Skip to content

Commit 36ee374

Browse files
thisislawattsthisislawatts
authored
Merge pull request #5680 from snyk/release-candidate
fix: upgrade dependencies to address vulnerabilities
2 parents 5f6259c + 8792d77 commit 36ee374

File tree

3 files changed

+117
-87
lines changed

3 files changed

+117
-87
lines changed

cliv2/go.mod

Lines changed: 33 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -5,25 +5,25 @@ go 1.23
55
toolchain go1.23.2
66

77
require (
8-
github.com/elazarl/goproxy v0.0.0-20231031074852-3ec07828be7a
8+
github.com/elazarl/goproxy v1.5.0
99
github.com/elazarl/goproxy/ext v0.0.0-20230808193330-2592e75ae04a
1010
github.com/gofrs/flock v0.12.1
1111
github.com/golang/mock v1.6.0
1212
github.com/google/uuid v1.6.0
1313
github.com/pkg/errors v0.9.1
1414
github.com/rs/zerolog v1.33.0
1515
github.com/snyk/cli-extension-dep-graph v0.0.0-20241014075215-311d3c8a423f
16-
github.com/snyk/cli-extension-iac-rules v0.0.0-20241008152401-24c8cf03a1a3
16+
github.com/snyk/cli-extension-iac-rules v0.0.0-20250121103856-ea5f31e53509
1717
github.com/snyk/cli-extension-sbom v0.0.0-20241016065306-0df2be5b3b8f
1818
github.com/snyk/container-cli v0.0.0-20240821111304-7ca1c415a5d7
1919
github.com/snyk/error-catalog-golang-public v0.0.0-20241030160523-0aa643bb7069
20-
github.com/snyk/go-application-framework v0.0.0-20241218075424-470703ebd741
20+
github.com/snyk/go-application-framework v0.0.0-20250107154543-11ab9f003b38
2121
github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65
2222
github.com/snyk/snyk-iac-capture v0.6.5
2323
github.com/snyk/snyk-ls v0.0.0-20250108143301-d26343cf2dc5
2424
github.com/spf13/cobra v1.8.1
2525
github.com/spf13/pflag v1.0.5
26-
github.com/stretchr/testify v1.9.0
26+
github.com/stretchr/testify v1.10.0
2727
)
2828

