-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fixed CVE-2024-45337 'golang.org/x/crypto/ssh' by updating 'github.co…
…m/hairyhenderson/gomplate/'
- Loading branch information
1 parent
528b47c
commit 86eb6e7
Showing
5 changed files
with
519 additions
and
1,156 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| FROM golang:1.22.5-bookworm AS build | ||
| FROM golang:1.23.4-bookworm AS build | ||
|
|
||
| WORKDIR /pikolo | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| 0.14.1 | ||
| 0.14.2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,148 +1,180 @@ | ||
| module github.com/codefresh-io/pikolo | ||
|
|
||
| go 1.21 | ||
|
|
||
| toolchain go1.22.4 | ||
| go 1.23.4 | ||
|
|
||
| require ( | ||
| github.com/ghodss/yaml v1.0.0 | ||
| github.com/hairyhenderson/gomplate/v3 v3.11.5 | ||
| github.com/hairyhenderson/gomplate/v4 v4.3.0 | ||
| github.com/imdario/mergo v0.3.13 | ||
| github.com/inconshreveable/log15 v0.0.0-20180818164646-67afb5ed74ec | ||
| github.com/spf13/cobra v1.4.0 | ||
| github.com/stretchr/testify v1.9.0 | ||
| github.com/spf13/cobra v1.8.1 | ||
| github.com/stretchr/testify v1.10.0 | ||
| ) | ||
|
|
||
| require ( | ||
| cloud.google.com/go v0.102.0 // indirect | ||
| cloud.google.com/go/compute v1.6.1 // indirect | ||
| cloud.google.com/go/iam v0.3.0 // indirect | ||
| cloud.google.com/go/storage v1.22.1 // indirect | ||
| cel.dev/expr v0.16.1 // indirect | ||
| cloud.google.com/go v0.116.0 // indirect | ||
| cloud.google.com/go/auth v0.9.8 // indirect | ||
| cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect | ||
| cloud.google.com/go/compute/metadata v0.5.2 // indirect | ||
| cloud.google.com/go/iam v1.2.1 // indirect | ||
| cloud.google.com/go/monitoring v1.21.1 // indirect | ||
| cloud.google.com/go/storage v1.44.0 // indirect | ||
| cuelang.org/go v0.11.0 // indirect | ||
| dario.cat/mergo v1.0.0 // indirect | ||
| github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 // indirect | ||
| github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 // indirect | ||
| github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect | ||
| github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.5.0 // indirect | ||
| github.com/Azure/go-autorest v14.2.0+incompatible // indirect | ||
| github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect | ||
| github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect | ||
| github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.24.1 // indirect | ||
| github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.48.1 // indirect | ||
| github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.48.1 // indirect | ||
| github.com/Masterminds/goutils v1.1.1 // indirect | ||
| github.com/Microsoft/go-winio v0.6.1 // indirect | ||
| github.com/Masterminds/semver/v3 v3.3.1 // indirect | ||
| github.com/Microsoft/go-winio v0.6.2 // indirect | ||
| github.com/ProtonMail/go-crypto v1.0.0 // indirect | ||
| github.com/Shopify/ejson v1.3.3 // indirect | ||
| github.com/apparentlymart/go-cidr v1.1.0 // indirect | ||
| github.com/armon/go-metrics v0.4.0 // indirect | ||
| github.com/armon/go-radix v1.0.0 // indirect | ||
| github.com/aws/aws-sdk-go v1.44.206 // indirect | ||
| github.com/aws/aws-sdk-go-v2 v1.16.4 // indirect | ||
| github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.1 // indirect | ||
| github.com/aws/aws-sdk-go-v2/config v1.15.9 // indirect | ||
| github.com/aws/aws-sdk-go-v2/credentials v1.12.4 // indirect | ||
| github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.5 // indirect | ||
| github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.14 // indirect | ||
| github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.11 // indirect | ||
| github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.5 // indirect | ||
| github.com/aws/aws-sdk-go-v2/internal/ini v1.3.12 // indirect | ||
| github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.2 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.1 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.6 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.5 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.5 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/s3 v1.26.10 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/sso v1.11.7 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/sts v1.16.6 // indirect | ||
