Merge pull request #511 from andyzhangx/CVE-2025-5187

fix: CVE-2025-5187

Author: andyzhangx

go.mod

@@ -5,171 +5,162 @@ go 1.23.0
 toolchain go1.23.1
 
 require (
-	github.com/golang/glog v1.1.2
+	github.com/golang/glog v1.2.1
 	github.com/google/go-cmp v0.6.0
 	github.com/kubernetes-csi/csi-proxy/client v1.0.2
-	github.com/onsi/ginkgo/v2 v2.13.0
-	github.com/onsi/gomega v1.29.0
-	github.com/prometheus/client_golang v1.16.0
+	github.com/onsi/ginkgo/v2 v2.19.0
+	github.com/onsi/gomega v1.33.1
+	github.com/prometheus/client_golang v1.19.1
 	github.com/spf13/pflag v1.0.5
-	golang.org/x/sys v0.32.0
+	golang.org/x/sys v0.35.0
 	gopkg.in/yaml.v2 v2.4.0
-	k8s.io/api v0.29.14
-	k8s.io/apimachinery v0.29.14
-	k8s.io/apiserver v0.29.14
-	k8s.io/client-go v0.29.14
-	k8s.io/component-base v0.29.14
-	k8s.io/klog/v2 v2.110.1
-	k8s.io/kubernetes v1.29.14
+	k8s.io/api v0.31.12
+	k8s.io/apimachinery v0.31.12
+	k8s.io/apiserver v0.31.12
+	k8s.io/client-go v0.31.12
+	k8s.io/component-base v0.31.12
+	k8s.io/klog/v2 v2.130.1
+	k8s.io/kubernetes v1.31.12
 	k8s.io/pod-security-admission v0.0.0
-	k8s.io/utils v0.0.0-20230726121419-3b25d923346b
+	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
 	sigs.k8s.io/sig-storage-lib-external-provisioner/v6 v6.3.0
-	sigs.k8s.io/yaml v1.3.0
+	sigs.k8s.io/yaml v1.4.0
 )
 
 require (
-	cloud.google.com/go/compute v1.23.3 // indirect
-	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	github.com/GoogleCloudPlatform/k8s-cloud-provider v1.18.1-0.20220218231025-f11817397a1b // indirect
 	github.com/Microsoft/go-winio v0.6.0 // indirect
 	github.com/NYTimes/gziphandler v1.1.1 // indirect
-	github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect
+	github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
-	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/coreos/go-semver v0.3.1 // indirect
-	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/coreos/go-systemd/v22 v22.6.0 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/distribution/reference v0.5.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
-	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
-	github.com/felixge/httpsnoop v1.0.3 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
-	github.com/go-logr/logr v1.3.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
-	github.com/go-openapi/swag v0.22.3 // indirect
-	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
+	github.com/go-openapi/swag v0.22.4 // indirect
+	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/google/cel-go v0.17.7 // indirect
+	github.com/google/cel-go v0.20.1 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
-	github.com/google/s2a-go v0.1.7 // indirect
-	github.com/google/uuid v1.4.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
-	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
+	github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/websocket v1.5.0 // indirect
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
 	github.com/imdario/mergo v0.3.6 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/miekg/dns v1.1.29 // indirect
-	github.com/moby/spdystream v0.2.0 // indirect
-	github.com/moby/sys/mountinfo v0.6.2 // indirect
+	github.com/moby/spdystream v0.4.0 // indirect
+	github.com/moby/sys/mountinfo v0.7.2 // indirect
+	github.com/moby/sys/userns v0.1.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/selinux v1.11.0 // indirect
+	github.com/opencontainers/runc v1.3.1 // indirect
+	github.com/opencontainers/selinux v1.12.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/prometheus/client_model v0.4.0 // indirect
-	github.com/prometheus/common v0.44.0 // indirect
-	github.com/prometheus/procfs v0.10.1 // indirect
-	github.com/spf13/cobra v1.7.0 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.55.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
+	github.com/spf13/cobra v1.8.1 // indirect
 	github.com/stoewer/go-strcase v1.2.0 // indirect
-	go.etcd.io/etcd/api/v3 v3.5.10 // indirect
-	go.etcd.io/etcd/client/pkg/v3 v3.5.10 // indirect
-	go.etcd.io/etcd/client/v3 v3.5.10 // indirect
-	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0 // indirect
-	go.opentelemetry.io/otel v1.19.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0 // indirect
-	go.opentelemetry.io/otel/metric v1.19.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.19.0 // indirect
-	go.opentelemetry.io/otel/trace v1.19.0 // indirect
-	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
-	go.uber.org/atomic v1.10.0 // indirect
+	github.com/stretchr/testify v1.10.0 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
+	go.etcd.io/etcd/api/v3 v3.5.14 // indirect
+	go.etcd.io/etcd/client/pkg/v3 v3.5.14 // indirect
+	go.etcd.io/etcd/client/v3 v3.5.14 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect
+	go.opentelemetry.io/otel v1.28.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect
+	go.opentelemetry.io/otel/metric v1.28.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.28.0 // indirect
+	go.opentelemetry.io/otel/trace v1.28.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.19.0 // indirect
-	golang.org/x/crypto v0.37.0 // indirect
-	golang.org/x/exp v0.0.0-20220827204233-334a2380cb91 // indirect
-	golang.org/x/mod v0.17.0 // indirect
-	golang.org/x/net v0.39.0 // indirect
-	golang.org/x/oauth2 v0.13.0 // indirect
-	golang.org/x/sync v0.13.0 // indirect
-	golang.org/x/term v0.31.0 // indirect
-	golang.org/x/text v0.24.0 // indirect
+	go.uber.org/zap v1.26.0 // indirect
+	golang.org/x/crypto v0.41.0 // indirect
+	golang.org/x/exp v0.0.0-20230515195305-f3d0a9c9a5cc // indirect
+	golang.org/x/mod v0.26.0 // indirect
+	golang.org/x/net v0.43.0 // indirect
+	golang.org/x/oauth2 v0.30.0 // indirect
+	golang.org/x/sync v0.16.0 // indirect
+	golang.org/x/term v0.34.0 // indirect
+	golang.org/x/text v0.28.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
-	google.golang.org/api v0.149.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
+	golang.org/x/tools v0.35.0 // indirect
 	google.golang.org/genproto v0.0.0-20231120223509-83a465c0220f // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 // indirect
-	google.golang.org/grpc v1.59.0 // indirect
-	google.golang.org/protobuf v1.33.0 // indirect
-	gopkg.in/gcfg.v1 v1.2.3 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect
+	google.golang.org/grpc v1.65.0 // indirect
+	google.golang.org/protobuf v1.36.8 // indirect
+	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
-	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/apiextensions-apiserver v0.0.0 // indirect
-	k8s.io/cloud-provider v0.29.14 // indirect
-	k8s.io/component-helpers v0.29.14 // indirect
-	k8s.io/controller-manager v0.29.14 // indirect
-	k8s.io/kms v0.29.14 // indirect
-	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
+	k8s.io/cloud-provider v0.31.12 // indirect
+	k8s.io/component-helpers v0.31.12 // indirect
+	k8s.io/controller-manager v0.31.12 // indirect
+	k8s.io/kms v0.31.12 // indirect
+	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
 	k8s.io/kubectl v0.0.0 // indirect
 	k8s.io/kubelet v0.0.0 // indirect
-	k8s.io/legacy-cloud-providers v0.0.0 // indirect
-	k8s.io/mount-utils v0.29.14 // indirect
-	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0 // indirect
+	k8s.io/mount-utils v0.31.12 // indirect
+	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 )
 
