Security vulns (#762)

## What
<!-- What is changing in this PR? -->

## Why
<!-- Why are these changes being made? -->

## Notes
<!-- Add any additional notes here -->

Author: dmaizel

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.22.5-alpine3.20 as base
+FROM golang:1.23.3-alpine3.20 as base
 
 WORKDIR /go/src/github.com/codefresh-io/cli-v2
 
@@ -27,7 +27,7 @@ RUN go mod verify
 
 ############################### CLI ###############################
 ### Compile
-FROM golang:1.22.5-alpine3.20 as codefresh-build
+FROM golang:1.23.3-alpine3.20 as codefresh-build
 
 WORKDIR /go/src/github.com/codefresh-io/cli-v2
 

Makefile

@@ -1,4 +1,4 @@
-VERSION=v0.1.67
+VERSION=v0.1.68
 
 OUT_DIR=dist
 YEAR?=$(shell date +"%Y")
@@ -176,4 +176,4 @@ $(GOBIN)/mockgen:
 $(GOBIN)/golangci-lint:
 	@mkdir dist || true
 	@echo installing: golangci-lint
-	@curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOBIN) v1.55.2
+	@curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOBIN) v1.62.2

cmd/commands/cluster.go

@@ -329,9 +329,9 @@ func createAddClusterManifests(opts *ClusterAddOptions, ingressUrl, server, csdp
 					Behavior:  "merge",
 					KvPairSources: kusttypes.KvPairSources{
 						LiteralSources: []string{
-							fmt.Sprintf("ingressUrl=" + ingressUrl),
-							fmt.Sprintf("contextName=" + opts.clusterName),
-							fmt.Sprintf("server=" + server),
+							fmt.Sprint("ingressUrl=" + ingressUrl),
+							fmt.Sprint("contextName=" + opts.clusterName),
+							fmt.Sprint("server=" + server),
 							fmt.Sprintf("skipTLSValidation=%v", opts.skipTLSValidation),
 						},
 					},
@@ -346,7 +346,7 @@ func createAddClusterManifests(opts *ClusterAddOptions, ingressUrl, server, csdp
 					Behavior:  "merge",
 					KvPairSources: kusttypes.KvPairSources{
 						LiteralSources: []string{
-							fmt.Sprintf("csdpToken=" + csdpToken),
+							fmt.Sprint("csdpToken=" + csdpToken),
 						},
 					},
 				},
@@ -401,7 +401,7 @@ func createAddClusterManifests(opts *ClusterAddOptions, ingressUrl, server, csdp
 			return nil, "", fmt.Errorf("failed encoding annotations: %w", err)
 		}
 
-		k.ConfigMapGenerator[0].KvPairSources.LiteralSources = append(k.ConfigMapGenerator[0].KvPairSources.LiteralSources, fmt.Sprintf("annotations="+annotationsStr))
+		k.ConfigMapGenerator[0].KvPairSources.LiteralSources = append(k.ConfigMapGenerator[0].KvPairSources.LiteralSources, fmt.Sprint("annotations="+annotationsStr))
 	}
 
 	if len(opts.labels) > 0 {
@@ -410,7 +410,7 @@ func createAddClusterManifests(opts *ClusterAddOptions, ingressUrl, server, csdp
 			return nil, "", fmt.Errorf("failed encoding labels: %w", err)
 		}
 
-		k.ConfigMapGenerator[0].KvPairSources.LiteralSources = append(k.ConfigMapGenerator[0].KvPairSources.LiteralSources, fmt.Sprintf("labels="+labelsStr))
+		k.ConfigMapGenerator[0].KvPairSources.LiteralSources = append(k.ConfigMapGenerator[0].KvPairSources.LiteralSources, fmt.Sprint("labels="+labelsStr))
 	}
 
 	if opts.tag != "" {
@@ -422,9 +422,6 @@ func createAddClusterManifests(opts *ClusterAddOptions, ingressUrl, server, csdp
 		}
 	}
 
-	k.FixKustomizationPostUnmarshalling()
-	util.Die(k.FixKustomizationPreMarshalling())
-
 	manifests, err := kustutil.BuildKustomization(k)
 	if err != nil {
 		return nil, "", fmt.Errorf("failed to build kustomization: %w", err)

cmd/commands/config.go

@@ -222,7 +222,7 @@ func newConfigGetRuntimeCommand() *cobra.Command {
 func runConfigGetRuntime(ctx context.Context) error {
 	cur := cfConfig.GetCurrentContext()
 	if cur.DefaultRuntime == "" {
-		return fmt.Errorf(util.Doc("no default runtime is set for current context, use '<BIN> config set-runtime' to set one"))
+		return errors.New(util.Doc("no default runtime is set for current context, use '<BIN> config set-runtime' to set one"))
 	}
 
 	log.G(ctx).Infof("default runtime set to: %s", cur.DefaultRuntime)

cmd/commands/runtime.go

@@ -596,7 +596,7 @@ func runRuntimeUninstall(ctx context.Context, opts *RuntimeUninstallOptions) err
 		if err != nil {
 			errorMsg := fmt.Sprintf("failed to do post uninstall cleanup: %v", err)
 			if !opts.Force {
-				return fmt.Errorf(errorMsg)
+				return errors.New(errorMsg)
 			}
 			log.G().Warn(errorMsg)
 		}

docs/releases/release_notes.md

@@ -23,7 +23,7 @@ cf version
 
 ```bash
 # download and extract the binary
-curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/v0.1.63/cf-linux-amd64.tar.gz | tar zx
+curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/v0.1.68/cf-linux-amd64.tar.gz | tar zx
 
 # move the binary to your $PATH
 mv ./cf-linux-amd64 /usr/local/bin/cf
@@ -36,7 +36,7 @@ cf version
 
 ```bash
 # download and extract the binary
-curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/v0.1.63/cf-darwin-amd64.tar.gz | tar zx
+curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/v0.1.68/cf-darwin-amd64.tar.gz | tar zx
 
 # move the binary to your $PATH
 mv ./cf-darwin-amd64 /usr/local/bin/cf