| github.com/aws/smithy-go v1.11.2 // indirect | ||
| github.com/cenkalti/backoff/v3 v3.2.2 // indirect | ||
| github.com/cloudflare/circl v1.3.7 // indirect | ||
| github.com/cyphar/filepath-securejoin v0.2.4 // indirect | ||
| github.com/davecgh/go-spew v1.1.1 // indirect | ||
| github.com/docker/libkv v0.2.2-0.20180912205406-458977154600 // indirect | ||
| github.com/Shopify/ejson v1.5.3 // indirect | ||
| github.com/armon/go-metrics v0.4.1 // indirect | ||
| github.com/aws/aws-sdk-go v1.55.5 // indirect | ||
| github.com/aws/aws-sdk-go-v2 v1.32.6 // indirect | ||
| github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 // indirect | ||
| github.com/aws/aws-sdk-go-v2/config v1.28.6 // indirect | ||
| github.com/aws/aws-sdk-go-v2/credentials v1.17.47 // indirect | ||
| github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 // indirect | ||
| github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.10 // indirect | ||
| github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25 // indirect | ||
| github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25 // indirect | ||
| github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect | ||
| github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.25 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.6 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.6 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/s3 v1.71.0 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.7 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/ssm v1.56.1 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/sts v1.33.2 // indirect | ||
| github.com/aws/smithy-go v1.22.1 // indirect | ||
| github.com/cenkalti/backoff/v4 v4.3.0 // indirect | ||
| github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect | ||
| github.com/cespare/xxhash/v2 v2.3.0 // indirect | ||
| github.com/cloudflare/circl v1.3.9 // indirect | ||
| github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 // indirect | ||
| github.com/cockroachdb/apd/v3 v3.2.1 // indirect | ||
| github.com/cyphar/filepath-securejoin v0.2.5 // indirect | ||
| github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect | ||
| github.com/dustin/gojson v0.0.0-20160307161227-2e71ec9dd5ad // indirect | ||
| github.com/emirpasic/gods v1.18.1 // indirect | ||
| github.com/fatih/color v1.13.0 // indirect | ||
| github.com/envoyproxy/go-control-plane v0.13.0 // indirect | ||
| github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect | ||
| github.com/fatih/color v1.17.0 // indirect | ||
| github.com/felixge/httpsnoop v1.0.4 // indirect | ||
| github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect | ||
| github.com/go-git/go-billy/v5 v5.5.0 // indirect | ||
| github.com/go-git/go-git/v5 v5.12.0 // indirect | ||
| github.com/go-git/go-billy/v5 v5.6.0 // indirect | ||
| github.com/go-jose/go-jose/v4 v4.0.2 // indirect | ||
| github.com/go-logr/logr v1.4.2 // indirect | ||
| github.com/go-logr/stdr v1.2.2 // indirect | ||
| github.com/go-stack/stack v1.8.0 // indirect | ||
| github.com/golang-jwt/jwt/v5 v5.2.1 // indirect | ||
| github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect | ||
| github.com/golang/protobuf v1.5.4 // indirect | ||
| github.com/golang/snappy v0.0.4 // indirect | ||
| github.com/google/s2a-go v0.1.8 // indirect | ||
| github.com/google/uuid v1.6.0 // indirect | ||
| github.com/google/wire v0.5.0 // indirect | ||
| github.com/googleapis/gax-go/v2 v2.4.0 // indirect | ||
| github.com/googleapis/go-type-adapters v1.0.0 // indirect | ||
| github.com/gosimple/slug v1.12.0 // indirect | ||
| github.com/google/wire v0.6.0 // indirect | ||
| github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect | ||
| github.com/googleapis/gax-go/v2 v2.13.0 // indirect | ||
| github.com/gosimple/slug v1.14.0 // indirect | ||
| github.com/gosimple/unidecode v1.0.1 // indirect | ||
