Skip to content

Commit e2ac853

Browse files
majst01majst01
authored
Upgrade security with jwx v3 (#636)
1 parent 663bddb commit e2ac853

File tree

8 files changed

+197
-163
lines changed

8 files changed

+197
-163
lines changed

.github/workflows/docker.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ jobs:
3232
uses: actions/checkout@v5
3333

3434
- name: Setup Go
35-
uses: actions/setup-go@v5
35+
uses: actions/setup-go@v6
3636
with:
3737
go-version-file: 'go.mod'
3838
cache: false
@@ -70,7 +70,7 @@ jobs:
7070
uses: actions/checkout@v5
7171

7272
- name: Setup Go
73-
uses: actions/setup-go@v5
73+
uses: actions/setup-go@v6
7474
with:
7575
go-version-file: 'go.mod'
7676

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
1-
FROM gcr.io/distroless/static-debian12:nonroot
1+
FROM gcr.io/distroless/static-debian13:nonroot
22
COPY bin/metal-api /metal-api
33
CMD ["/metal-api"]

go.mod

Lines changed: 54 additions & 48 deletions
Original file line numberDiff line numberDiff line change
@@ -3,38 +3,38 @@ module github.com/metal-stack/metal-api
33
go 1.25
44

55
require (
6-
connectrpc.com/connect v1.18.1
6+
connectrpc.com/connect v1.19.1
77
github.com/Masterminds/semver/v3 v3.4.0
8-
github.com/avast/retry-go/v4 v4.6.1
8+
github.com/avast/retry-go/v4 v4.7.0
99
github.com/aws/aws-sdk-go v1.55.8
1010
github.com/dustin/go-humanize v1.0.1
1111
github.com/emicklei/go-restful-openapi/v2 v2.11.0
1212
github.com/emicklei/go-restful/v3 v3.13.0
13-
github.com/go-openapi/spec v0.21.0
13+
github.com/go-openapi/spec v0.22.1
1414
github.com/google/go-cmp v0.7.0
1515
github.com/google/uuid v1.6.0
1616
github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.1.0
17-
github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.2
17+
github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.3
1818
github.com/juanfont/headscale v0.23.0
19-
github.com/klauspost/connect-compress/v2 v2.0.0
19+
github.com/klauspost/connect-compress/v2 v2.1.0
2020
github.com/looplab/fsm v1.0.3
2121
github.com/metal-stack/go-ipam v1.14.13
2222
github.com/metal-stack/masterdata-api v0.12.0
23-
github.com/metal-stack/metal-lib v0.23.4
24-
github.com/metal-stack/security v0.9.4
23+
github.com/metal-stack/metal-lib v0.23.5
24+
github.com/metal-stack/security v0.9.5
2525
github.com/metal-stack/v v1.0.3
2626
github.com/nsqio/go-nsq v1.1.0
27-
github.com/prometheus/client_golang v1.23.0
28-
github.com/samber/lo v1.51.0
29-
github.com/spf13/cobra v1.10.1
30-
github.com/spf13/viper v1.20.1
27+
github.com/prometheus/client_golang v1.23.2
28+
github.com/samber/lo v1.52.0
29+
github.com/spf13/cobra v1.10.2
30+
github.com/spf13/viper v1.21.0
3131
github.com/stretchr/testify v1.11.1
32-
github.com/testcontainers/testcontainers-go v0.38.0
32+
github.com/testcontainers/testcontainers-go v0.40.0
3333
go4.org/netipx v0.0.0-20231129151722-fdeea329fbba
34-
golang.org/x/crypto v0.41.0
35-
golang.org/x/sync v0.16.0
36-
google.golang.org/grpc v1.75.0
37-
google.golang.org/protobuf v1.36.8
34+
golang.org/x/crypto v0.45.0
35+
golang.org/x/sync v0.18.0
36+
google.golang.org/grpc v1.77.0
37+
google.golang.org/protobuf v1.36.10
3838
gopkg.in/rethinkdb/rethinkdb-go.v6 v6.2.2
3939
)
4040

