Skip to content

Commit c910b91

Browse files
ATGardnerATGardner
authored
Fix-vulns (#635)
* update github.com/argoproj/argo-cd/v2 v2.13.1 to v2.13.4 * update github.com/go-git/go-billy/v5 v5.5.0 to v5.6.2 * update github.com/go-git/go-git/v5 v5.12.0 to v5.13.2 * replace github.com/xanzy/go-gitlab v0.91.1 with gitlab.com/gitlab-org/api/client-go v0.121.0 * update sigs.k8s.io/kustomize/api v0.17.2 to v0.19.0 * update sigs.k8s.io/kustomize/kyaml v0.17.1 to v0.19.0 --------- Signed-off-by: Noam Gal <[email protected]>
1 parent f8162bd commit c910b91

File tree

8 files changed

+139
-107
lines changed

8 files changed

+139
-107
lines changed

.gitignore

+1
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
*.dll
55
*.so
66
*.dylib
7+
bin/*
78
coverage.txt
89

910
# Test binary, built with `go test -c`

.golangci.yaml

+1-5
Original file line numberDiff line numberDiff line change
@@ -3,15 +3,11 @@
33

44
# options for analysis running
55
run:
6-
# https://github.com/golangci/golangci-lint/issues/2649
7-
# enable go 1.17 linting, will not allow generics
8-
go: "1.17"
9-
106
# default concurrency is a available CPU number
117
concurrency: 4
128

139
# timeout for analysis, e.g. 30s, 5m, default is 1m
14-
timeout: 1m
10+
timeout: 5m
1511

1612
# exit code when at least one issue was found, default is 1
1713
issues-exit-code: 1

Makefile

+47-14
Original file line numberDiff line numberDiff line change
@@ -107,19 +107,21 @@ $(OUT_DIR)/$(CLI_NAME).image: $(CLI_SRCS)
107107
@touch $(OUT_DIR)/$(CLI_NAME).image
108108

109109
.PHONY: lint
110-
lint: $(GOBIN)/golangci-lint tidy
111-
@golangci-lint version
112-
@echo linting go code...
113-
@golangci-lint run --fix --timeout 10m
110+
lint: tidy golangci-lint
111+
$(GOLANGCI_LINT) run
112+
113+
.PHONY: lint-fix
114+
lint-fix: tidy golangci-lint
115+
$(GOLANGCI_LINT) run --fix
114116

115117
.PHONY: test
116118
test:
117119
./hack/test.sh
118120

119121
.PHONY: codegen
120-
codegen: $(GOBIN)/mockgen
122+
codegen: mockgen
121123
rm -f docs/commands/*
122-
go generate ./...
124+
@PATH=$(LOCALBIN):$(PATH) go generate ./...
123125

124126
.PHONY: pre-commit
125127
pre-commit: lint
@@ -156,11 +158,42 @@ tidy:
156158
check-worktree:
157159
@./hack/check_worktree.sh
158160

159-
$(GOBIN)/mockgen:
160-
@go install github.com/golang/mock/[email protected]
161-
@mockgen -version
162-
163-
$(GOBIN)/golangci-lint:
164-
@mkdir dist || true
165-
@echo installing: golangci-lint
166-
@curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOBIN) v1.62.0
161+
## copied binary dependencies handling from kubebuilder generated code
162+
## Location to install dependencies to
163+
LOCALBIN ?= $(shell pwd)/bin
164+
$(LOCALBIN):
165+
mkdir -p $(LOCALBIN)
166+
167+
## Tool Binaries
168+
GOLANGCI_LINT = $(LOCALBIN)/golangci-lint
169+
MOCKGEN = ${LOCALBIN}/mockgen
170+
171+
## Tool Versions
172+
MOCKGEN_VERSION ?= v1.6.0
173+
GOLANGCI_LINT_VERSION ?= v1.63.4
174+
175+
.PHONY: golangci-lint
176+
golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary.
177+
$(GOLANGCI_LINT): $(LOCALBIN)
178+
$(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint,$(GOLANGCI_LINT_VERSION))
179+
180+
.PHONY: mockgen
181+
mockgen: $(MOCKGEN) ## Download mockgen locally if necessary.
182+
$(MOCKGEN):
183+
$(call go-install-tool,$(MOCKGEN),github.com/golang/mock/mockgen,$(MOCKGEN_VERSION))
184+
185+
# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist
186+
# $1 - target path with name of binary
187+
# $2 - package url which can be installed
188+
# $3 - specific version of package
189+
define go-install-tool
190+
@[ -f "$(1)-$(3)" ] || { \
191+
set -e; \
192+
package=$(2)@$(3) ;\
193+
echo "Downloading $${package}" ;\
194+
rm -f $(1) || true ;\
195+
GOBIN=$(LOCALBIN) go install $${package} ;\
196+
mv $(1) $(1)-$(3) ;\
197+
} ;\
198+
ln -sf $(1)-$(3) $(1)
199+
endef

