Merge pull request #1835 from andyzhangx/CVE-2025-0426-1.25

[release-1.25] fix: CVE-2025-0426

Author: andyzhangx

go.mod

@@ -30,9 +30,9 @@ require (
 	google.golang.org/protobuf v1.36.3
 	k8s.io/api v0.32.1
 	k8s.io/apimachinery v0.32.1
-	k8s.io/apiserver v0.31.3
+	k8s.io/apiserver v0.31.6
 	k8s.io/client-go v0.32.1
-	k8s.io/component-base v0.31.3
+	k8s.io/component-base v0.31.6
 	k8s.io/klog/v2 v2.130.1
 	k8s.io/kubernetes v1.31.1
 	k8s.io/mount-utils v0.32.0
@@ -158,49 +158,49 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/apiextensions-apiserver v0.0.0 // indirect
-	k8s.io/cloud-provider v0.31.3 // indirect
-	k8s.io/component-helpers v0.31.3 // indirect
-	k8s.io/controller-manager v0.31.3 // indirect
+	k8s.io/cloud-provider v0.31.6 // indirect
+	k8s.io/component-helpers v0.31.6 // indirect
+	k8s.io/controller-manager v0.31.6 // indirect
 	k8s.io/kms v0.32.0-alpha.0 // indirect
 	k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
 	k8s.io/kubectl v0.31.1 // indirect
-	k8s.io/kubelet v0.31.3 // indirect
+	k8s.io/kubelet v0.31.6 // indirect
 	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 // indirect
 	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect
 )
 
 replace (
-	k8s.io/api => k8s.io/api v0.31.3
-	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.31.3
-	k8s.io/apimachinery => k8s.io/apimachinery v0.31.3
-	k8s.io/apiserver => k8s.io/apiserver v0.31.3
-	k8s.io/cli-runtime => k8s.io/cli-runtime v0.31.3
-	k8s.io/client-go => k8s.io/client-go v0.31.3
-	k8s.io/cloud-provider => k8s.io/cloud-provider v0.31.3
-	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.31.3
-	k8s.io/code-generator => k8s.io/code-generator v0.31.3
-	k8s.io/component-base => k8s.io/component-base v0.31.3
-	k8s.io/component-helpers => k8s.io/component-helpers v0.31.3
-	k8s.io/controller-manager => k8s.io/controller-manager v0.31.3
-	k8s.io/cri-api => k8s.io/cri-api v0.31.3
-	k8s.io/cri-client => k8s.io/cri-client v0.31.3
-	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.31.3
-	k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.31.3
-	k8s.io/endpointslice => k8s.io/endpointslice v0.31.3
-	k8s.io/kms => k8s.io/kms v0.31.3
-	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.31.3
-	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.31.3
-	k8s.io/kube-proxy => k8s.io/kube-proxy v0.31.3
-	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.31.3
-	k8s.io/kubectl => k8s.io/kubectl v0.31.3
-	k8s.io/kubelet => k8s.io/kubelet v0.31.3
-	k8s.io/kubernetes => k8s.io/kubernetes v1.31.3
-	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.31.3
-	k8s.io/metrics => k8s.io/metrics v0.31.3
-	k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.31.3
-	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.31.3
-	k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.31.3
-	k8s.io/sample-controller => k8s.io/sample-controller v0.31.3
+	k8s.io/api => k8s.io/api v0.31.6
+	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.31.6
+	k8s.io/apimachinery => k8s.io/apimachinery v0.31.6
+	k8s.io/apiserver => k8s.io/apiserver v0.31.6
+	k8s.io/cli-runtime => k8s.io/cli-runtime v0.31.6
+	k8s.io/client-go => k8s.io/client-go v0.31.6
+	k8s.io/cloud-provider => k8s.io/cloud-provider v0.31.6
+	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.31.6
+	k8s.io/code-generator => k8s.io/code-generator v0.31.6
+	k8s.io/component-base => k8s.io/component-base v0.31.6
+	k8s.io/component-helpers => k8s.io/component-helpers v0.31.6
+	k8s.io/controller-manager => k8s.io/controller-manager v0.31.6
+	k8s.io/cri-api => k8s.io/cri-api v0.31.6
+	k8s.io/cri-client => k8s.io/cri-client v0.31.6
+	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.31.6
+	k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.31.6
+	k8s.io/endpointslice => k8s.io/endpointslice v0.31.6
+	k8s.io/kms => k8s.io/kms v0.31.6
+	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.31.6
+	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.31.6
+	k8s.io/kube-proxy => k8s.io/kube-proxy v0.31.6
+	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.31.6
+	k8s.io/kubectl => k8s.io/kubectl v0.31.6
+	k8s.io/kubelet => k8s.io/kubelet v0.31.6
+	k8s.io/kubernetes => k8s.io/kubernetes v1.31.6
+	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.31.6
+	k8s.io/metrics => k8s.io/metrics v0.31.6
+	k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.31.6
+	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.31.6
+	k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.31.6
+	k8s.io/sample-controller => k8s.io/sample-controller v0.31.6
 	sigs.k8s.io/structured-merge-diff/v4 => sigs.k8s.io/structured-merge-diff/v4 v4.4.1
 )

