Updated go version for security fixes (#29)

.drone.yml

@@ -4,7 +4,7 @@ name: default
 
 steps:
 - name: build
-  image: golang
+  image: golang:1.17.2
   commands:
   - go test ./...
   - sh scripts/build.sh

cmd/kaniko-docker/main.go

@@ -20,8 +20,9 @@ const (
 	dockerPath       string = "/kaniko/.docker"
 	dockerConfigPath string = "/kaniko/.docker/config.json"
 
-	v1Registry string = "https://index.docker.io/v1/" // Default registry
+	v1RegistryURL    string = "https://index.docker.io/v1/" // Default registry
-	v2Registry string = "https://index.docker.io/v2/" // v2 registry is not supported
+	v2RegistryURL    string = "https://index.docker.io/v2/" // v2 registry is not supported
+	v2HubRegistryURL string = "https://registry.hub.docker.com/v2/"
 
 	defaultDigestFile string = "/kaniko/digest-file"
 )
@@ -86,7 +87,7 @@ func main() {
 		cli.StringFlag{
 			Name:   "registry",
 			Usage:  "docker registry",
-			Value:  v1Registry,
+			Value:  v1RegistryURL,
 			EnvVar: "PLUGIN_REGISTRY",
 		},
 		cli.StringFlag{
@@ -198,10 +199,10 @@ func createDockerCfgFile(username, password, registry string) error {
 		return fmt.Errorf("Registry must be specified")
 	}
 
-	if registry == v2Registry {
+	if registry == v2RegistryURL || registry == v2HubRegistryURL {
 		fmt.Println("Docker v2 registry is not supported in kaniko. Refer issue: https://github.com/GoogleContainerTools/kaniko/issues/1209")
-		fmt.Printf("Using v1 registry instead: %s\n", v1Registry)
+		fmt.Printf("Using v1 registry instead: %s\n", v1RegistryURL)
-		registry = v1Registry
+		registry = v1RegistryURL
 	}
 
 	err := os.MkdirAll(dockerPath, 0600)

go.mod

@@ -12,4 +12,20 @@ require (
 	github.com/urfave/cli v1.22.2
 )
 
-go 1.13
+require (
+	github.com/aws/aws-sdk-go-v2/credentials v1.3.3 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.4.1 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.2.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.2.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.3.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.6.2 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/konsorten/go-windows-terminal-sequences v1.0.1 // indirect
+	github.com/russross/blackfriday/v2 v2.0.1 // indirect
+	github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
+	golang.org/x/crypto v0.0.0-20180904163835-0709b304e793 // indirect
+	golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33 // indirect
+)
+
+go 1.17

go.sum

@@ -59,7 +59,6 @@ golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33 h1:I6FyU15t786LL7oL/hn43zqTu
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=