Skip to content

Commit 4789657

Browse files
yxxheroyxxhero
authored
fix: update dependencies to address security vulnerabilities (#951)
Update Go dependencies to fix CVEs reported in issue #950: - Kubernetes packages: v0.35.1 -> v0.35.2 - golang.org/x/net: v0.50.0 -> v0.51.0 - golang.org/x/oauth2: v0.30.0 -> v0.35.0 - golang.org/x/time: v0.12.0 -> v0.14.0 - google.golang.org/protobuf: v1.36.8 -> v1.36.11 - sigs.k8s.io/controller-runtime: v0.22.4 -> v0.23.1 - And related transitive dependencies Fixes #950 Signed-off-by: yxxhero <aiopsclub@163.com>
1 parent 6668b2b commit 4789657

2 files changed

Lines changed: 158 additions & 123 deletions

File tree

go.mod

Lines changed: 48 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ require (
99
github.com/gonvenience/bunt v1.4.3
1010
github.com/gonvenience/ytbx v1.4.8
1111
github.com/google/go-cmp v0.7.0
12-
github.com/homeport/dyff v1.10.5
12+
github.com/homeport/dyff v1.11.2
1313
github.com/json-iterator/go v1.1.12
1414
github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d
1515
github.com/spf13/cobra v1.10.2
@@ -18,67 +18,77 @@ require (
1818
golang.org/x/term v0.40.0
1919
gopkg.in/yaml.v2 v2.4.0
2020
helm.sh/helm/v4 v4.1.1
21-
k8s.io/api v0.35.1
22-
k8s.io/apiextensions-apiserver v0.35.1
23-
k8s.io/apimachinery v0.35.1
24-
k8s.io/cli-runtime v0.35.1
25-
k8s.io/client-go v0.35.1
21+
k8s.io/api v0.35.2
22+
k8s.io/apiextensions-apiserver v0.35.2
23+
k8s.io/apimachinery v0.35.2
24+
k8s.io/cli-runtime v0.35.2
25+
k8s.io/client-go v0.35.2
2626
sigs.k8s.io/yaml v1.6.0
2727
)
2828