| github.com/hairyhenderson/go-fsimpl v0.0.0-20220529183339-9deae3e35047 // indirect | ||
| github.com/hack-pad/hackpadfs v0.2.4 // indirect | ||
| github.com/hairyhenderson/go-fsimpl v0.2.1 // indirect | ||
| github.com/hairyhenderson/go-git/v5 v5.12.1-0.20240530140403-1b868a7b8a3c // indirect | ||
| github.com/hairyhenderson/toml v0.4.2-0.20210923231440-40456b8e66cf // indirect | ||
| github.com/hairyhenderson/xignore v0.3.3-0.20230403012150-95fe86932830 // indirect | ||
| github.com/hairyhenderson/yaml v0.0.0-20220618171115-2d35fca545ce // indirect | ||
| github.com/hashicorp/consul/api v1.13.0 // indirect | ||
| github.com/hashicorp/consul/api v1.30.0 // indirect | ||
| github.com/hashicorp/errwrap v1.1.0 // indirect | ||
| github.com/hashicorp/go-cleanhttp v0.5.2 // indirect | ||
| github.com/hashicorp/go-hclog v1.2.0 // indirect | ||
| github.com/hashicorp/go-hclog v1.6.3 // indirect | ||
| github.com/hashicorp/go-immutable-radix v1.3.1 // indirect | ||
| github.com/hashicorp/go-multierror v1.1.1 // indirect | ||
| github.com/hashicorp/go-plugin v1.4.4 // indirect | ||
| github.com/hashicorp/go-retryablehttp v0.7.1 // indirect | ||
| github.com/hashicorp/go-retryablehttp v0.7.7 // indirect | ||
| github.com/hashicorp/go-rootcerts v1.0.2 // indirect | ||
| github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 // indirect | ||
| github.com/hashicorp/go-secure-stdlib/parseutil v0.1.5 // indirect | ||
| github.com/hashicorp/go-secure-stdlib/awsutil v0.3.0 // indirect | ||
| github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect | ||
| github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect | ||
| github.com/hashicorp/go-sockaddr v1.0.2 // indirect | ||
| github.com/hashicorp/go-sockaddr v1.0.7 // indirect | ||
| github.com/hashicorp/go-uuid v1.0.3 // indirect | ||
| github.com/hashicorp/go-version v1.5.0 // indirect | ||
| github.com/hashicorp/golang-lru v0.5.4 // indirect | ||
| github.com/hashicorp/golang-lru v1.0.2 // indirect | ||
| github.com/hashicorp/hcl v1.0.0 // indirect | ||
| github.com/hashicorp/serf v0.9.7 // indirect | ||
| github.com/hashicorp/vault/api v1.6.0 // indirect | ||
| github.com/hashicorp/vault/sdk v0.5.0 // indirect | ||
| github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 // indirect | ||
| github.com/inconshreveable/mousetrap v1.0.0 // indirect | ||
| github.com/hashicorp/serf v0.10.1 // indirect | ||
| github.com/hashicorp/vault/api v1.15.0 // indirect | ||
| github.com/hashicorp/vault/api/auth/approle v0.8.0 // indirect | ||
| github.com/hashicorp/vault/api/auth/aws v0.8.0 // indirect | ||
| github.com/hashicorp/vault/api/auth/userpass v0.8.0 // indirect | ||
| github.com/inconshreveable/mousetrap v1.1.0 // indirect | ||
| github.com/itchyny/gojq v0.12.17 // indirect | ||
| github.com/itchyny/timefmt-go v0.1.6 // indirect | ||
| github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect | ||
| github.com/jmespath/go-jmespath v0.4.0 // indirect | ||
| github.com/joho/godotenv v1.4.0 // indirect | ||
| github.com/joho/godotenv v1.5.1 // indirect | ||
| github.com/kevinburke/ssh_config v1.2.0 // indirect | ||
| github.com/mattn/go-colorable v0.1.12 // indirect | ||
| github.com/mattn/go-isatty v0.0.14 // indirect | ||
| github.com/mitchellh/copystructure v1.2.0 // indirect | ||
| github.com/kylelemons/godebug v1.1.0 // indirect | ||
| github.com/mattn/go-colorable v0.1.13 // indirect | ||
| github.com/mattn/go-isatty v0.0.20 // indirect | ||
| github.com/mitchellh/go-homedir v1.1.0 // indirect | ||
| github.com/mitchellh/go-testing-interface v1.14.1 // indirect | ||
| github.com/mitchellh/mapstructure v1.5.0 // indirect | ||
| github.com/mitchellh/reflectwalk v1.0.2 // indirect | ||
| github.com/oklog/run v1.1.0 // indirect | ||
| github.com/pierrec/lz4 v2.6.1+incompatible // indirect | ||
| github.com/pelletier/go-toml/v2 v2.2.3 // indirect | ||
| github.com/pjbgf/sha1cd v0.3.0 // indirect | ||
| github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect | ||
| github.com/pkg/errors v0.9.1 // indirect | ||
| github.com/pmezard/go-difflib v1.0.0 // indirect | ||
| github.com/rs/zerolog v1.26.1 // indirect | ||