go.mod

+27-27
Original file line numberDiff line numberDiff line change
@@ -4,10 +4,10 @@ go 1.23
44

55
require (
66
code.gitea.io/sdk/gitea v0.19.0
7-
github.com/argoproj/argo-cd/v2 v2.13.1
7+
github.com/argoproj/argo-cd/v2 v2.13.4
88
github.com/briandowns/spinner v1.23.1
9-
github.com/go-git/go-billy/v5 v5.5.0
10-
github.com/go-git/go-git/v5 v5.12.0
9+
github.com/go-git/go-billy/v5 v5.6.2
10+
github.com/go-git/go-git/v5 v5.13.2
1111
github.com/golang/mock v1.6.0
1212
github.com/google/go-github/v43 v43.0.0
1313
github.com/ktrysmt/go-bitbucket v0.9.81
@@ -17,14 +17,14 @@ require (
1717
github.com/spf13/pflag v1.0.5
1818
github.com/spf13/viper v1.19.0
1919
github.com/stretchr/testify v1.10.0
20-
github.com/xanzy/go-gitlab v0.114.0
20+
gitlab.com/gitlab-org/api/client-go v0.121.0
2121
k8s.io/api v0.31.0
2222
k8s.io/apimachinery v0.31.0
2323
k8s.io/cli-runtime v0.31.0
2424
k8s.io/client-go v0.31.0
2525
k8s.io/kubectl v0.31.2
26-
sigs.k8s.io/kustomize/api v0.17.2
27-
sigs.k8s.io/kustomize/kyaml v0.17.1
26+
sigs.k8s.io/kustomize/api v0.19.0
27+
sigs.k8s.io/kustomize/kyaml v0.19.0
2828
sigs.k8s.io/yaml v1.4.0
2929
)
3030