go.sum

@@ -430,42 +430,42 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.31.3 h1:umzm5o8lFbdN/hIXbrK9oRpOproJO62CV1zqxXrLgk8=
-k8s.io/api v0.31.3/go.mod h1:UJrkIp9pnMOI9K2nlL6vwpxRzzEX5sWgn8kGQe92kCE=
-k8s.io/apiextensions-apiserver v0.31.3 h1:+GFGj2qFiU7rGCsA5o+p/rul1OQIq6oYpQw4+u+nciE=
-k8s.io/apiextensions-apiserver v0.31.3/go.mod h1:2DSpFhUZZJmn/cr/RweH1cEVVbzFw9YBu4T+U3mf1e4=
-k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4=
-k8s.io/apimachinery v0.31.3/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
-k8s.io/apiserver v0.31.3 h1:+1oHTtCB+OheqFEz375D0IlzHZ5VeQKX1KGXnx+TTuY=
-k8s.io/apiserver v0.31.3/go.mod h1:PrxVbebxrxQPFhJk4powDISIROkNMKHibTg9lTRQ0Qg=
-k8s.io/client-go v0.31.3 h1:CAlZuM+PH2cm+86LOBemaJI/lQ5linJ6UFxKX/SoG+4=
-k8s.io/client-go v0.31.3/go.mod h1:2CgjPUTpv3fE5dNygAr2NcM8nhHzXvxB8KL5gYc3kJs=
-k8s.io/cloud-provider v0.31.3 h1:7C3CHQUUwnv/HWWVIaibZH06iPg663RYQ6C6Zy4FnO8=
-k8s.io/cloud-provider v0.31.3/go.mod h1:c7csKppoVb9Ej6upJ28AvHy4B3BtlRMzXfgezsDdPKw=
-k8s.io/component-base v0.31.3 h1:DMCXXVx546Rfvhj+3cOm2EUxhS+EyztH423j+8sOwhQ=
-k8s.io/component-base v0.31.3/go.mod h1:xME6BHfUOafRgT0rGVBGl7TuSg8Z9/deT7qq6w7qjIU=
-k8s.io/component-helpers v0.31.3 h1:0zGPD2PrekhFWgmz85XxlMEl7dfhlKC1tERZDe3onQc=
-k8s.io/component-helpers v0.31.3/go.mod h1:HZ1HZx2TKXM7xSUV2cR9L5yDoyZPhhHQNaE3BPBLPUQ=
-k8s.io/controller-manager v0.31.3 h1:TyUav69iNYwLGwA96JDhusoZoGRdh1sdrLjXmWTcPgs=
-k8s.io/controller-manager v0.31.3/go.mod h1:yuhec+dbXmBz+4c32kxJxmcauB+1pjO2ttfYODWuv18=
-k8s.io/csi-translation-lib v0.31.3 h1:hxcPRNdtEsk766jCXSKjgH1V8jUNx5tVqdooQ1Ars/M=
-k8s.io/csi-translation-lib v0.31.3/go.mod h1:0B1gQwd868XUIDwJYy5gB2jDXWEwlcWvSsfcQEgzbRk=
+k8s.io/api v0.31.6 h1:ocWG/UhC9Mqp5oEfYWy9wCddbZiZyBAFTlBt0LVlhDg=
+k8s.io/api v0.31.6/go.mod h1:i16xSiKMgVIVhsJMxfWq0mJbXA+Z7KhjPgYmwT41hl4=
+k8s.io/apiextensions-apiserver v0.31.6 h1:v9sqyWlrgFZpAPdEb/bEiXfM98TfSppwRF0X/uWKXh0=
+k8s.io/apiextensions-apiserver v0.31.6/go.mod h1:QVH3CFwqzGZtwsxPYzJlA/Qiwgb5FXmRMGls3CjzvbI=
+k8s.io/apimachinery v0.31.6 h1:Pn96A0wHD0X8+l7QTdAzdLQPrpav1s8rU6A+v2/9UEY=
+k8s.io/apimachinery v0.31.6/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
+k8s.io/apiserver v0.31.6 h1:FEhEGLsz1PbMOHeQZDbOUlMh36zRZbjgKwJCoMhdGmw=
+k8s.io/apiserver v0.31.6/go.mod h1:dpFh+xqFQ02O8vLYCIqoiV7sJIpZsUULeNuag6Y9HGo=
+k8s.io/client-go v0.31.6 h1:51HT40qVIZ13BrHKeWxFuU52uoPnFhxTYJnv4+LTgp4=
+k8s.io/client-go v0.31.6/go.mod h1:MEq7JQJelUQ0/4fMoPEUrc/OOFyGo/9LmGA38H6O6xY=
+k8s.io/cloud-provider v0.31.6 h1:5vVMyf/m/n8ij/GmSJLRcatchmciRr0gs4peBcxqvKk=
+k8s.io/cloud-provider v0.31.6/go.mod h1:iT6kIEMEXrTIvRBAaRU5qefRzgPaSV6kwTc6mjhhnEw=
