Skip to content

Commit 11a2255

Browse files
cx-dmitri-rivinCheckmarx Automationcx-shaked-kartacx-anurag-dalke
authored
Upgrade containers to 1.0.27 - vulnerabilities fix (AST-00000) (#1362)
* upgrade * fix(AST-00000): update containers-resolver to v1.0.27 * Update README.md * integration tests fix * bug fix * version update --------- Co-authored-by: Checkmarx Automation <[email protected]> Co-authored-by: Shaked Karta <[email protected]> Co-authored-by: Anurag Dalke <[email protected]>
1 parent ca05a3a commit 11a2255

File tree

6 files changed

+131
-128
lines changed

6 files changed

+131
-128
lines changed

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@
2222
<h3 align="center">Checkmarx One CLI</h3>
2323

2424
<p align="center">
25-
Checkmarx CLI is a standalone Checkmarx tool.
25+
Checkmarx CLI is a standalone Checkmarx tool.
2626
<br />
2727
<a href="https://checkmarx.com/resource/documents/en/34965-68620-checkmarx-one-cli-tool.html"><strong>Explore the docs »</strong></a>
2828
<br />

go.mod

Lines changed: 30 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ module github.com/checkmarx/ast-cli
33
go 1.24.11
44

55
require (
6-
github.com/Checkmarx/containers-resolver v1.0.25
6+
github.com/Checkmarx/containers-resolver v1.0.27
77
github.com/Checkmarx/containers-types v1.0.9
88
github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63
99
github.com/Checkmarx/gen-ai-wrapper v1.0.3
@@ -22,7 +22,7 @@ require (
2222
github.com/jsumners/go-getport v1.0.0
2323
github.com/mssola/user_agent v0.6.0
2424
github.com/pkg/errors v0.9.1
25-
github.com/spf13/cobra v1.9.1
25+
github.com/spf13/cobra v1.10.1
2626
github.com/spf13/viper v1.20.1
2727
github.com/stretchr/testify v1.11.1
2828
github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80
@@ -36,7 +36,10 @@ require (
3636
gotest.tools v2.2.0+incompatible
3737
)
3838

39-
require cyphar.com/go-pathrs v0.2.1 // indirect
39+
require (
40+
cyphar.com/go-pathrs v0.2.1 // indirect
41+
sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect
42+
)
4043