2929
require (
@@ -38,11 +38,11 @@ require (
3838
dario.cat/mergo v1.0.1 // indirect
3939
github.com/Microsoft/go-winio v0.6.2 // indirect
4040
github.com/OneOfOne/xxhash v1.2.8 // indirect
41-
github.com/ProtonMail/go-crypto v1.1.3 // indirect
41+
github.com/ProtonMail/go-crypto v1.1.4 // indirect
4242
github.com/adrg/strutil v0.3.1 // indirect
4343
github.com/adrg/xdg v0.5.0 // indirect
4444
github.com/agext/levenshtein v1.2.3 // indirect
45-
github.com/agnivade/levenshtein v1.1.1 // indirect
45+
github.com/agnivade/levenshtein v1.2.0 // indirect
4646
github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa // indirect
4747
github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
4848
github.com/apparentlymart/go-cidr v1.1.0 // indirect
@@ -51,9 +51,11 @@ require (
5151
github.com/atotto/clipboard v0.1.4 // indirect
5252
github.com/aws/aws-sdk-go v1.55.5 // indirect
5353
github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
54+
github.com/beorn7/perks v1.0.1 // indirect
5455
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
5556
github.com/bmatcuk/doublestar v1.3.4 // indirect
5657
github.com/bmatcuk/doublestar/v4 v4.6.0 // indirect
58+
github.com/cespare/xxhash/v2 v2.3.0 // indirect
5759
github.com/charmbracelet/bubbles v0.14.0 // indirect
5860
github.com/charmbracelet/bubbletea v0.23.1 // indirect
5961
github.com/charmbracelet/lipgloss v0.10.0 // indirect
@@ -62,7 +64,7 @@ require (
6264
github.com/containerd/console v1.0.3 // indirect
6365
github.com/creachadair/jrpc2 v1.2.1 // indirect
6466
github.com/creachadair/mds v0.16.0 // indirect
65-
github.com/cyphar/filepath-securejoin v0.3.4 // indirect
67+
github.com/cyphar/filepath-securejoin v0.3.6 // indirect
6668
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
6769
github.com/deepmap/oapi-codegen v1.16.3 // indirect
6870
github.com/denisbrodbeck/machineid v1.0.1 // indirect
@@ -77,23 +79,24 @@ require (
7779
github.com/gertd/go-pluralize v0.2.1 // indirect
7880
github.com/getkin/kin-openapi v0.128.0 // indirect
7981
github.com/getsentry/sentry-go v0.28.1 // indirect
80-
github.com/ghodss/yaml v1.0.0 // indirect
8182
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
82-
github.com/go-git/go-billy/v5 v5.6.0 // indirect
83-
github.com/go-git/go-git/v5 v5.12.0 // indirect
83+
github.com/go-git/go-billy/v5 v5.6.1 // indirect
84+
github.com/go-git/go-git/v5 v5.13.1 // indirect
85+
github.com/go-ini/ini v1.67.0 // indirect
8486
github.com/go-logr/logr v1.4.2 // indirect
8587
github.com/go-logr/stdr v1.2.2 // indirect
8688
github.com/go-ole/go-ole v1.3.0 // indirect
8789
github.com/go-openapi/jsonpointer v0.21.0 // indirect
8890
github.com/go-openapi/swag v0.23.0 // indirect
8991
github.com/gobwas/glob v0.2.3 // indirect
90-
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
92+
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
9193
github.com/gomarkdown/markdown v0.0.0-20241205020045-f7e15b2f3e62 // indirect
9294
github.com/google/go-cmp v0.6.0 // indirect
9395
github.com/google/go-querystring v1.1.0 // indirect
9496
github.com/google/s2a-go v0.1.8 // indirect
9597
github.com/googleapis/enterprise-certificate-proxy v0.3.3 // indirect
9698
github.com/googleapis/gax-go/v2 v2.13.0 // indirect
99+
github.com/gorilla/mux v1.8.1 // indirect
97100
github.com/hashicorp/errwrap v1.1.0 // indirect
98101
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
99102
github.com/hashicorp/go-getter v1.7.5 // indirect
@@ -133,14 +136,16 @@ require (
133136
github.com/mitchellh/go-testing-interface v1.14.1 // indirect
134137
github.com/mitchellh/go-wordwrap v1.0.1 // indirect
135138
github.com/mitchellh/mapstructure v1.5.0 // indirect
139+
github.com/mmcloughlin/avo v0.6.0 // indirect
136140
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
137141
github.com/muesli/ansi v0.0.0-20221106050444-61f0cd9a192a // indirect
138142
github.com/muesli/cancelreader v0.2.2 // indirect
139143
github.com/muesli/reflow v0.3.0 // indirect
140144
github.com/muesli/termenv v0.15.2 // indirect
145+
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
141146
github.com/oapi-codegen/runtime v1.1.1 // indirect
142147
github.com/olekukonko/tablewriter v0.0.5 // indirect
143-
