Skip to content

Commit 99472b6

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #1343 from a7i/CVE-2023-48795
chore: update dependencies for security vulnerabilities (CVE-2023-48795)
2 parents 70f3619 + 492da1b commit 99472b6

File tree

181 files changed

+11785
-7689
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

181 files changed

+11785
-7689
lines changed

go.mod

+33-38
Original file line numberDiff line numberDiff line change
@@ -7,21 +7,21 @@ require (
77
github.com/google/go-cmp v0.6.0
88
github.com/spf13/cobra v1.8.0
99
github.com/spf13/pflag v1.0.5
10-
go.opentelemetry.io/otel v1.21.0
11-
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0
12-
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0
13-
go.opentelemetry.io/otel/sdk v1.21.0
14-
go.opentelemetry.io/otel/trace v1.21.0
15-
google.golang.org/grpc v1.60.1
16-
k8s.io/api v0.29.0
17-
k8s.io/apimachinery v0.29.0
18-
k8s.io/apiserver v0.29.0
19-
k8s.io/client-go v0.29.0
20-
k8s.io/code-generator v0.29.0
21-
k8s.io/component-base v0.29.0
22-
k8s.io/component-helpers v0.29.0
10+
go.opentelemetry.io/otel v1.22.0
11+
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0
12+
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0
13+
go.opentelemetry.io/otel/sdk v1.22.0
14+
go.opentelemetry.io/otel/trace v1.22.0
15+
google.golang.org/grpc v1.61.0
16+
k8s.io/api v0.29.1
17+
k8s.io/apimachinery v0.29.1
18+
k8s.io/apiserver v0.29.1
19+
k8s.io/client-go v0.29.1
20+
k8s.io/code-generator v0.29.1
21+
k8s.io/component-base v0.29.1
22+
k8s.io/component-helpers v0.29.1
2323
k8s.io/klog/v2 v2.110.1
24-
k8s.io/utils v0.0.0-20231127182322-b307cd553661
24+
k8s.io/utils v0.0.0-20240102154912-e7106e64919e
2525
sigs.k8s.io/mdtoc v1.1.0
2626
)
2727

@@ -39,10 +39,10 @@ require (
3939
github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect
4040
github.com/davecgh/go-spew v1.1.1 // indirect
4141
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
42-
github.com/evanphx/json-patch v5.6.0+incompatible // indirect
42+
github.com/evanphx/json-patch v4.12.0+incompatible // indirect
4343
github.com/felixge/httpsnoop v1.0.3 // indirect
4444
github.com/fsnotify/fsnotify v1.7.0 // indirect
45-
github.com/go-logr/logr v1.3.0 // indirect
45+
github.com/go-logr/logr v1.4.1 // indirect
4646
github.com/go-logr/stdr v1.2.2 // indirect
4747
github.com/go-logr/zapr v1.2.3 // indirect
4848
github.com/go-openapi/jsonpointer v0.19.6 // indirect
@@ -55,7 +55,7 @@ require (
5555
github.com/google/cel-go v0.17.7 // indirect
5656
github.com/google/gnostic-models v0.6.8 // indirect
5757
github.com/google/gofuzz v1.2.0 // indirect
58-
github.com/google/uuid v1.3.1 // indirect
58+
github.com/google/uuid v1.4.0 // indirect
5959
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
6060
github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
6161
github.com/imdario/mergo v0.3.6 // indirect
@@ -78,48 +78,43 @@ require (
7878
go.etcd.io/etcd/api/v3 v3.5.10 // indirect
7979
go.etcd.io/etcd/client/pkg/v3 v3.5.10 // indirect
8080
go.etcd.io/etcd/client/v3 v3.5.10 // indirect
81-
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.45.0 // indirect
82-
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect
83-
go.opentelemetry.io/otel/metric v1.21.0 // indirect
81+
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 // indirect
82+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0 // indirect
83+
go.opentelemetry.io/otel/metric v1.22.0 // indirect
8484
go.opentelemetry.io/proto/otlp v1.0.0 // indirect
8585
go.uber.org/atomic v1.10.0 // indirect
8686
go.uber.org/multierr v1.11.0 // indirect
8787
go.uber.org/zap v1.19.0 // indirect
88-
golang.org/x/crypto v0.16.0 // indirect
88+
golang.org/x/crypto v0.18.0 // indirect
8989
golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect
9090
golang.org/x/mod v0.14.0 // indirect
91-
golang.org/x/net v0.19.0 // indirect
92-
golang.org/x/oauth2 v0.13.0 // indirect
91+
golang.org/x/net v0.20.0 // indirect
92+
golang.org/x/oauth2 v0.14.0 // indirect
9393
golang.org/x/sync v0.5.0 // indirect
94-
golang.org/x/sys v0.15.0 // indirect
95-
golang.org/x/term v0.15.0 // indirect
94+
golang.org/x/sys v0.16.0 // indirect
95+
golang.org/x/term v0.16.0 // indirect
9696
golang.org/x/text v0.14.0 // indirect
9797
golang.org/x/time v0.3.0 // indirect
9898
golang.org/x/tools v0.16.1 // indirect
9999
google.golang.org/appengine v1.6.8 // indirect
100-
google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 // indirect
101-
google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97 // indirect
102-
google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97 // indirect
103-
google.golang.org/protobuf v1.31.0 // indirect
100+
google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 // indirect
101+
google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 // indirect
102+
google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 // indirect
103+
google.golang.org/protobuf v1.32.0 // indirect
104104
gopkg.in/inf.v0 v0.9.1 // indirect
105105
gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
106106
gopkg.in/yaml.v2 v2.4.0 // indirect
107107
gopkg.in/yaml.v3 v3.0.1 // indirect
108108
k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect
109-
k8s.io/kms v0.29.0 // indirect
110-
k8s.io/kube-openapi v0.0.0-20231113174909-778a5567bc1e // indirect
109+
k8s.io/kms v0.29.1 // indirect
110+
k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
111111
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0 // indirect
112112
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
113113
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
114114
sigs.k8s.io/yaml v1.3.0 // indirect
115115
)
116116

117117
replace (
118-
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.45.0 => go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1
119-
120-
// CVE-2023-48795: https://github.com/kubernetes-sigs/descheduler/security/code-scanning/17
121-
// TODO: remove this replace once the upstream dependency is updated to v0.29.1
122-
k8s.io/api => k8s.io/api v0.0.0-20231220172311-84c476802242
123-
k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20231220171733-60eaa653342b
124-
k8s.io/client-go => k8s.io/client-go v0.0.0-20231220173006-5a0a4247921d
118+
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc => go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0
119+
golang.org/x/crypto v0.16.0 => golang.org/x/crypto v0.17.0
125120
)

0 commit comments

Comments
 (0)