Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: CVE-2023-5528, GHSA-m425-mq94-257g #419

Merged
merged 2 commits into from
Dec 6, 2023
Merged

fix: CVE-2023-5528, GHSA-m425-mq94-257g #419

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8802c77
fix: CVE-2023-5528
andyzhangx Dec 6, 2023
d56bc20
fix: GHSA-m425-mq94-257g
andyzhangx Dec 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
fix: CVE-2023-5528
@andyzhangx
andyzhangx committed Dec 6, 2023
commit 8802c775ecf429425b36b0698ea9a62cd1e012f3
114 changes: 59 additions & 55 deletions go.mod
View file
Original file line number Diff line number Diff line change
@@ -3,29 +3,30 @@ module sigs.k8s.io/sig-storage-local-static-provisioner
go 1.20

require (
github.com/golang/glog v1.0.0
github.com/golang/glog v1.1.0
github.com/kubernetes-csi/csi-proxy/client v1.0.2
github.com/onsi/ginkgo/v2 v2.9.1
github.com/onsi/gomega v1.27.4
github.com/prometheus/client_golang v1.14.0
github.com/spf13/pflag v1.0.5
golang.org/x/sys v0.13.0
gopkg.in/yaml.v2 v2.4.0
k8s.io/api v0.27.3
k8s.io/apimachinery v0.27.3
k8s.io/apiserver v0.27.3
k8s.io/client-go v0.27.3
k8s.io/component-base v0.27.3
k8s.io/api v0.27.8
k8s.io/apimachinery v0.27.8
k8s.io/apiserver v0.27.8
k8s.io/client-go v0.27.8
k8s.io/component-base v0.27.8
k8s.io/klog/v2 v2.90.1
k8s.io/kubernetes v1.27.3
k8s.io/kubernetes v1.27.8
k8s.io/pod-security-admission v0.0.0
k8s.io/utils v0.0.0-20230209194617-a36077c30491
sigs.k8s.io/sig-storage-lib-external-provisioner/v6 v6.3.0
sigs.k8s.io/yaml v1.3.0
)

require (
cloud.google.com/go v0.97.0 // indirect
cloud.google.com/go/compute v1.19.1 // indirect
cloud.google.com/go/compute/metadata v0.2.3 // indirect
github.com/GoogleCloudPlatform/k8s-cloud-provider v1.18.1-0.20220218231025-f11817397a1b // indirect
github.com/Microsoft/go-winio v0.4.17 // indirect
github.com/NYTimes/gziphandler v1.1.1 // indirect
@@ -34,7 +35,7 @@ require (
github.com/beorn7/perks v1.0.1 // indirect
github.com/blang/semver/v4 v4.0.0 // indirect
github.com/cenkalti/backoff/v4 v4.1.3 // indirect
github.com/cespare/xxhash/v2 v2.1.2 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/coreos/go-semver v0.3.0 // indirect
github.com/coreos/go-systemd/v22 v22.4.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
@@ -52,13 +53,14 @@ require (
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/google/cel-go v0.12.6 // indirect
github.com/google/cel-go v0.12.7 // indirect
github.com/google/gnostic v0.5.7-v3refs // indirect
github.com/google/go-cmp v0.5.9 // indirect
github.com/google/gofuzz v1.1.0 // indirect
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/googleapis/gax-go/v2 v2.1.1 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
github.com/googleapis/gax-go/v2 v2.7.1 // indirect
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 // indirect
github.com/imdario/mergo v0.3.6 // indirect
@@ -85,7 +87,7 @@ require (
go.etcd.io/etcd/api/v3 v3.5.7 // indirect
go.etcd.io/etcd/client/pkg/v3 v3.5.7 // indirect
go.etcd.io/etcd/client/v3 v3.5.7 // indirect
go.opencensus.io v0.23.0 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.35.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.1 // indirect
go.opentelemetry.io/otel v1.10.0 // indirect
@@ -101,66 +103,68 @@ require (
go.uber.org/zap v1.19.0 // indirect
golang.org/x/crypto v0.14.0 // indirect
golang.org/x/net v0.17.0 // indirect
golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect
golang.org/x/sync v0.1.0 // indirect
golang.org/x/oauth2 v0.7.0 // indirect
golang.org/x/sync v0.3.0 // indirect
golang.org/x/term v0.13.0 // indirect
golang.org/x/text v0.13.0 // indirect
golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
golang.org/x/tools v0.7.0 // indirect
google.golang.org/api v0.60.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.12.0 // indirect
google.golang.org/api v0.114.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect
google.golang.org/grpc v1.51.0 // indirect
google.golang.org/protobuf v1.28.1 // indirect
gopkg.in/gcfg.v1 v1.2.0 // indirect
google.golang.org/genproto v0.0.0-20230525234025-438c736192d0 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 // indirect
google.golang.org/grpc v1.56.3 // indirect
google.golang.org/protobuf v1.31.0 // indirect
gopkg.in/gcfg.v1 v1.2.3 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect
gopkg.in/warnings.v0 v0.1.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/apiextensions-apiserver v0.0.0 // indirect
k8s.io/cloud-provider v0.27.3 // indirect
k8s.io/component-helpers v0.27.3 // indirect
k8s.io/controller-manager v0.27.3 // indirect
k8s.io/kms v0.27.3 // indirect
k8s.io/cloud-provider v0.27.8 // indirect
k8s.io/component-helpers v0.27.8 // indirect
k8s.io/controller-manager v0.27.8 // indirect
k8s.io/kms v0.27.8 // indirect
k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
k8s.io/kubectl v0.0.0 // indirect
k8s.io/kubelet v0.0.0 // indirect
k8s.io/legacy-cloud-providers v0.0.0 // indirect
k8s.io/mount-utils v0.27.3 // indirect
k8s.io/mount-utils v0.27.8 // indirect
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
)

