Skip to content

Commit 652c5d6

Browse files
cx-shaked-kartacx-shaked-karta
authored
Merge pull request #18 from Checkmarx/fix/vulnerabilities-AST-1111
fix: update dependencies to resolve CVEs (AST-1111)
2 parents b38c0b5 + a3c4db8 commit 652c5d6

File tree

2 files changed

+152
-497
lines changed

2 files changed

+152
-497
lines changed

go.mod

Lines changed: 36 additions & 105 deletions
Original file line numberDiff line numberDiff line change
@@ -6,87 +6,50 @@ require (
66
github.com/Checkmarx/containers-types v1.0.9
77
github.com/rs/zerolog v1.34.0
88
gopkg.in/yaml.v3 v3.0.1
9-
helm.sh/helm/v3 v3.17.4
9+
helm.sh/helm/v3 v3.19.2
1010
)
1111

1212
require (
13-
cel.dev/expr v0.20.0 // indirect
1413
dario.cat/mergo v1.0.1 // indirect
1514
github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect
16-
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
1715
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
1816
github.com/BurntSushi/toml v1.5.0 // indirect
1917
github.com/MakeNowJust/heredoc v1.0.0 // indirect
2018
github.com/Masterminds/goutils v1.1.1 // indirect
21-
github.com/Masterminds/semver/v3 v3.3.1 // indirect
19+
github.com/Masterminds/semver/v3 v3.4.0 // indirect
2220
github.com/Masterminds/sprig/v3 v3.3.0 // indirect
2321
github.com/Masterminds/squirrel v1.5.4 // indirect
24-
github.com/Microsoft/go-winio v0.6.2 // indirect
25-
github.com/Microsoft/hcsshim v0.13.1-0.20250731174403-0842153594e0 // indirect
26-
github.com/NYTimes/gziphandler v1.1.1 // indirect
27-
github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
2822
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
29-
github.com/beorn7/perks v1.0.1 // indirect
3023
github.com/blang/semver/v4 v4.0.0 // indirect
31-
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
32-
github.com/cespare/xxhash/v2 v2.3.0 // indirect
3324
github.com/chai2010/gettext-go v1.0.3 // indirect
34-
github.com/containerd/cgroups v1.1.0 // indirect
35-
github.com/containerd/cgroups/v3 v3.0.5 // indirect
36-
github.com/containerd/containerd v1.7.28 // indirect
37-
github.com/containerd/containerd/api v1.9.0 // indirect
38-
github.com/containerd/continuity v0.4.5 // indirect
25+
github.com/containerd/containerd v1.7.29 // indirect
3926
github.com/containerd/errdefs v1.0.0 // indirect
40-
github.com/containerd/errdefs/pkg v0.3.0 // indirect
41-
github.com/containerd/fifo v1.1.0 // indirect
4227
github.com/containerd/log v0.1.0 // indirect
4328
github.com/containerd/platforms v1.0.0-rc.1 // indirect
44-
github.com/containerd/ttrpc v1.2.7 // indirect
45-
github.com/containerd/typeurl/v2 v2.2.3 // indirect
46-
github.com/coreos/go-semver v0.3.1 // indirect
47-
github.com/coreos/go-systemd/v22 v22.5.0 // indirect
48-
github.com/cyphar/filepath-securejoin v0.4.1 // indirect
29+
github.com/cyphar/filepath-securejoin v0.6.1 // indirect
4930
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
5031
github.com/distribution/distribution/v3 v3.0.1-0.20250403190400-dbca4995c83c // indirect
51-
github.com/distribution/reference v0.6.0 // indirect
52-
github.com/docker/cli v28.0.3+incompatible // indirect
53-
github.com/docker/distribution v2.8.3+incompatible // indirect
54-
github.com/docker/docker v28.0.3+incompatible // indirect
5532
github.com/docker/docker-credential-helpers v0.9.3 // indirect
56-
github.com/docker/go-connections v0.5.0 // indirect
57-
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
58-
github.com/docker/go-metrics v0.0.1 // indirect
5933
github.com/emicklei/go-restful/v3 v3.12.2 // indirect
6034
github.com/evanphx/json-patch v5.9.11+incompatible // indirect
6135
github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
6236
github.com/fatih/color v1.18.0 // indirect
63-
github.com/felixge/httpsnoop v1.0.4 // indirect
64-
github.com/fsnotify/fsnotify v1.7.0 // indirect
65-
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
37+
github.com/fxamacker/cbor/v2 v2.9.0 // indirect
6638
github.com/go-errors/errors v1.5.1 // indirect
6739
github.com/go-gorp/gorp/v3 v3.1.0 // indirect
6840
github.com/go-logr/logr v1.4.2 // indirect
69-
github.com/go-logr/stdr v1.2.2 // indirect
7041
