Skip to content

Commit

Permalink
Bump various dependencies to fix security issues
Browse files Browse the repository at this point in the history 
* github.com/go-git/go-git/v5: CVE-2025-21613
* golang.org/x/crypto: CVE-2024-45337
* golang.org/x/net: CVE-2024-45338

This requires bumping to Go 1.21, our build images can handle that.

Signed-off-by: Stephen Kitt <[email protected]>
  • Loading branch information
@skitt @tpantelis
skitt authored and tpantelis committed Jan 22, 2025
1 parent ba6f729 commit 9644f47
Show file tree
Hide file tree
Showing 2 changed files with 94 additions and 60 deletions.
41 changes: 21 additions & 20 deletions go.mod
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
module github.com/submariner-io/submariner-operator

go 1.19
go 1.21

require (
github.com/coreos/go-semver v0.3.1
github.com/go-logr/logr v1.2.4
github.com/onsi/ginkgo/v2 v2.11.0
github.com/onsi/gomega v1.27.10
github.com/go-logr/logr v1.4.1
github.com/onsi/ginkgo/v2 v2.19.0
github.com/onsi/gomega v1.34.1
github.com/openshift/api v0.0.0-20211201215911-5a82bae32e46
github.com/operator-framework/operator-lib v0.11.1-0.20230306195046-28cadc6b6055
github.com/operator-framework/operator-sdk v1.28.0
Expand All @@ -18,7 +18,7 @@ require (
github.com/submariner-io/shipyard v0.15.5
github.com/submariner-io/submariner v0.15.5
github.com/uw-labs/lichen v0.1.7
golang.org/x/text v0.14.0
golang.org/x/text v0.21.0
k8s.io/api v0.26.15
k8s.io/apiextensions-apiserver v0.26.15
k8s.io/apimachinery v0.26.15
Expand Down Expand Up @@ -55,7 +55,7 @@ require (
github.com/containerd/stargz-snapshotter/estargz v0.10.1 // indirect
github.com/containerd/ttrpc v1.1.2 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
github.com/cyphar/filepath-securejoin v0.3.6 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/distribution/reference v0.5.0 // indirect
github.com/docker/cli v20.10.21+incompatible // indirect
Expand All @@ -76,14 +76,14 @@ require (
github.com/ghodss/yaml v1.0.0 // indirect
github.com/go-errors/errors v1.4.2 // indirect
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
github.com/go-git/go-billy/v5 v5.5.0 // indirect
github.com/go-git/go-git/v5 v5.11.0 // indirect
github.com/go-git/go-billy/v5 v5.6.1 // indirect
github.com/go-git/go-git/v5 v5.13.1 // indirect
github.com/go-gorp/gorp/v3 v3.0.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/jsonpointer v0.19.6 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
github.com/go-openapi/swag v0.22.3 // indirect
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
github.com/gobuffalo/envy v1.6.5 // indirect
github.com/gobuffalo/flect v1.0.0 // indirect
github.com/gobwas/glob v0.2.3 // indirect
Expand All @@ -98,7 +98,7 @@ require (
github.com/google/go-containerregistry v0.8.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/licenseclassifier v0.0.0-20201113175434-78a70215ca36 // indirect
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
github.com/google/uuid v1.3.1 // indirect
github.com/gorilla/mux v1.8.0 // indirect
Expand Down Expand Up @@ -170,7 +170,7 @@ require (
github.com/rs/zerolog v1.29.0 // indirect
github.com/rubenv/sql-migrate v1.2.0 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/sergi/go-diff v1.2.0 // indirect
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
github.com/shopspring/decimal v1.3.1 // indirect
github.com/sirupsen/logrus v1.9.3 // indirect
github.com/spf13/afero v1.9.3 // indirect
Expand All @@ -180,7 +180,7 @@ require (
github.com/spf13/pflag v1.0.5 // indirect
github.com/spf13/viper v1.10.0 // indirect
github.com/stoewer/go-strcase v1.2.0 // indirect
github.com/stretchr/testify v1.8.4 // indirect
github.com/stretchr/testify v1.10.0 // indirect
github.com/subosito/gotenv v1.2.0 // indirect
github.com/thoas/go-funk v0.8.0 // indirect
github.com/urfave/cli/v2 v2.4.0 // indirect
Expand All @@ -200,21 +200,22 @@ require (
go.opentelemetry.io/otel/trace v1.19.0 // indirect
go.opentelemetry.io/proto/otlp v1.0.0 // indirect
go.starlark.net v0.0.0-20221010140840-6bf6f0955179 // indirect
golang.org/x/crypto v0.21.0 // indirect
golang.org/x/mod v0.12.0 // indirect
golang.org/x/net v0.23.0 // indirect
golang.org/x/crypto v0.32.0 // indirect
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
golang.org/x/mod v0.19.0 // indirect
golang.org/x/net v0.33.0 // indirect
golang.org/x/oauth2 v0.11.0 // indirect
golang.org/x/sync v0.3.0 // indirect
golang.org/x/sys v0.18.0 // indirect
golang.org/x/term v0.18.0 // indirect
golang.org/x/sync v0.10.0 // indirect
golang.org/x/sys v0.29.0 // indirect
golang.org/x/term v0.28.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.13.0 // indirect
golang.org/x/tools v0.23.0 // indirect
gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20231012201019-e917dd12ba7a // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405 // indirect
google.golang.org/grpc v1.59.0 // indirect
google.golang.org/protobuf v1.33.0 // indirect
google.golang.org/protobuf v1.34.1 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.66.2 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
Expand Down
Loading

0 comments on commit 9644f47

Please sign in to comment.