| github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect | ||
| github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect | ||
| github.com/ryanuber/go-glob v1.0.0 // indirect | ||
| github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect | ||
| github.com/skeema/knownhosts v1.2.2 // indirect | ||
| github.com/spf13/afero v1.8.2 // indirect | ||
| github.com/spf13/pflag v1.0.5 // indirect | ||
| github.com/ugorji/go/codec v1.2.7 // indirect | ||
| github.com/ugorji/go/codec v1.2.12 // indirect | ||
| github.com/xanzy/ssh-agent v0.3.3 // indirect | ||
| github.com/zealic/xignore v0.3.3 // indirect | ||
| go.etcd.io/bbolt v1.3.6 // indirect | ||
| go.opencensus.io v0.23.0 // indirect | ||
| go.uber.org/atomic v1.9.0 // indirect | ||
| go4.org/intern v0.0.0-20230205224052-192e9f60865c // indirect | ||
| go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2 // indirect | ||
| gocloud.dev v0.25.1-0.20220408200107-09b10f7359f7 // indirect | ||
| golang.org/x/crypto v0.23.0 // indirect | ||
| golang.org/x/mod v0.12.0 // indirect | ||
| golang.org/x/net v0.25.0 // indirect | ||
| golang.org/x/oauth2 v0.20.0 // indirect | ||
| golang.org/x/sync v0.7.0 // indirect | ||
| golang.org/x/sys v0.20.0 // indirect | ||
| golang.org/x/text v0.15.0 // indirect | ||
| golang.org/x/time v0.0.0-20220411224347-583f2d630306 // indirect | ||
| golang.org/x/tools v0.13.0 // indirect | ||
| golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df // indirect | ||
| google.golang.org/api v0.81.0 // indirect | ||
| google.golang.org/appengine v1.6.7 // indirect | ||
| google.golang.org/genproto v0.0.0-20220527130721-00d5c0f3be58 // indirect | ||
| google.golang.org/grpc v1.65.0 // indirect | ||
| google.golang.org/protobuf v1.34.1 // indirect | ||
| gopkg.in/square/go-jose.v2 v2.6.0 // indirect | ||
| go.opencensus.io v0.24.0 // indirect | ||
| go.opentelemetry.io/auto/sdk v1.1.0 // indirect | ||
| go.opentelemetry.io/contrib/detectors/gcp v1.29.0 // indirect | ||
| go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect | ||
| go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect | ||
| go.opentelemetry.io/otel v1.33.0 // indirect | ||
| go.opentelemetry.io/otel/metric v1.33.0 // indirect | ||
| go.opentelemetry.io/otel/sdk v1.33.0 // indirect | ||
| go.opentelemetry.io/otel/sdk/metric v1.29.0 // indirect | ||
| go.opentelemetry.io/otel/trace v1.33.0 // indirect | ||
| go4.org/intern v0.0.0-20230525184215-6c62f75575cb // indirect | ||
| go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect | ||
| go4.org/unsafe/assume-no-moving-gc v0.0.0-20231121144256-b99613f794b6 // indirect | ||
| gocloud.dev v0.40.0 // indirect | ||
| golang.org/x/crypto v0.31.0 // indirect | ||
| golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect | ||
| golang.org/x/mod v0.21.0 // indirect | ||
| golang.org/x/net v0.32.0 // indirect | ||
| golang.org/x/oauth2 v0.24.0 // indirect | ||
| golang.org/x/sync v0.10.0 // indirect | ||
| golang.org/x/sys v0.28.0 // indirect | ||
| golang.org/x/text v0.21.0 // indirect | ||
| golang.org/x/time v0.7.0 // indirect | ||
| golang.org/x/xerrors v0.0.0-20240716161551-93cc26a95ae9 // indirect | ||
| google.golang.org/api v0.201.0 // indirect | ||
| google.golang.org/genproto v0.0.0-20241007155032-5fefd90f89a9 // indirect | ||
| google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect | ||
| google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect | ||
| google.golang.org/grpc v1.68.1 // indirect | ||
| google.golang.org/grpc/stats/opentelemetry v0.0.0-20240907200651-3ffb98b2c93a // indirect | ||
| google.golang.org/protobuf v1.35.2 // indirect | ||
| gopkg.in/warnings.v0 v0.1.2 // indirect | ||
| gopkg.in/yaml.v2 v2.4.0 // indirect | ||
| gopkg.in/yaml.v3 v3.0.1 // indirect | ||
| inet.af/netaddr v0.0.0-20220811202034-502d2d690317 // indirect | ||
| k8s.io/client-go v11.0.0+incompatible // indirect | ||
| inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a // indirect | ||
| k8s.io/client-go v0.32.0 // indirect | ||
| ) | ||
|
|
||
| replace gopkg.in/hairyhenderson/yaml.v2 => github.com/maxaudron/yaml v0.0.0-20190411130442-27c13492fe3c |
Oops, something went wrong.