Fix: upgrade package github.com/docker/cli for CVE-2021-41092 (#3216)

* Fix: upgrade package github.com/docker/cli for CVE-2021-41092 Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Chore: change go version to 1.17 Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Chore: change go mod Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Fix: change install cue shell Signed-off-by: barnettZQG <barnett.zqg@gmail.com>
2022-02-09 19:18:40 +08:00 · 2022-02-09 19:18:40 +08:00 · 17794e4ce1
parent 15418a6523
commit 17794e4ce1
20 changed files with 220 additions and 26 deletions
--- a/.github/workflows/apiserver-test.yaml
+++ b/.github/workflows/apiserver-test.yaml
@ -15,7 +15,7 @@ on:

 env:
  # Common versions
-  GO_VERSION: '1.16'
+  GO_VERSION: '1.17'
  GOLANGCI_VERSION: 'v1.38'
  KIND_VERSION: 'v0.7.0'

--- a/.github/workflows/e2e-multicluster-test.yml
+++ b/.github/workflows/e2e-multicluster-test.yml
@ -13,7 +13,7 @@ on:

 env:
  # Common versions
-  GO_VERSION: '1.16'
+  GO_VERSION: '1.17'
  GOLANGCI_VERSION: 'v1.38'
  KIND_VERSION: 'v0.7.0'

--- a/.github/workflows/e2e-rollout-test.yml
+++ b/.github/workflows/e2e-rollout-test.yml
@ -13,7 +13,7 @@ on:

 env:
  # Common versions
-  GO_VERSION: '1.16'
+  GO_VERSION: '1.17'
  GOLANGCI_VERSION: 'v1.38'
  KIND_VERSION: 'v0.7.0'

--- a/.github/workflows/e2e-test.yml
+++ b/.github/workflows/e2e-test.yml
@ -13,7 +13,7 @@ on:

 env:
  # Common versions
-  GO_VERSION: '1.16'
+  GO_VERSION: '1.17'
  GOLANGCI_VERSION: 'v1.38'
  KIND_VERSION: 'v0.7.0'

--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@ -13,7 +13,7 @@ on:

 env:
  # Common versions
-  GO_VERSION: '1.16'
+  GO_VERSION: '1.17'
  GOLANGCI_VERSION: 'v1.38'
  KIND_VERSION: 'v0.7.0'

--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -27,7 +27,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v2
        with:
-          go-version: 1.16
+          go-version: 1.17
      - name: Get release
        id: get_release
        uses: bruceadams/get-release@v1.2.2
--- a/.github/workflows/sync-api.yml
+++ b/.github/workflows/sync-api.yml
@ -11,10 +11,10 @@ jobs:
  sync-core-api:
    runs-on: ubuntu-20.04
    steps:
-      - name: Set up Go 1.16
+      - name: Set up Go 1.17
        uses: actions/setup-go@v1
        env:
-          GO_VERSION: '1.16'
+          GO_VERSION: '1.17'
          GOLANGCI_VERSION: 'v1.38'
        with:
          go-version: ${{ env.GO_VERSION }}
--- a/.github/workflows/unit-test.yml
+++ b/.github/workflows/unit-test.yml
@ -13,7 +13,7 @@ on:

 env:
  # Common versions
-  GO_VERSION: '1.16'
+  GO_VERSION: '1.17'
  GOLANGCI_VERSION: 'v1.38'
  KIND_VERSION: 'v0.7.0'

--- a/apis/core.oam.dev/common/zz_generated.deepcopy.go
+++ b/apis/core.oam.dev/common/zz_generated.deepcopy.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/apis/core.oam.dev/condition/zz_generated.deepcopy.go
+++ b/apis/core.oam.dev/condition/zz_generated.deepcopy.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/apis/core.oam.dev/v1alpha1/zz_generated.deepcopy.go
+++ b/apis/core.oam.dev/v1alpha1/zz_generated.deepcopy.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/apis/core.oam.dev/v1alpha2/zz_generated.deepcopy.go
+++ b/apis/core.oam.dev/v1alpha2/zz_generated.deepcopy.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/apis/core.oam.dev/v1beta1/zz_generated.deepcopy.go
+++ b/apis/core.oam.dev/v1beta1/zz_generated.deepcopy.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/apis/standard.oam.dev/v1alpha1/zz_generated.deepcopy.go
+++ b/apis/standard.oam.dev/v1alpha1/zz_generated.deepcopy.go
@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/contribute/developer-guide.md
+++ b/contribute/developer-guide.md
@ -4,7 +4,7 @@ This guide helps you get started developing KubeVela.