@@ -55,15 +55,15 @@ require (
5555
github.com/containerd/errdefs/pkg v0.3.0 // indirect
5656
github.com/containerd/log v0.1.0 // indirect
5757
github.com/containerd/platforms v0.2.1 // indirect
58-
github.com/coreos/go-oidc/v3 v3.15.0 // indirect
58+
github.com/coreos/go-oidc/v3 v3.17.0 // indirect
5959
github.com/coreos/go-semver v0.3.1 // indirect
6060
github.com/coreos/go-systemd/v22 v22.6.0 // indirect
6161
github.com/cpuguy83/dockercfg v0.3.2 // indirect
6262
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
6363
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect
6464
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
6565
github.com/distribution/reference v0.6.0 // indirect
66-
github.com/docker/docker v28.3.3+incompatible // indirect
66+
github.com/docker/docker v28.5.2+incompatible // indirect
6767
github.com/docker/go-connections v0.6.0 // indirect
6868
github.com/docker/go-units v0.5.0 // indirect
6969
github.com/ebitengine/purego v0.8.4 // indirect
@@ -72,17 +72,24 @@ require (
7272
github.com/glebarez/go-sqlite v1.22.0 // indirect
7373
github.com/glebarez/sqlite v1.11.0 // indirect
7474
github.com/go-gormigrate/gormigrate/v2 v2.1.3 // indirect
75-
github.com/go-jose/go-jose/v4 v4.1.1 // indirect
75+
github.com/go-jose/go-jose/v4 v4.1.3 // indirect
7676
github.com/go-json-experiment/json v0.0.0-20250213060926-925ba3f173fa // indirect
7777
github.com/go-logr/logr v1.4.3 // indirect
7878
github.com/go-logr/stdr v1.2.2 // indirect
7979
github.com/go-ole/go-ole v1.3.0 // indirect
80-
github.com/go-openapi/errors v0.22.1 // indirect
81-
github.com/go-openapi/jsonpointer v0.21.0 // indirect
82-
github.com/go-openapi/jsonreference v0.21.0 // indirect
83-
github.com/go-openapi/runtime v0.28.0 // indirect
84-
github.com/go-openapi/strfmt v0.23.0 // indirect
85-
github.com/go-openapi/swag v0.23.1 // indirect
80+
github.com/go-openapi/errors v0.22.5 // indirect
81+
github.com/go-openapi/jsonpointer v0.22.3 // indirect
82+
github.com/go-openapi/jsonreference v0.21.3 // indirect
83+
github.com/go-openapi/runtime v0.29.2 // indirect
84+
github.com/go-openapi/strfmt v0.25.0 // indirect
85+
github.com/go-openapi/swag/conv v0.25.4 // indirect
86+
github.com/go-openapi/swag/fileutils v0.25.4 // indirect
87+
github.com/go-openapi/swag/jsonname v0.25.4 // indirect
88+
github.com/go-openapi/swag/jsonutils v0.25.4 // indirect
89+
github.com/go-openapi/swag/loading v0.25.4 // indirect
90+
github.com/go-openapi/swag/stringutils v0.25.4 // indirect
91+
github.com/go-openapi/swag/typeutils v0.25.4 // indirect
92+
github.com/go-openapi/swag/yamlutils v0.25.4 // indirect
8693
github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
8794
github.com/goccy/go-json v0.10.5 // indirect
8895
github.com/gogo/protobuf v1.3.2 // indirect
@@ -102,23 +109,20 @@ require (
102109
github.com/jinzhu/now v1.1.5 // indirect
103110
github.com/jmespath/go-jmespath v0.4.0 // indirect
104111
github.com/jmoiron/sqlx v1.4.0 // indirect
105-
github.com/josharian/intern v1.0.0 // indirect
106112
github.com/json-iterator/go v1.1.12 // indirect
107-
github.com/klauspost/compress v1.18.0 // indirect
113+
github.com/klauspost/compress v1.18.2 // indirect
108114
github.com/lestrrat-go/blackmagic v1.0.4 // indirect
109115
github.com/lestrrat-go/httpcc v1.0.1 // indirect
110-
github.com/lestrrat-go/httprc v1.0.6 // indirect
111-
github.com/lestrrat-go/iter v1.0.2 // indirect
112-
github.com/lestrrat-go/jwx/v2 v2.1.6 // indirect
113-
github.com/lestrrat-go/option v1.0.1 // indirect
116+
github.com/lestrrat-go/httprc/v3 v3.0.2 // indirect
117+
github.com/lestrrat-go/jwx/v3 v3.0.12 // indirect
118+
github.com/lestrrat-go/option/v2 v2.0.0 // indirect
114119
github.com/lib/pq v1.10.9 // indirect
115120
github.com/lopezator/migrator v0.3.1 // indirect
116121
github.com/lufia/plan9stats v0.0.0-20250821153705-5981dea3221d // indirect