github.com/go-openapi/jsonpointer v0.21.1 // indirect
7142
github.com/go-openapi/jsonreference v0.21.0 // indirect
7243
github.com/go-openapi/swag v0.23.1 // indirect
7344
github.com/gobwas/glob v0.2.3 // indirect
7445
github.com/gogo/protobuf v1.3.2 // indirect
75-
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
76-
github.com/golang/protobuf v1.5.4 // indirect
7746
github.com/google/btree v1.1.3 // indirect
78-
github.com/google/cel-go v0.22.0 // indirect
79-
github.com/google/gnostic-models v0.6.9 // indirect
47+
github.com/google/gnostic-models v0.7.0 // indirect
8048
github.com/google/go-cmp v0.7.0 // indirect
81-
github.com/google/gofuzz v1.2.0 // indirect
82-
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
8349
github.com/google/uuid v1.6.0 // indirect
84-
github.com/gorilla/mux v1.8.1 // indirect
85-
github.com/gorilla/websocket v1.5.3 // indirect
50+
github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
8651
github.com/gosuri/uitable v0.0.4 // indirect
8752
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
88-
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
89-
github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 // indirect
9053
github.com/hashicorp/errwrap v1.1.0 // indirect
9154
github.com/hashicorp/go-multierror v1.1.1 // indirect
9255
github.com/huandu/xstrings v1.5.0 // indirect
@@ -95,7 +58,6 @@ require (
9558
github.com/josharian/intern v1.0.0 // indirect
9659
github.com/json-iterator/go v1.1.12 // indirect
9760
github.com/klauspost/compress v1.18.0 // indirect
98-
github.com/kylelemons/godebug v1.1.0 // indirect
9961
github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
10062
github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
10163
github.com/lib/pq v1.10.9 // indirect
@@ -107,94 +69,63 @@ require (
10769
github.com/mitchellh/copystructure v1.2.0 // indirect
10870
github.com/mitchellh/go-wordwrap v1.0.1 // indirect
10971
github.com/mitchellh/reflectwalk v1.0.2 // indirect
110-
github.com/moby/locker v1.0.1 // indirect
11172
github.com/moby/spdystream v0.5.0 // indirect
112-
github.com/moby/sys/mountinfo v0.7.2 // indirect
113-
github.com/moby/sys/sequential v0.5.0 // indirect
114-
github.com/moby/sys/signal v0.7.0 // indirect
115-
github.com/moby/sys/user v0.4.0 // indirect
116-
github.com/moby/sys/userns v0.1.0 // indirect
11773
github.com/moby/term v0.5.2 // indirect
11874
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
119-
github.com/modern-go/reflect2 v1.0.2 // indirect
75+
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
12076
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
12177
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
12278
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
12379
github.com/opencontainers/go-digest v1.0.0 // indirect
12480
github.com/opencontainers/image-spec v1.1.1 // indirect
125-
github.com/opencontainers/runtime-spec v1.2.1 // indirect
126-
github.com/opencontainers/selinux v1.11.0 // indirect
12781
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
12882
github.com/pkg/errors v0.9.1 // indirect
129-
github.com/prometheus/client_golang v1.22.0 // indirect
130-
github.com/prometheus/client_model v0.6.1 // indirect
83+
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
13184
github.com/prometheus/common v0.63.0 // indirect
13285
github.com/prometheus/procfs v0.16.0 // indirect
13386
github.com/rivo/uniseg v0.4.7 // indirect
134-
github.com/rubenv/sql-migrate v1.7.1 // indirect
87+
github.com/rubenv/sql-migrate v1.8.0 // indirect
13588
github.com/russross/blackfriday/v2 v2.1.0 // indirect
89+
github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 // indirect
13690
github.com/shopspring/decimal v1.4.0 // indirect
13791
github.com/sirupsen/logrus v1.9.3 // indirect
13892
github.com/spf13/cast v1.7.1 // indirect
139-
github.com/spf13/cobra v1.9.1 // indirect
140-
github.com/spf13/pflag v1.0.6 // indirect
141-
github.com/stoewer/go-strcase v1.3.0 // indirect
93+
github.com/spf13/cobra v1.10.1 // indirect
94+
github.com/spf13/pflag v1.0.10 // indirect
14295
github.com/x448/float16 v0.8.4 // indirect
143-
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