 ## Prerequisites

-1. Golang version 1.16+
+1. Golang version 1.17+
 2. Kubernetes version v1.18+ with `~/.kube/config` configured.
 3. ginkgo 1.14.0+ (just for [E2E test](./developer-guide.md#e2e-test))
 4. golangci-lint 1.38.0+, it will install automatically if you run `make`, you can [install it manually](https://golangci-lint.run/usage/install/#local-installation) if the installation is too slow.
@ -15,6 +15,7 @@ This guide helps you get started developing KubeVela.
  <summary>Install Kubebuilder manually</summary>

 linux:
+
 ```
 wget https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-1.21.2-linux-amd64.tar.gz
 tar -zxvf  kubebuilder-tools-1.21.2-linux-amd64.tar.gz
@ -23,6 +24,7 @@ sudo mv kubebuilder/bin/* /usr/local/kubebuilder/bin
 ```

 macOS:
+
 ```
 wget https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-1.21.2-darwin-amd64.tar.gz
 tar -zxvf  kubebuilder-tools-1.21.2-darwin-amd64.tar.gz
@ -31,13 +33,14 @@ sudo mv kubebuilder/bin/* /usr/local/kubebuilder/bin
 ```

 For other OS or system architecture, please refer to https://storage.googleapis.com/kubebuilder-tools/
+
 </details>

 You may also be interested with KubeVela's [design](https://github.com/oam-dev/kubevela/tree/master/design/vela-core) before diving into its code.

 ## Build

-* Clone this project
+- Clone this project

 ```shell script
 git clone git@github.com:oam-dev/kubevela.git
@ -50,7 +53,7 @@ KubeVela includes two parts, `vela core` and `vela cli`.

 For local development, we probably need to build both of them.

-* Build Vela CLI
+- Build Vela CLI

 ```shell script
 make
@ -58,7 +61,7 @@ make

 After the vela cli built successfully, `make` command will create `vela` binary to `bin/` under the project.

-* Configure `vela` binary to System PATH
+- Configure `vela` binary to System PATH

 ```shell script
 export PATH=$PATH:/your/path/to/project/kubevela/bin
@ -66,13 +69,13 @@ export PATH=$PATH:/your/path/to/project/kubevela/bin

 Then you can use `vela` command directly.

-* Build Vela Core
+- Build Vela Core

 ```shell script
 make manager
 ```

-* Run Vela Core
+- Run Vela Core

 Firstly make sure your cluster has CRDs, below is the command that can help install all CRDs.

@ -82,11 +85,13 @@ make core-install

 To ensure you have created vela-system namespace and install definitions of necessary module.
 you can run the command:
+
 ```shell script
 make def-install
 ```

 And then run locally:
+
 ```shell script
 make core-run
 ```
@ -182,8 +187,7 @@ mv ~/.kube/config.save  ~/.kube/config
 make e2e-apiserver-test
 ```

-
 ## Next steps

-* Read our [code conventions](coding-conventions.md)
-* Learn how to [Create a pull request](create-pull-request.md)
+- Read our [code conventions](coding-conventions.md)
+- Learn how to [Create a pull request](create-pull-request.md)
--- a/go.mod
+++ b/go.mod
@ -1,6 +1,6 @@
 module github.com/oam-dev/kubevela

-go 1.16
+go 1.17

 require (
 	cuelang.org/go v0.2.2
@ -90,7 +90,191 @@ require (
 	sigs.k8s.io/yaml v1.2.0
 )