github.com/open-policy-agent/opa v0.51.0 // indirect
148+
github.com/open-policy-agent/opa v0.69.0 // indirect
144149
github.com/opencontainers/go-digest v1.0.0 // indirect
145150
github.com/opencontainers/image-spec v1.1.0 // indirect
146151
github.com/otiai10/copy v1.14.0 // indirect
@@ -149,9 +154,13 @@ require (
149154
github.com/perimeterx/marshmallow v1.1.5 // indirect
150155
github.com/peterh/liner v1.2.2 // indirect
151156
github.com/pingcap/errors v0.11.4 // indirect
152-
github.com/pjbgf/sha1cd v0.3.0 // indirect
157+
github.com/pjbgf/sha1cd v0.3.1 // indirect
153158
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
154159
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
160+
github.com/prometheus/client_golang v1.20.4 // indirect
161+
github.com/prometheus/client_model v0.6.1 // indirect
162+
github.com/prometheus/common v0.55.0 // indirect
163+
github.com/prometheus/procfs v0.15.1 // indirect
155164
github.com/protocolbuffers/txtpbfmt v0.0.0-20240823084532-8e6b51fa9bef // indirect
156165
github.com/puzpuzpuz/xsync v1.5.2 // indirect
157166
github.com/puzpuzpuz/xsync/v3 v3.4.0 // indirect
@@ -163,9 +172,10 @@ require (
163172
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
164173
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
165174
github.com/shirou/gopsutil v3.21.11+incompatible // indirect
175+
github.com/sirupsen/logrus v1.9.3 // indirect
166176
github.com/skeema/knownhosts v1.3.0 // indirect
167177
github.com/snyk/code-client-go v1.11.2 // indirect
168-
github.com/snyk/policy-engine v0.31.3 // indirect
178+
github.com/snyk/policy-engine v0.33.0 // indirect
169179
github.com/sourcegraph/conc v0.3.0 // indirect
170180
github.com/sourcegraph/go-lsp v0.0.0-20240223163137-f80c5dd31dfd // indirect
171181
github.com/spf13/afero v1.11.0 // indirect
@@ -183,7 +193,7 @@ require (
183193
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
184194
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
185195
github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c // indirect
186-
github.com/yashtewari/glob-intersection v0.1.0 // indirect
196+
github.com/yashtewari/glob-intersection v0.2.0 // indirect
187197
github.com/yusufpapurcu/wmi v1.2.4 // indirect
188198
github.com/zclconf/go-cty v1.12.1 // indirect
189199
github.com/zclconf/go-cty-yaml v1.0.2 // indirect
@@ -193,29 +203,31 @@ require (
193203
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
194204
go.opentelemetry.io/otel v1.29.0 // indirect
195205
go.opentelemetry.io/otel/metric v1.29.0 // indirect
206+
go.opentelemetry.io/otel/sdk v1.28.0 // indirect
196207
go.opentelemetry.io/otel/trace v1.29.0 // indirect
197208
go.uber.org/multierr v1.11.0 // indirect
198-
golang.org/x/crypto v0.31.0 // indirect
209+
golang.org/x/crypto v0.32.0 // indirect
199210
golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa // indirect
200211
golang.org/x/mod v0.22.0 // indirect
201-
golang.org/x/net v0.33.0 // indirect
212+
golang.org/x/net v0.34.0 // indirect
202213
golang.org/x/oauth2 v0.23.0 // indirect
203214
golang.org/x/sync v0.10.0 // indirect
204-
golang.org/x/sys v0.28.0 // indirect
205-
golang.org/x/term v0.27.0 // indirect
215+
golang.org/x/sys v0.29.0 // indirect
216+
golang.org/x/term v0.28.0 // indirect
206217
golang.org/x/text v0.21.0 // indirect
207218
golang.org/x/time v0.6.0 // indirect
208-
golang.org/x/tools v0.27.0 // indirect
219+
golang.org/x/tools v0.29.0 // indirect
209220
google.golang.org/api v0.195.0 // indirect
210221
google.golang.org/genproto v0.0.0-20240827150818-7e3bb234dfed // indirect
211222
google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed // indirect
212223
google.golang.org/genproto/googleapis/rpc v0.0.0-20240827150818-7e3bb234dfed // indirect
213-
google.golang.org/grpc v1.66.0 // indirect
224+
google.golang.org/grpc v1.67.0 // indirect
214225
google.golang.org/protobuf v1.34.2 // indirect
215226
gopkg.in/ini.v1 v1.67.0 // indirect
216227
gopkg.in/warnings.v0 v0.1.2 // indirect
217228
gopkg.in/yaml.v2 v2.4.0 // indirect
218229
gopkg.in/yaml.v3 v3.0.1 // indirect
230+
sigs.k8s.io/yaml v1.4.0 // indirect
219231
)
220232

221233
// version 2491eb6c1c75 contains a valid license

0 commit comments

Comments
 (0)