1:dqKNtesIOr2j2Qv3W/cHjnvk9I8+G7oAkFDFN6TCBEI=
-golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
-golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
-golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg=
-golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ=
+golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04=
+golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0=
+golang.org/x/mod v0.28.0 h1:gQBtGhjxykdjY9YhZpSlZIsbnaE2+PgjfLWUQTnoZ1U=
+golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
-golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
-golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
-golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/net v0.45.0 h1:RLBg5JKixCy82FtLJpeNlVM0nrSqpCRYzVU1n8kj0tM=
+golang.org/x/net v0.45.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
+golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
+golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
-golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ=
+golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng=
-golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
+golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k=
+golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=