+require (
+	cloud.google.com/go v0.81.0 // indirect
+	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
+	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
+	github.com/Azure/go-autorest/autorest v0.11.18 // indirect
+	github.com/Azure/go-autorest/autorest/adal v0.9.13 // indirect
+	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
+	github.com/Azure/go-autorest/logger v0.2.1 // indirect
+	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
+	github.com/BurntSushi/toml v0.3.1 // indirect
+	github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd // indirect
+	github.com/Masterminds/goutils v1.1.1 // indirect
+	github.com/Masterminds/semver v1.5.0 // indirect
+	github.com/Masterminds/semver/v3 v3.1.1 // indirect
+	github.com/Masterminds/sprig v2.22.0+incompatible // indirect
+	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
+	github.com/Masterminds/squirrel v1.5.0 // indirect
+	github.com/Microsoft/go-winio v0.4.16 // indirect
+	github.com/Microsoft/hcsshim v0.8.14 // indirect
+	github.com/PuerkitoBio/purell v1.1.1 // indirect
+	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
+	github.com/agext/levenshtein v1.2.2 // indirect
+	github.com/alessio/shellescape v1.2.2 // indirect
+	github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68 // indirect
+	github.com/alibabacloud-go/endpoint-util v1.1.0 // indirect
+	github.com/alibabacloud-go/openapi-util v0.0.7 // indirect
+	github.com/alibabacloud-go/tea-utils v1.3.9 // indirect
+	github.com/aliyun/credentials-go v1.1.2 // indirect
+	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
+	github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect
+	github.com/aws/aws-sdk-go v1.36.30 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/blang/semver v3.5.1+incompatible // indirect
+	github.com/cespare/xxhash/v2 v2.1.1 // indirect
+	github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5 // indirect
+	github.com/cockroachdb/apd/v2 v2.0.1 // indirect
+	github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59 // indirect
+	github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect
+	github.com/creack/pty v1.1.11 // indirect
+	github.com/cyphar/filepath-securejoin v0.2.2 // indirect
+	github.com/deislabs/oras v0.11.1 // indirect
+	github.com/docker/cli v20.10.5+incompatible // indirect
+	github.com/docker/distribution v2.7.1+incompatible // indirect
+	github.com/docker/docker v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible // indirect
+	github.com/docker/docker-credential-helpers v0.6.3 // indirect
+	github.com/docker/go-connections v0.4.0 // indirect
+	github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916 // indirect
+	github.com/docker/go-units v0.4.0 // indirect
+	github.com/emicklei/go-restful v2.9.5+incompatible // indirect
+	github.com/emicklei/proto v1.6.15 // indirect
+	github.com/emirpasic/gods v1.12.0 // indirect
+	github.com/evanphx/json-patch/v5 v5.1.0 // indirect
+	github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
+	github.com/fatih/camelcase v1.0.0 // indirect
+	github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect
+	github.com/ghodss/yaml v1.0.0 // indirect
+	github.com/go-errors/errors v1.0.1 // indirect
+	github.com/go-logr/zapr v0.4.0 // indirect
+	github.com/go-openapi/jsonpointer v0.19.5 // indirect
+	github.com/go-openapi/jsonreference v0.19.5 // indirect
+	github.com/go-openapi/swag v0.19.14 // indirect
+	github.com/go-playground/locales v0.14.0 // indirect
+	github.com/go-playground/universal-translator v0.18.0 // indirect
+	github.com/go-stack/stack v1.8.0 // indirect
+	github.com/gobuffalo/flect v0.2.3 // indirect
+	github.com/gobwas/glob v0.2.3 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/golang/snappy v0.0.1 // indirect
+	github.com/google/btree v1.0.1 // indirect
+	github.com/google/go-querystring v1.0.0 // indirect
+	github.com/google/gofuzz v1.1.0 // indirect
+	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
+	github.com/googleapis/gnostic v0.5.5 // indirect
+	github.com/gorilla/mux v1.8.0 // indirect
+	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/huandu/xstrings v1.3.2 // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/jmoiron/sqlx v1.3.1 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.11 // indirect
+	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
+	github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 // indirect
+	github.com/klauspost/compress v1.11.0 // indirect
+	github.com/kr/pretty v0.3.0 // indirect
+	github.com/kr/pty v1.1.8 // indirect
+	github.com/kr/text v0.2.0 // indirect
+	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
+	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
+	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/lib/pq v1.10.0 // indirect
+	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
+	github.com/mailru/easyjson v0.7.6 // indirect
+	github.com/mattn/go-colorable v0.1.8 // indirect
+	github.com/mattn/go-isatty v0.0.12 // indirect
+	github.com/mattn/go-runewidth v0.0.9 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
+	github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect
+	github.com/mitchellh/copystructure v1.2.0 // indirect
+	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/mitchellh/go-wordwrap v1.0.0 // indirect
+	github.com/mitchellh/reflectwalk v1.0.2 // indirect
+	github.com/moby/spdystream v0.2.0 // indirect
+	github.com/moby/term v0.0.0-20210610120745-9d4ed1856297 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.1 // indirect
+	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
