Upgrade to Alpine Linux 3.18, Node 20, Go 1.20, PHP 8.1 and Ruby 3.2
What does this MR do?
As part of the security reaction rotation, I'm opening this MR to update
the base image for the gemnasium
and sbomgen-golang
images. In addition,
this updates the Go runtime to version 1.20 from 1.17 and 1.18. This does two
things:
- It bumps the versions so that they use a maintained version
- It adds a new feature that helps the implementation of !538 (merged). Specifically, for efficiency purposes, the MR requires the ability to use the
-json
flag when runninggo list
. This feature is only available in Go 1.19 and newer.
Lastly, I've removed the pinning on previous versions of Ruby and PHP that were no longer compatible with the newer versions of Alpine. This should improve our security posture, and get us the latest improvements and security fixes as well.
What are the relevant issue numbers?
N/A
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Oscar Tovar