@@ -38,13 +38,13 @@ require (
3838
github.com/Masterminds/sprig/v3 v3.3.0 // indirect
3939
github.com/Microsoft/go-winio v0.6.1 // indirect
4040
github.com/PagerDuty/go-pagerduty v1.7.0 // indirect
41-
github.com/ProtonMail/go-crypto v1.0.0 // indirect
41+
github.com/ProtonMail/go-crypto v1.1.5 // indirect
4242
github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20210112200207-10ab4d695d60 // indirect
4343
github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d // indirect
4444
github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a // indirect
4545
github.com/alicebob/miniredis/v2 v2.33.0 // indirect
4646
github.com/antonmedv/expr v1.15.2 // indirect
47-
github.com/argoproj/gitops-engine v0.7.1-0.20240905010810-bd7681ae3f8b // indirect
47+
github.com/argoproj/gitops-engine v0.7.1-0.20250129155113-4c6e03c46314 // indirect
4848
github.com/argoproj/notifications-engine v0.4.1-0.20240606074338-0802cd427621 // indirect
4949
github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 // indirect
5050
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
@@ -77,7 +77,7 @@ require (
7777
github.com/cloudflare/circl v1.3.7 // indirect
7878
github.com/coreos/go-oidc/v3 v3.11.0 // indirect
7979
github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
80-
github.com/cyphar/filepath-securejoin v0.3.2 // indirect
80+
github.com/cyphar/filepath-securejoin v0.3.6 // indirect
8181
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
8282
github.com/davidmz/go-pageant v1.0.2 // indirect
8383
github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f // indirect
@@ -123,7 +123,7 @@ require (
123123
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
124124
github.com/golang/protobuf v1.5.4 // indirect
125125
github.com/google/btree v1.1.3 // indirect
126-
github.com/google/gnostic-models v0.6.8 // indirect
126+
github.com/google/gnostic-models v0.6.9 // indirect
127127
github.com/google/go-cmp v0.6.0 // indirect
128128
github.com/google/go-github/v41 v41.0.0 // indirect
129129
github.com/google/go-github/v62 v62.0.0 // indirect
@@ -188,7 +188,7 @@ require (
188188
github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
189189
github.com/pelletier/go-toml/v2 v2.2.2 // indirect
190190
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
191-
github.com/pjbgf/sha1cd v0.3.0 // indirect
191+
github.com/pjbgf/sha1cd v0.3.2 // indirect
192192
github.com/pkg/errors v0.9.1 // indirect
193193
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
194194
github.com/prometheus/client_golang v1.20.3 // indirect
@@ -204,7 +204,7 @@ require (
204204
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
205205
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
206206
github.com/shopspring/decimal v1.4.0 // indirect
207-
github.com/skeema/knownhosts v1.2.2 // indirect
207+
github.com/skeema/knownhosts v1.3.0 // indirect
208208
github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c // indirect
209209
github.com/slack-go/slack v0.12.2 // indirect
210210
github.com/soheilhy/cmux v0.1.5 // indirect
@@ -218,6 +218,7 @@ require (
218218
github.com/vmihailenco/msgpack/v5 v5.3.4 // indirect
219219
github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
220220
github.com/x448/float16 v0.8.4 // indirect
221+
github.com/xanzy/go-gitlab v0.114.0 // indirect
221222
github.com/xanzy/ssh-agent v0.3.3 // indirect
222223
github.com/xlab/treeprint v1.2.0 // indirect
223224
github.com/yuin/gopher-lua v1.1.1 // indirect
@@ -228,28 +229,27 @@ require (
228229
go.opentelemetry.io/otel v1.30.0 // indirect
229230
go.opentelemetry.io/otel/metric v1.30.0 // indirect
230231
go.opentelemetry.io/otel/trace v1.30.0 // indirect
231-
go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
232232
go.uber.org/automaxprocs v1.5.3 // indirect
233233
go.uber.org/multierr v1.11.0 // indirect
234-
golang.org/x/crypto v0.27.0 // indirect
235-
golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
236-
golang.org/x/mod v0.17.0 // indirect
237-
golang.org/x/net v0.29.0 // indirect
238-
golang.org/x/oauth2 v0.23.0 // indirect
239-
golang.org/x/sync v0.8.0 // indirect
240-
golang.org/x/sys v0.25.0 // indirect
241-
golang.org/x/term v0.24.0 // indirect
242-
golang.org/x/text v0.18.0 // indirect
243-
golang.org/x/time v0.6.0 // indirect
244-
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
234+
golang.org/x/crypto v0.32.0 // indirect
235+
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
236+
golang.org/x/mod v0.20.0 // indirect
237+
golang.org/x/net v0.34.0 // indirect
238+
golang.org/x/oauth2 v0.24.0 // indirect
239+
golang.org/x/sync v0.10.0 // indirect
240+
golang.org/x/sys v0.29.0 // indirect
241+
golang.org/x/term v0.28.0 // indirect
242+
golang.org/x/text v0.21.0 // indirect
243+
golang.org/x/time v0.8.0 // indirect
244+
golang.org/x/tools v0.24.0 // indirect
245245
gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45 // indirect
246246
gomodules.xyz/notify v0.1.1 // indirect
247247
google.golang.org/api v0.171.0 // indirect
248248
google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect
249249
google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect
250250
google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
251251
google.golang.org/grpc v1.66.2 // indirect
252-
google.golang.org/protobuf v1.34.2 // indirect
252+
google.golang.org/protobuf v1.35.1 // indirect
253253
gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
254254
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
255255
gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df // indirect
@@ -264,15 +264,15 @@ require (
264264
k8s.io/component-helpers v0.31.0 // indirect
265265
k8s.io/klog/v2 v2.130.1 // indirect
266266
k8s.io/kube-aggregator v0.31.2 // indirect
267-
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
267+
k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect
268268
k8s.io/kubernetes v1.31.0 // indirect
269269
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
270270
layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427 // indirect
271271
nhooyr.io/websocket v1.8.7 // indirect
272272
oras.land/oras-go/v2 v2.5.0 // indirect
273273
sigs.k8s.io/controller-runtime v0.19.0 // indirect
274274
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
275-
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
275+
sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect
276276
)
277277

278278
replace (

0 commit comments

Comments
 (0)