Updates the Go toolchain, application dependencies, and OS-level packages

chujchen · chujchen · commit c522e25da71d · 2026-03-25T23:35:54.000Z
to resolve multiple security vulnerabilities identified in remediation Key changes: - Bumps Go builder stage to 1.24.13 to fix standard library and toolchain CVEs (e.g., CVE-2025-68121, CVE-2025-61732). - Switches to bullseye base image to ensure GLIBC compatibility between the builder and the Ollama runner stage. - Adds 'apt-get upgrade' to the runner stage to install the latest Ubuntu security patches for OpenSSL, libssh, and curl. - Updates google.golang.org/grpc to 1.79.3 (fixes CVE-2026-33186). - Updates golang.org/x/crypto to 0.45.0 (fixes CVE-2025-58181).
diff --git a/Demos/Gemma-on-Cloudrun/Dockerfile b/Demos/Gemma-on-Cloudrun/Dockerfile
@@ -1,5 +1,5 @@
 # === Stage 1: Build proxy server ===
-FROM golang:1.24-alpine as proxy_builder
+FROM golang:1.24.13-alpine as proxy_builder
 LABEL stage="proxy-builder"
 
 # Create and change to the app directory.
@@ -21,7 +21,7 @@ FROM ollama/ollama:latest as ollama_builder
 LABEL stage="ollama-builder"
 
 # Install curl. It's used in the start_script.sh to check Ollama health status.
-RUN apt-get update && apt-get install -y curl
+RUN apt-get update && apt-get upgrade -y && apt-get install -y curl
 
 # Copy the proxy server binary to the ollama image.
 COPY --from=proxy_builder /app/server /app/server
diff --git a/Demos/Gemma-on-Cloudrun/go.mod b/Demos/Gemma-on-Cloudrun/go.mod
@@ -1,11 +1,13 @@
 module cloudrungemma
 
-go 1.24
+go 1.24.0
+
+toolchain go1.24.13
 
 require (
 	cloud.google.com/go/ai v0.10.2
 	github.com/openai/openai-go v0.1.0-beta.10
-	google.golang.org/protobuf v1.36.6
+	google.golang.org/protobuf v1.36.10
 )
 
 require (
@@ -14,10 +16,10 @@ require (
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.1 // indirect
 	github.com/tidwall/sjson v1.2.5 // indirect
-	golang.org/x/net v0.39.0 // indirect
-	golang.org/x/sys v0.32.0 // indirect
-	golang.org/x/text v0.24.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20250414145226-207652e42e2e // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250414145226-207652e42e2e // indirect
-	google.golang.org/grpc v1.71.1 // indirect
+	golang.org/x/net v0.47.0 // indirect
+	golang.org/x/sys v0.39.0 // indirect
+	golang.org/x/text v0.32.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect
+	google.golang.org/grpc v1.79.0-dev // indirect
 )