+	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/mpvl/unique v0.0.0-20150818121801-cbe035fff7de // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
+	github.com/nxadm/tail v1.4.8 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/pelletier/go-toml v1.9.3 // indirect
+	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/prometheus/client_model v0.2.0 // indirect
+	github.com/prometheus/common v0.26.0 // indirect
+	github.com/prometheus/procfs v0.6.0 // indirect
+	github.com/rogpeppe/go-internal v1.8.0 // indirect
+	github.com/rubenv/sql-migrate v0.0.0-20200616145509-8d140a17f351 // indirect
+	github.com/russross/blackfriday v1.5.2 // indirect
+	github.com/russross/blackfriday/v2 v2.0.1 // indirect
+	github.com/sergi/go-diff v1.1.0 // indirect
+	github.com/shopspring/decimal v1.2.0 // indirect
+	github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
+	github.com/spf13/afero v1.6.0 // indirect
+	github.com/spf13/cast v1.3.1 // indirect
+	github.com/src-d/gcfg v1.4.0 // indirect
+	github.com/tidwall/match v1.1.1 // indirect
+	github.com/tidwall/pretty v1.2.0 // indirect
+	github.com/tjfoc/gmsm v1.3.2 // indirect
+	github.com/xanzy/ssh-agent v0.3.0 // indirect
+	github.com/xdg-go/pbkdf2 v1.0.0 // indirect
+	github.com/xdg-go/scram v1.0.2 // indirect
+	github.com/xdg-go/stringprep v1.0.2 // indirect
+	github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
+	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
+	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
+	github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca // indirect
+	github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d // indirect
+	github.com/zclconf/go-cty v1.8.0 // indirect
+	go.opencensus.io v0.23.0 // indirect
+	go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
+	go.uber.org/atomic v1.7.0 // indirect
+	go.uber.org/multierr v1.6.0 // indirect
+	golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 // indirect
+	golang.org/x/mod v0.4.2 // indirect
+	golang.org/x/net v0.0.0-20211029224645-99673261e6eb // indirect
+	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
+	golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b // indirect
+	golang.org/x/text v0.3.6 // indirect
+	golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
+	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c // indirect
+	google.golang.org/grpc v1.38.0 // indirect
+	google.golang.org/protobuf v1.26.0 // indirect
+	gopkg.in/gorp.v1 v1.7.2 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/ini.v1 v1.62.0 // indirect
+	gopkg.in/src-d/go-billy.v4 v4.3.2 // indirect
+	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
+	gopkg.in/warnings.v0 v0.1.2 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	istio.io/api v0.0.0-20210128181506-0c4b8e54850f // indirect
+	istio.io/gogo-genproto v0.0.0-20190930162913-45029607206a // indirect
+	k8s.io/apiserver v0.22.1 // indirect
+	k8s.io/component-base v0.22.1 // indirect
+	sigs.k8s.io/apiserver-network-proxy v0.0.24 // indirect
+	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.24 // indirect
+	sigs.k8s.io/apiserver-runtime v1.0.3-0.20210913073608-0663f60bfee2 // indirect
+	sigs.k8s.io/kustomize/api v0.8.5 // indirect
+	sigs.k8s.io/kustomize/kyaml v0.10.15 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.1.2 // indirect
+)
+
 replace (
+	github.com/docker/cli => github.com/docker/cli v20.10.9+incompatible
 	github.com/docker/docker => github.com/moby/moby v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible
 	github.com/wercker/stern => github.com/oam-dev/stern v1.13.2
 	sigs.k8s.io/apiserver-network-proxy/konnectivity-client => sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.24
--- a/go.sum
+++ b/go.sum
@ -406,8 +406,8 @@ github.com/dgryski/go-bitstream v0.0.0-20180413035011-3522498ce2c8/go.mod h1:VMa
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/dgryski/go-sip13 v0.0.0-20190329191031-25c5027a8c7b/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
-github.com/docker/cli v20.10.5+incompatible h1:bjflayQbWg+xOkF2WPEAOi4Y7zWhR7ptoPhV/VqLVDE=
-github.com/docker/cli v20.10.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v20.10.9+incompatible h1:OJ7YkwQA+k2Oi51lmCojpjiygKpi76P7bg91b2eJxYU=
+github.com/docker/cli v20.10.9+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v0.0.0-20191216044856-a8371794149d/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY=
 github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug=
 github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
--- a/makefiles/dependency.mk
+++ b/makefiles/dependency.mk
@ -37,7 +37,7 @@ goimports:
 ifeq (, $(shell which goimports))
 	@{ \
 	set -e ;\
-	GO111MODULE=off go get -u golang.org/x/tools/cmd/goimports ;\
+	go install golang.org/x/tools/cmd/goimports@latest ;\
 	}
 GOIMPORTS=$(GOBIN)/goimports
 else
@ -49,7 +49,7 @@ installcue:
 ifeq (, $(shell which cue))
 	@{ \
 	set -e ;\
-	GO111MODULE=off go get -u cuelang.org/go/cmd/cue ;\
+	go install cuelang.org/go/cmd/cue@latest ;\
 	}
 CUE=$(GOBIN)/cue
 else
--- a/runtime/rollout/Dockerfile
+++ b/runtime/rollout/Dockerfile
@ -1,5 +1,5 @@
 # Build the manager binary
-FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.16-alpine as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.17-alpine as builder

 WORKDIR /workspace
 # Copy the Go Modules manifests
--- a/runtime/rollout/e2e/Dockerfile.e2e
+++ b/runtime/rollout/e2e/Dockerfile.e2e
@ -1,5 +1,5 @@
 # Build the manager binary
-FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.16-alpine as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.17-alpine as builder

 WORKDIR /workspace
 # Copy the Go Modules manifests