 replace (
 	github.com/emicklei/go-restful => github.com/emicklei/go-restful/v3 v3.8.0
-	k8s.io/api => k8s.io/api v0.29.14
-	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.29.14
-	k8s.io/apimachinery => k8s.io/apimachinery v0.29.14
-	k8s.io/apiserver => k8s.io/apiserver v0.29.14
-	k8s.io/cli-runtime => k8s.io/cli-runtime v0.29.14
-	k8s.io/client-go => k8s.io/client-go v0.29.14
-	k8s.io/cloud-provider => k8s.io/cloud-provider v0.29.14
-	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.29.14
-	k8s.io/code-generator => k8s.io/code-generator v0.29.14
-	k8s.io/component-base => k8s.io/component-base v0.29.14
-	k8s.io/component-helpers => k8s.io/component-helpers v0.29.14
-	k8s.io/controller-manager => k8s.io/controller-manager v0.29.14
-	k8s.io/cri-api => k8s.io/cri-api v0.29.14
-	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.29.14
-	k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.29.14
-	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.29.14
-	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.29.14
-	k8s.io/kube-proxy => k8s.io/kube-proxy v0.29.14
-	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.29.14
-	k8s.io/kubectl => k8s.io/kubectl v0.29.14
-	k8s.io/kubelet => k8s.io/kubelet v0.29.14
+	k8s.io/api => k8s.io/api v0.31.12
+	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.31.12
+	k8s.io/apimachinery => k8s.io/apimachinery v0.31.12
+	k8s.io/apiserver => k8s.io/apiserver v0.31.12
+	k8s.io/cli-runtime => k8s.io/cli-runtime v0.31.12
+	k8s.io/client-go => k8s.io/client-go v0.31.12
+	k8s.io/cloud-provider => k8s.io/cloud-provider v0.31.12
+	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.31.12
+	k8s.io/code-generator => k8s.io/code-generator v0.31.12
+	k8s.io/component-base => k8s.io/component-base v0.31.12
+	k8s.io/component-helpers => k8s.io/component-helpers v0.31.12
+	k8s.io/controller-manager => k8s.io/controller-manager v0.31.12
+	k8s.io/cri-api => k8s.io/cri-api v0.31.12
+	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.31.12
+	k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.31.12
+	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.31.12
+	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.31.12
+	k8s.io/kube-proxy => k8s.io/kube-proxy v0.31.12
+	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.31.12
+	k8s.io/kubectl => k8s.io/kubectl v0.31.12
+	k8s.io/kubelet => k8s.io/kubelet v0.31.12
 	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.29.14
-	k8s.io/metrics => k8s.io/metrics v0.29.14
-	k8s.io/mount-utils => k8s.io/mount-utils v0.29.14
-	k8s.io/node-api => k8s.io/node-api v0.29.14
-	k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.29.14
-	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.29.14
-	k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.29.14
-	k8s.io/sample-controller => k8s.io/sample-controller v0.29.14
+	k8s.io/metrics => k8s.io/metrics v0.31.12
+	k8s.io/mount-utils => k8s.io/mount-utils v0.31.12
+	k8s.io/node-api => k8s.io/node-api v0.31.12
+	k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.31.12
+	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.31.12
+	k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.31.12
+	k8s.io/sample-controller => k8s.io/sample-controller v0.31.12
 )