4144
require (
4245
dario.cat/mergo v1.0.1 // indirect
@@ -45,13 +48,13 @@ require (
4548
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
4649
github.com/BobuSumisu/aho-corasick v1.0.3 // indirect
4750
github.com/BurntSushi/toml v1.5.0 // indirect
48-
github.com/Checkmarx/containers-images-extractor v1.0.18
49-
github.com/Checkmarx/containers-syft-packages-extractor v1.0.21 // indirect
51+
github.com/Checkmarx/containers-images-extractor v1.0.20
52+
github.com/Checkmarx/containers-syft-packages-extractor v1.0.22 // indirect
5053
github.com/CycloneDX/cyclonedx-go v0.9.2 // indirect
5154
github.com/DataDog/zstd v1.5.6 // indirect
5255
github.com/Masterminds/goutils v1.1.1 // indirect
5356
github.com/Masterminds/semver v1.5.0 // indirect
54-
github.com/Masterminds/semver/v3 v3.3.1 // indirect
57+
github.com/Masterminds/semver/v3 v3.4.0 // indirect
5558
github.com/Masterminds/sprig/v3 v3.3.0 // indirect
5659
github.com/Masterminds/squirrel v1.5.4 // indirect
5760
github.com/Microsoft/go-winio v0.6.2 // indirect
@@ -102,7 +105,7 @@ require (
102105
github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect
103106
github.com/containerd/ttrpc v1.2.7 // indirect
104107
github.com/containerd/typeurl/v2 v2.2.3 // indirect
105-
github.com/cyphar/filepath-securejoin v0.6.0 // indirect
108+
github.com/cyphar/filepath-securejoin v0.6.1 // indirect
106109
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
107110
github.com/deitch/magic v0.0.0-20240306090643-c67ab88f10cb // indirect
108111
github.com/distribution/reference v0.6.0 // indirect
@@ -126,8 +129,8 @@ require (
126129
github.com/fatih/semgroup v1.2.0 // indirect
127130
github.com/felixge/fgprof v0.9.5 // indirect
128131
github.com/felixge/httpsnoop v1.0.4 // indirect
129-
github.com/fsnotify/fsnotify v1.8.0 // indirect
130-
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
132+
github.com/fsnotify/fsnotify v1.9.0 // indirect
133+
github.com/fxamacker/cbor/v2 v2.9.0 // indirect
131134
github.com/gabriel-vasile/mimetype v1.4.8 // indirect
132135
github.com/github/go-spdx/v2 v2.3.2 // indirect
133136
github.com/gitleaks/go-gitdiff v0.9.1 // indirect
@@ -149,12 +152,11 @@ require (
149152
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
150153
github.com/golang/snappy v1.0.0 // indirect
151154
github.com/google/btree v1.1.3 // indirect
152-
github.com/google/gnostic-models v0.6.9 // indirect
155+
github.com/google/gnostic-models v0.7.0 // indirect
153156
github.com/google/go-cmp v0.7.0 // indirect
154157
github.com/google/go-containerregistry v0.20.3 // indirect
155158
github.com/google/licensecheck v0.3.1 // indirect
156159
github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e // indirect
157-
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
158160
github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
159161
github.com/gosuri/uitable v0.0.4 // indirect
160162
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
@@ -208,7 +210,7 @@ require (
208210
github.com/moby/sys/userns v0.1.0 // indirect
209211
github.com/moby/term v0.5.2 // indirect
210212
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
211-
github.com/modern-go/reflect2 v1.0.2 // indirect
213+
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
212214
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
213215
github.com/muesli/termenv v0.16.0 // indirect
214216
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
@@ -252,7 +254,7 @@ require (
252254
github.com/spdx/tools-golang v0.5.5 // indirect
253255
github.com/spf13/afero v1.14.0 // indirect
254256
github.com/spf13/cast v1.7.1 // indirect
255-
github.com/spf13/pflag v1.0.7 // indirect
257+
github.com/spf13/pflag v1.0.10 // indirect
256258
github.com/subosito/gotenv v1.6.0 // indirect
257259
github.com/sylabs/sif/v2 v2.21.1 // indirect
258260
github.com/sylabs/squashfs v1.0.6 // indirect
@@ -282,7 +284,7 @@ require (
282284
go.uber.org/mock v0.5.2 // indirect
283285
go.uber.org/multierr v1.11.0 // indirect
284286
go.yaml.in/yaml/v2 v2.4.2 // indirect
285-
go.yaml.in/yaml/v3 v3.0.3 // indirect
287+
go.yaml.in/yaml/v3 v3.0.4 // indirect
286288
golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect
287289
golang.org/x/mod v0.29.0 // indirect
288290
golang.org/x/net v0.47.0 // indirect
@@ -298,29 +300,28 @@ require (
298300
gopkg.in/inf.v0 v0.9.1 // indirect
299301
gopkg.in/warnings.v0 v0.1.2 // indirect
300302
gopkg.in/yaml.v2 v2.4.0 // indirect
301-
helm.sh/helm/v3 v3.18.5 // indirect
302-
k8s.io/api v0.33.3 // indirect
303-
k8s.io/apiextensions-apiserver v0.33.3 // indirect
304-
k8s.io/apimachinery v0.33.3 // indirect
305-
k8s.io/apiserver v0.33.3 // indirect
306-
k8s.io/cli-runtime v0.33.3 // indirect
307-
k8s.io/client-go v0.33.3 // indirect
308-
k8s.io/component-base v0.33.3 // indirect
303+
helm.sh/helm/v3 v3.19.2 // indirect
304+
k8s.io/api v0.34.0 // indirect
305+
k8s.io/apiextensions-apiserver v0.34.0 // indirect
306+
k8s.io/apimachinery v0.34.0 // indirect
307+
k8s.io/apiserver v0.34.0 // indirect
308+
k8s.io/cli-runtime v0.34.0 // indirect
309+
k8s.io/client-go v0.34.0 // indirect
310+
k8s.io/component-base v0.34.0 // indirect
309311
k8s.io/klog/v2 v2.130.1 // indirect
310-
k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
311-
k8s.io/kubectl v0.33.3 // indirect
312-
k8s.io/utils v0.0.0-20250321185631-1f6e0b77f77e // indirect
312+
k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect
313+
k8s.io/kubectl v0.34.0 // indirect
314+
k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect
313315
modernc.org/libc v1.66.3 // indirect
314316
modernc.org/mathutil v1.7.1 // indirect
315317
modernc.org/memory v1.11.0 // indirect
316318
modernc.org/sqlite v1.38.2 // indirect
317319
oras.land/oras-go/v2 v2.6.0 // indirect
318320
sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
319-
sigs.k8s.io/kustomize/api v0.19.0 // indirect
320-
sigs.k8s.io/kustomize/kyaml v0.19.0 // indirect
321+
sigs.k8s.io/kustomize/api v0.20.1 // indirect
322+
sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect
321323
sigs.k8s.io/randfill v1.0.0 // indirect
322-
sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect
323-
sigs.k8s.io/yaml v1.5.0 // indirect
324+
sigs.k8s.io/yaml v1.6.0 // indirect
324325
)
325326

326327
replace github.com/containerd/containerd => github.com/containerd/containerd v1.7.29

0 commit comments

Comments
 (0)