117122
github.com/magiconair/properties v1.8.10 // indirect
118-
github.com/mailru/easyjson v0.9.0 // indirect
119123
github.com/mattn/go-colorable v0.1.14 // indirect
120124
github.com/mattn/go-isatty v0.0.20 // indirect
121-
github.com/mitchellh/mapstructure v1.5.0 // indirect
125+
github.com/minio/minlz v1.0.1 // indirect
122126
github.com/moby/docker-image-spec v1.3.1 // indirect
123127
github.com/moby/go-archive v0.1.0 // indirect
124128
github.com/moby/patternmatcher v0.6.0 // indirect
@@ -142,19 +146,19 @@ require (
142146
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
143147
github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
144148
github.com/prometheus/client_model v0.6.2 // indirect
145-
github.com/prometheus/common v0.65.0 // indirect
149+
github.com/prometheus/common v0.66.1 // indirect
146150
github.com/prometheus/procfs v0.17.0 // indirect
147151
github.com/puzpuzpuz/xsync/v3 v3.5.1 // indirect
148152
github.com/redis/go-redis/v9 v9.13.0 // indirect
149153
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
150154
github.com/rs/zerolog v1.34.0 // indirect
151-
github.com/sagikazarmark/locafero v0.9.0 // indirect
152-
github.com/segmentio/asm v1.2.0 // indirect
155+
github.com/sagikazarmark/locafero v0.11.0 // indirect
156+
github.com/segmentio/asm v1.2.1 // indirect
153157
github.com/shirou/gopsutil/v4 v4.25.8 // indirect
154158
github.com/sirupsen/logrus v1.9.3 // indirect
155-
github.com/sourcegraph/conc v0.3.0 // indirect
156-
github.com/spf13/afero v1.14.0 // indirect
157-
github.com/spf13/cast v1.9.2 // indirect
159+
github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 // indirect
160+
github.com/spf13/afero v1.15.0 // indirect
161+
github.com/spf13/cast v1.10.0 // indirect
158162
github.com/spf13/pflag v1.0.10 // indirect
159163
github.com/stretchr/objx v0.5.2 // indirect
160164
github.com/subosito/gotenv v1.6.0 // indirect
@@ -169,8 +173,8 @@ require (
169173
go.etcd.io/etcd/api/v3 v3.6.4 // indirect
170174
go.etcd.io/etcd/client/pkg/v3 v3.6.4 // indirect
171175
go.etcd.io/etcd/client/v3 v3.6.4 // indirect
172-
go.mongodb.org/mongo-driver v1.17.4 // indirect
173-
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
176+
go.mongodb.org/mongo-driver v1.17.6 // indirect
177+
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
174178
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 // indirect
175179
go.opentelemetry.io/otel v1.38.0 // indirect
176180
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 // indirect
@@ -179,14 +183,16 @@ require (
179183
go.opentelemetry.io/proto/otlp v1.8.0 // indirect
180184
go.uber.org/multierr v1.11.0 // indirect
181185
go.uber.org/zap v1.27.0 // indirect
186+
go.yaml.in/yaml/v2 v2.4.2 // indirect
187+
go.yaml.in/yaml/v3 v3.0.4 // indirect
182188
go4.org/mem v0.0.0-20240501181205-ae6ca9944745 // indirect
183-
golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b
184-
golang.org/x/net v0.43.0 // indirect
185-
golang.org/x/oauth2 v0.30.0 // indirect
186-
golang.org/x/sys v0.35.0 // indirect
187-
golang.org/x/text v0.28.0 // indirect
188-
google.golang.org/genproto/googleapis/api v0.0.0-20250826171959-ef028d996bc1 // indirect
189-
google.golang.org/genproto/googleapis/rpc v0.0.0-20250826171959-ef028d996bc1 // indirect
189+
golang.org/x/exp v0.0.0-20251125195548-87e1e737ad39
190+
golang.org/x/net v0.47.0 // indirect
191+
golang.org/x/oauth2 v0.33.0 // indirect
192+
golang.org/x/sys v0.38.0 // indirect
193+
golang.org/x/text v0.31.0 // indirect
194+
google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8 // indirect
195+
google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8 // indirect
190196
gopkg.in/cenkalti/backoff.v2 v2.2.1 // indirect
191197
gopkg.in/inf.v0 v0.9.1 // indirect
192198
gopkg.in/yaml.v3 v3.0.1 // indirect

0 commit comments

Comments
 (0)