144-
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
145-
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
14696
github.com/xlab/treeprint v1.2.0 // indirect
147-
go.etcd.io/etcd/api/v3 v3.5.16 // indirect
148-
go.etcd.io/etcd/client/pkg/v3 v3.5.16 // indirect
149-
go.etcd.io/etcd/client/v3 v3.5.16 // indirect
150-
go.opencensus.io v0.24.0 // indirect
151-
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
152-
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect
15397
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect
154-
go.opentelemetry.io/otel v1.35.0 // indirect
155-
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0 // indirect
156-
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0 // indirect
157-
go.opentelemetry.io/otel/metric v1.35.0 // indirect
158-
go.opentelemetry.io/otel/sdk v1.35.0 // indirect
159-
go.opentelemetry.io/otel/trace v1.35.0 // indirect
160-
go.opentelemetry.io/proto/otlp v1.3.1 // indirect
161-
go.uber.org/multierr v1.11.0 // indirect
162-
go.uber.org/zap v1.27.0 // indirect
163-
golang.org/x/crypto v0.40.0 // indirect
164-
golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect
165-
golang.org/x/net v0.42.0 // indirect
98+
go.yaml.in/yaml/v2 v2.4.2 // indirect
99+
go.yaml.in/yaml/v3 v3.0.4 // indirect
100+
golang.org/x/crypto v0.45.0 // indirect
101+
golang.org/x/net v0.47.0 // indirect
166102
golang.org/x/oauth2 v0.30.0 // indirect
167-
golang.org/x/sync v0.16.0 // indirect
168-
golang.org/x/sys v0.34.0 // indirect
169-
golang.org/x/term v0.33.0 // indirect
170-
golang.org/x/text v0.27.0 // indirect
103+
golang.org/x/sync v0.18.0 // indirect
104+
golang.org/x/sys v0.38.0 // indirect
105+
golang.org/x/term v0.37.0 // indirect
106+
golang.org/x/text v0.31.0 // indirect
171107
golang.org/x/time v0.12.0 // indirect
172-
google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect
173-
google.golang.org/genproto/googleapis/api v0.0.0-20250218202821-56aae31c358a // indirect
174108
google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463 // indirect
175109
google.golang.org/grpc v1.72.2 // indirect
176110
google.golang.org/protobuf v1.36.6 // indirect
177111
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
178112
gopkg.in/inf.v0 v0.9.1 // indirect
179-
gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
180-
k8s.io/api v0.32.7 // indirect
181-
k8s.io/apiextensions-apiserver v0.32.7 // indirect
182-
k8s.io/apimachinery v0.32.7 // indirect
183-
k8s.io/apiserver v0.32.7 // indirect
184-
k8s.io/cli-runtime v0.32.3 // indirect
185-
k8s.io/client-go v0.32.7 // indirect
186-
k8s.io/component-base v0.32.7 // indirect
113+
k8s.io/api v0.34.0 // indirect
114+
k8s.io/apiextensions-apiserver v0.34.0 // indirect
115+
k8s.io/apimachinery v0.34.0 // indirect
116+
k8s.io/apiserver v0.34.0 // indirect
117+
k8s.io/cli-runtime v0.34.0 // indirect
118+
k8s.io/client-go v0.34.0 // indirect
119+
k8s.io/component-base v0.34.0 // indirect
187120
k8s.io/klog/v2 v2.130.1 // indirect
188-
k8s.io/kms v0.32.7 // indirect
189-
k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
190-
k8s.io/kubectl v0.32.3 // indirect
191-
k8s.io/utils v0.0.0-20250321185631-1f6e0b77f77e // indirect
192-
oras.land/oras-go v1.2.7-0.20241008061749-9193ba0ce99b // indirect
193-
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0 // indirect
121+
k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect
122+
k8s.io/kubectl v0.34.0 // indirect
123+
k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect
124+
oras.land/oras-go/v2 v2.6.0 // indirect
194125
sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
195-
sigs.k8s.io/kustomize/api v0.19.0 // indirect
196-
sigs.k8s.io/kustomize/kyaml v0.19.0 // indirect
126+
sigs.k8s.io/kustomize/api v0.20.1 // indirect
127+
sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect
197128
sigs.k8s.io/randfill v1.0.0 // indirect
198-
sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect
199-
sigs.k8s.io/yaml v1.4.0 // indirect
129+
sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect
130+
sigs.k8s.io/yaml v1.6.0 // indirect
200131
)

0 commit comments

Comments
 (0)