2929
require (
30-
dario.cat/mergo v1.0.1 // indirect
30+
dario.cat/mergo v1.0.2 // indirect
3131
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
3232
github.com/BurntSushi/toml v1.6.0 // indirect
3333
github.com/MakeNowJust/heredoc v1.0.0 // indirect
3434
github.com/Masterminds/goutils v1.1.1 // indirect
3535
github.com/Masterminds/sprig/v3 v3.3.0 // indirect
3636
github.com/Masterminds/squirrel v1.5.4 // indirect
37-
github.com/ProtonMail/go-crypto v1.3.0 // indirect
37+
github.com/ProtonMail/go-crypto v1.4.0 // indirect
3838
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
3939
github.com/blang/semver/v4 v4.0.0 // indirect
40-
github.com/chai2010/gettext-go v1.0.2 // indirect
40+
github.com/chai2010/gettext-go v1.0.3 // indirect
41+
github.com/clipperhouse/uax29/v2 v2.7.0 // indirect
4142
github.com/cloudflare/circl v1.6.3 // indirect
4243
github.com/cyphar/filepath-securejoin v0.6.1 // indirect
4344
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
44-
github.com/dylibso/observe-sdk/go v0.0.0-20240819160327-2d926c5d788a // indirect
45-
github.com/emicklei/go-restful/v3 v3.12.2 // indirect
45+
github.com/dylibso/observe-sdk/go v0.0.0-20240828172851-9145d8ad07e1 // indirect
46+
github.com/emicklei/go-restful/v3 v3.13.0 // indirect
4647
github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
4748
github.com/extism/go-sdk v1.7.1 // indirect
4849
github.com/fatih/color v1.18.0 // indirect
49-
github.com/fluxcd/cli-utils v0.37.0-flux.1 // indirect
50+
github.com/fluxcd/cli-utils v0.37.2-flux.1 // indirect
5051
github.com/fxamacker/cbor/v2 v2.9.0 // indirect
5152
github.com/go-errors/errors v1.5.1 // indirect
5253
github.com/go-gorp/gorp/v3 v3.1.0 // indirect
5354
github.com/go-logr/logr v1.4.3 // indirect
54-
github.com/go-openapi/jsonpointer v0.21.1 // indirect
55-
github.com/go-openapi/jsonreference v0.21.0 // indirect
56-
github.com/go-openapi/swag v0.23.1 // indirect
55+
github.com/go-openapi/jsonpointer v0.22.5 // indirect
56+
github.com/go-openapi/jsonreference v0.21.5 // indirect
57+
github.com/go-openapi/swag v0.25.5 // indirect
58+
github.com/go-openapi/swag/cmdutils v0.25.5 // indirect
59+
github.com/go-openapi/swag/conv v0.25.5 // indirect
60+
github.com/go-openapi/swag/fileutils v0.25.5 // indirect
61+
github.com/go-openapi/swag/jsonname v0.25.5 // indirect
62+
github.com/go-openapi/swag/jsonutils v0.25.5 // indirect
63+
github.com/go-openapi/swag/loading v0.25.5 // indirect
64+
github.com/go-openapi/swag/mangling v0.25.5 // indirect
65+
github.com/go-openapi/swag/netutils v0.25.5 // indirect
66+
github.com/go-openapi/swag/stringutils v0.25.5 // indirect
67+
github.com/go-openapi/swag/typeutils v0.25.5 // indirect
68+
github.com/go-openapi/swag/yamlutils v0.25.5 // indirect
5769
github.com/gobwas/glob v0.2.3 // indirect
5870
github.com/gonvenience/idem v0.0.3 // indirect
59-
github.com/gonvenience/neat v1.3.17 // indirect
71+
github.com/gonvenience/neat v1.3.18 // indirect
6072
github.com/gonvenience/term v1.0.5 // indirect
6173
github.com/gonvenience/text v1.0.10 // indirect
6274
github.com/google/btree v1.1.3 // indirect
63-
github.com/google/gnostic-models v0.7.0 // indirect
75+
github.com/google/gnostic-models v0.7.1 // indirect
6476
github.com/google/uuid v1.6.0 // indirect
6577
github.com/gosuri/uitable v0.0.4 // indirect
6678
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
6779
github.com/huandu/xstrings v1.5.0 // indirect
68-
github.com/ianlancetaylor/demangle v0.0.0-20240805132620-81f5be970eca // indirect
80+
github.com/ianlancetaylor/demangle v0.0.0-20251118225945-96ee0021ea0f // indirect
6981
github.com/inconshreveable/mousetrap v1.1.0 // indirect
7082
github.com/jmoiron/sqlx v1.4.0 // indirect
71-
github.com/josharian/intern v1.0.0 // indirect
7283
github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
7384
github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
74-
github.com/lib/pq v1.10.9 // indirect
85+
github.com/lib/pq v1.11.2 // indirect
7586
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
7687
github.com/lucasb-eyer/go-colorful v1.3.0 // indirect
77-
github.com/mailru/easyjson v0.9.0 // indirect
7888
github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3 // indirect
79-
github.com/mattn/go-colorable v0.1.13 // indirect
89+
github.com/mattn/go-colorable v0.1.14 // indirect
8090
github.com/mattn/go-isatty v0.0.20 // indirect
81-
github.com/mattn/go-runewidth v0.0.9 // indirect
91+
github.com/mattn/go-runewidth v0.0.20 // indirect
8292
github.com/mitchellh/copystructure v1.2.0 // indirect
8393
github.com/mitchellh/go-ps v1.0.0 // indirect
8494
github.com/mitchellh/go-wordwrap v1.0.1 // indirect
@@ -98,38 +108,38 @@ require (
98108
github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 // indirect
99109
github.com/sergi/go-diff v1.4.0 // indirect
100110
github.com/shopspring/decimal v1.4.0 // indirect
101-
github.com/spf13/cast v1.7.0 // indirect
111+
github.com/spf13/cast v1.10.0 // indirect
102112
github.com/tetratelabs/wabin v0.0.0-20230304001439-f6f874872834 // indirect
103113
github.com/tetratelabs/wazero v1.11.0 // indirect
104114
github.com/texttheater/golang-levenshtein v1.0.1 // indirect
105115
github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 // indirect
106116
github.com/x448/float16 v0.8.4 // indirect
107117
github.com/xlab/treeprint v1.2.0 // indirect
108-
go.opentelemetry.io/proto/otlp v1.5.0 // indirect
118+
go.opentelemetry.io/proto/otlp v1.9.0 // indirect
109119
go.yaml.in/yaml/v2 v2.4.3 // indirect
110120
go.yaml.in/yaml/v3 v3.0.4 // indirect
111121
golang.org/x/crypto v0.48.0 // indirect
112-
golang.org/x/net v0.50.0 // indirect
113-
golang.org/x/oauth2 v0.30.0 // indirect
122+
golang.org/x/net v0.51.0 // indirect
123+
golang.org/x/oauth2 v0.35.0 // indirect
114124
golang.org/x/sync v0.19.0 // indirect
115125
golang.org/x/sys v0.41.0 // indirect
116126
golang.org/x/text v0.34.0 // indirect
117-
golang.org/x/time v0.12.0 // indirect
118-
google.golang.org/protobuf v1.36.8 // indirect
127+
golang.org/x/time v0.14.0 // indirect
128+
google.golang.org/protobuf v1.36.11 // indirect
119129
gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
120130
gopkg.in/inf.v0 v0.9.1 // indirect
121131
gopkg.in/yaml.v3 v3.0.1 // indirect
122-
k8s.io/apiserver v0.35.1 // indirect
123-
k8s.io/component-base v0.35.1 // indirect
132+
k8s.io/apiserver v0.35.2 // indirect
133+
k8s.io/component-base v0.35.2 // indirect
124134
k8s.io/klog/v2 v2.130.1 // indirect
125-
k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect
126-
k8s.io/kubectl v0.35.0 // indirect
127-
k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect
135+
k8s.io/kube-openapi v0.0.0-20260127142750-a19766b6e2d4 // indirect
136+
k8s.io/kubectl v0.35.2 // indirect
137+
k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 // indirect
128138
oras.land/oras-go/v2 v2.6.0 // indirect
129-
sigs.k8s.io/controller-runtime v0.22.4 // indirect
139+
sigs.k8s.io/controller-runtime v0.23.1 // indirect
130140
sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect
131-
sigs.k8s.io/kustomize/api v0.20.1 // indirect
132-
sigs.k8s.io/kustomize/kyaml v0.21.0 // indirect
141+
sigs.k8s.io/kustomize/api v0.21.1 // indirect
142+
sigs.k8s.io/kustomize/kyaml v0.21.1 // indirect
133143
sigs.k8s.io/randfill v1.0.0 // indirect
134-
sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect
144+
sigs.k8s.io/structured-merge-diff/v6 v6.3.2 // indirect
135145
)

0 commit comments

Comments
 (0)