Skip to content

Commit c133ace

Browse files
cx-adar-zandbergcx-adar-zandberg
authored
Merge pull request #32 from Checkmarx/adar/fix-many-vuls
Fix some vulnerabilities (AST-74554)
2 parents 5cb1d91 + 5637410 commit c133ace

File tree

2 files changed

+88
-82
lines changed

2 files changed

+88
-82
lines changed

go.mod

Lines changed: 28 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
module github.com/Checkmarx/containers-resolver
22

3-
go 1.24.1
3+
go 1.25.0
44

55
require (
66
github.com/Checkmarx/containers-images-extractor v1.0.21
@@ -104,7 +104,7 @@ require (
104104
github.com/go-git/go-billy/v5 v5.6.2 // indirect
105105
github.com/go-git/go-git/v5 v5.14.0 // indirect
106106
github.com/go-gorp/gorp/v3 v3.1.0 // indirect
107-
github.com/go-logr/logr v1.4.2 // indirect
107+
github.com/go-logr/logr v1.4.3 // indirect
108108
github.com/go-logr/stdr v1.2.2 // indirect
109109
github.com/go-openapi/jsonpointer v0.21.1 // indirect
110110
github.com/go-openapi/jsonreference v0.21.0 // indirect
@@ -120,7 +120,7 @@ require (
120120
github.com/google/go-cmp v0.7.0 // indirect
121121
github.com/google/go-containerregistry v0.20.3 // indirect
122122
github.com/google/licensecheck v0.3.1 // indirect
123-
github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e // indirect
123+
github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 // indirect
124124
github.com/google/uuid v1.6.0 // indirect
125125
github.com/gookit/color v1.5.4 // indirect
126126
github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
@@ -182,7 +182,7 @@ require (
182182
github.com/opencontainers/selinux v1.13.0 // indirect
183183
github.com/pborman/indent v1.2.1 // indirect
184184
github.com/pelletier/go-toml v1.9.5 // indirect
185-
github.com/pelletier/go-toml/v2 v2.2.3 // indirect
185+
github.com/pelletier/go-toml/v2 v2.2.4 // indirect
186186
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
187187
github.com/pierrec/lz4/v4 v4.1.22 // indirect
188188
github.com/pjbgf/sha1cd v0.3.2 // indirect
@@ -232,12 +232,14 @@ require (
232232
github.com/zclconf/go-cty v1.16.2 // indirect
233233
go.opencensus.io v0.24.0 // indirect
234234
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
235-
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect
236-
go.opentelemetry.io/otel v1.35.0 // indirect
237-
go.opentelemetry.io/otel/metric v1.35.0 // indirect
238-
go.opentelemetry.io/otel/trace v1.35.0 // indirect
235+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
236+
go.opentelemetry.io/otel v1.36.0 // indirect
237+
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0 // indirect
238+
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0 // indirect
239+
go.opentelemetry.io/otel/metric v1.36.0 // indirect
240+
go.opentelemetry.io/otel/trace v1.36.0 // indirect
239241
go.uber.org/multierr v1.11.0 // indirect
240-
go.yaml.in/yaml/v2 v2.4.2 // indirect
242+
go.yaml.in/yaml/v2 v2.4.3 // indirect
241243
go.yaml.in/yaml/v3 v3.0.4 // indirect
242244
golang.org/x/crypto v0.45.0 // indirect
243245
golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect
@@ -252,36 +254,40 @@ require (
252254
golang.org/x/tools v0.38.0 // indirect
253255
golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect
254256
google.golang.org/genproto v0.0.0-20250324211829-b45e905df463 // indirect
255-
google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463 // indirect
257+
google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a // indirect
256258
google.golang.org/grpc v1.72.2 // indirect
257-
google.golang.org/protobuf v1.36.6 // indirect
258-
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
259+
google.golang.org/protobuf v1.36.8 // indirect
260+
gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
259261
gopkg.in/inf.v0 v0.9.1 // indirect
260262
gopkg.in/warnings.v0 v0.1.2 // indirect
261263
gopkg.in/yaml.v3 v3.0.1 // indirect
262-
helm.sh/helm/v3 v3.19.2 // indirect
263-
k8s.io/api v0.34.0 // indirect
264+
helm.sh/helm/v3 v3.19.3 // indirect
265+
k8s.io/api v0.35.0 // indirect
264266
k8s.io/apiextensions-apiserver v0.34.0 // indirect
265-
k8s.io/apimachinery v0.34.0 // indirect
266-
k8s.io/apiserver v0.34.0 // indirect
267+
k8s.io/apimachinery v0.35.0 // indirect
268+
k8s.io/apiserver v0.35.0 // indirect
267269
k8s.io/cli-runtime v0.34.0 // indirect
268-
k8s.io/client-go v0.34.0 // indirect
269-
k8s.io/component-base v0.34.0 // indirect
270+
k8s.io/client-go v0.35.0 // indirect
271+
k8s.io/component-base v0.35.0 // indirect
270272
k8s.io/klog/v2 v2.130.1 // indirect
271-
k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect
273+
k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect
272274
k8s.io/kubectl v0.34.0 // indirect
273-
k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect
275+
k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect
274276
modernc.org/libc v1.66.3 // indirect
275277
modernc.org/mathutil v1.7.1 // indirect
276278
modernc.org/memory v1.11.0 // indirect
277279
modernc.org/sqlite v1.38.2 // indirect
278280
oras.land/oras-go/v2 v2.6.0 // indirect
279-
sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
281+
sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect
280282
sigs.k8s.io/kustomize/api v0.20.1 // indirect
281283
sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect
282284
sigs.k8s.io/randfill v1.0.0 // indirect
283285
sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect
284286
sigs.k8s.io/yaml v1.6.0 // indirect
285287
)
286288

287-
replace google.golang.org/protobuf => google.golang.org/protobuf v1.33.0
289+
replace (
290+
github.com/containerd/containerd/v2 => github.com/containerd/containerd/v2 v2.1.4
291+
github.com/opencontainers/runc => github.com/opencontainers/runc v1.3.3
292+
google.golang.org/protobuf => google.golang.org/protobuf v1.33.0
293+
)

0 commit comments

Comments
 (0)