+k8s.io/component-base v0.31.6 h1:FgI25PuZtCp2n7AFpOaDpMQOLieFdrpAbpeoZu7VhDI=
+k8s.io/component-base v0.31.6/go.mod h1:aVRrh8lAI1kSShFmwcKLhc3msQoUcmFWPBDf0sXaISM=
+k8s.io/component-helpers v0.31.6 h1:Af8BcE6pElKlLaerwW9s04jTQVFa66wmI1pkaNfDWzE=
+k8s.io/component-helpers v0.31.6/go.mod h1:6CRV6M+7R13eqtz4FBm2ty9eH+QajDcP3y0Bklzh2FA=
+k8s.io/controller-manager v0.31.6 h1:HQRUV6nogHo2N7vr3cgVNjZ+wvHIMvxEMjTeCrHitE4=
+k8s.io/controller-manager v0.31.6/go.mod h1:0HDNTZVapQFa9G96jNxrU99ht7fQJVEKBXDzqKDMez0=
+k8s.io/csi-translation-lib v0.31.6 h1:mBkF3AG8pRcwZv8SY7qT1JWznRsmYjZfT5Lxel9nN4Q=
+k8s.io/csi-translation-lib v0.31.6/go.mod h1:I2F51irYJyt78so7wdral65B7PB7jR3keZ2MpB78mWw=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kms v0.31.3 h1:XCFmiJn5CCKs8xoOLpCmu42Ubm/KW85wNHybGFcSAYc=
-k8s.io/kms v0.31.3/go.mod h1:OZKwl1fan3n3N5FFxnW5C4V3ygrah/3YXeJWS3O6+94=
+k8s.io/kms v0.31.6 h1:p7OY+9Hp8nPtgzm0vT9TrERNigQQSu8tkgWqn+GvB2w=
+k8s.io/kms v0.31.6/go.mod h1:OZKwl1fan3n3N5FFxnW5C4V3ygrah/3YXeJWS3O6+94=
 k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y=
 k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4=
-k8s.io/kubectl v0.31.3 h1:3r111pCjPsvnR98oLLxDMwAeM6OPGmPty6gSKaLTQes=
-k8s.io/kubectl v0.31.3/go.mod h1:lhMECDCbJN8He12qcKqs2QfmVo9Pue30geovBVpH5fs=
-k8s.io/kubelet v0.31.3 h1:DIXRAmvVGp42mV2vpA1GCLU6oO8who0/vp3Oq6kSpbI=
-k8s.io/kubelet v0.31.3/go.mod h1:KSdbEfNy5VzqUlAHlytA/fH12s+sE1u8fb/8JY9sL/8=
-k8s.io/kubernetes v1.31.3 h1:oqb7HdfnTelrGlZ6ziNugvQ/L/aJWR704114EAhUn9Q=
-k8s.io/kubernetes v1.31.3/go.mod h1:9xmT2buyTYj8TRKwRae7FcuY8k5+xlxv7VivvO0KKfs=
+k8s.io/kubectl v0.31.6 h1:ngzql/UugqpEbeeyQX678BlVHXks19JR3CFjwKnWuFI=
+k8s.io/kubectl v0.31.6/go.mod h1:m6OXbx9s0sZiaZrfHHSEmJUD5CjWPA5+cVg0GZnVdzM=
+k8s.io/kubelet v0.31.6 h1:lxVvyLNDcb/QTpQNkDySk3iscgq4zubeSZs3cF6PmaA=
+k8s.io/kubelet v0.31.6/go.mod h1:BPghO52ilF7UzFEVBmYFOxdVtLge0P1gixjz84lBzzc=
+k8s.io/kubernetes v1.31.6 h1:zVhgWDFHmIj51o5sNARmjdgNvpq4K2Smya8pS5vxqlc=
+k8s.io/kubernetes v1.31.6/go.mod h1:9xmT2buyTYj8TRKwRae7FcuY8k5+xlxv7VivvO0KKfs=
 k8s.io/mount-utils v0.32.0 h1:KOQAhPzJICATXnc6XCkWoexKbkOexRnMCUW8APFfwg4=
 k8s.io/mount-utils v0.32.0/go.mod h1:Kun5c2svjAPx0nnvJKYQWhfeNW+O0EpzHgRhDcYoSY0=
-k8s.io/pod-security-admission v0.31.3 h1:8NzEV0HtdStX367AuSKfRMIZHn0hT4xuz8xNEf7/zO8=
-k8s.io/pod-security-admission v0.31.3/go.mod h1:YMIcTe/7f9R9d+3ErCMMM3Wtbj9ejKo7Z9S0OxZQrRg=
+k8s.io/pod-security-admission v0.31.6 h1:5WnXyl+UNmQb73O0L1w82uaUEPuvp+sxdhXRiOLdCkY=
+k8s.io/pod-security-admission v0.31.6/go.mod h1:b+ZpSSR+XMx3t9Pvy/GdcXoI0CEpiWGT7IGAhcOBcGM=
 k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0=
 k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 h1:2770sDpzrjjsAtVhSeUFseziht227YAWYHLGNM8QPwY=