replace (
github.com/emicklei/go-restful => github.com/emicklei/go-restful/v3 v3.8.0
k8s.io/api => k8s.io/api v0.27.3
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.27.3
k8s.io/apimachinery => k8s.io/apimachinery v0.27.3
k8s.io/apiserver => k8s.io/apiserver v0.27.3
k8s.io/cli-runtime => k8s.io/cli-runtime v0.27.3
k8s.io/client-go => k8s.io/client-go v0.27.3
k8s.io/cloud-provider => k8s.io/cloud-provider v0.27.3
k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.27.3
k8s.io/code-generator => k8s.io/code-generator v0.27.3
k8s.io/component-base => k8s.io/component-base v0.27.3
k8s.io/component-helpers => k8s.io/component-helpers v0.27.3
k8s.io/controller-manager => k8s.io/controller-manager v0.27.3
k8s.io/cri-api => k8s.io/cri-api v0.27.3
k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.27.3
k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.27.3
k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.27.3
k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.27.3
k8s.io/kube-proxy => k8s.io/kube-proxy v0.27.3
k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.27.3
k8s.io/kubectl => k8s.io/kubectl v0.27.3
k8s.io/kubelet => k8s.io/kubelet v0.27.3
k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.27.3
k8s.io/metrics => k8s.io/metrics v0.27.3
k8s.io/mount-utils => k8s.io/mount-utils v0.27.3
k8s.io/node-api => k8s.io/node-api v0.27.3
k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.27.3
k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.27.3
k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.27.3
k8s.io/sample-controller => k8s.io/sample-controller v0.27.3
k8s.io/api => k8s.io/api v0.27.8
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.27.8
k8s.io/apimachinery => k8s.io/apimachinery v0.27.8
k8s.io/apiserver => k8s.io/apiserver v0.27.8
k8s.io/cli-runtime => k8s.io/cli-runtime v0.27.8
k8s.io/client-go => k8s.io/client-go v0.27.8
k8s.io/cloud-provider => k8s.io/cloud-provider v0.27.8
k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.27.8
k8s.io/code-generator => k8s.io/code-generator v0.27.8
k8s.io/component-base => k8s.io/component-base v0.27.8
k8s.io/component-helpers => k8s.io/component-helpers v0.27.8
k8s.io/controller-manager => k8s.io/controller-manager v0.27.8
k8s.io/cri-api => k8s.io/cri-api v0.27.8
k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.27.8
k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.27.8
k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.27.8
k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.27.8
k8s.io/kube-proxy => k8s.io/kube-proxy v0.27.8
k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.27.8
k8s.io/kubectl => k8s.io/kubectl v0.27.8
k8s.io/kubelet => k8s.io/kubelet v0.27.8
k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.27.8
k8s.io/metrics => k8s.io/metrics v0.27.8
k8s.io/mount-utils => k8s.io/mount-utils v0.27.8
k8s.io/node-api => k8s.io/node-api v0.27.8
k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.27.8
k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.27.8
k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.27.8
k8s.io/sample-controller => k8s.io/sample-controller v0.27.8
)
151 changes: 92 additions & 59 deletions go.sum
View file

Large diffs are not rendered by default.

0 vendor/cloud.google.com/go/LICENSE → vendor/cloud.google.com/go/compute/LICENSE
View file
File renamed without changes.
18 changes: 18 additions & 0 deletions vendor/cloud.google.com/go/compute/internal/version.go
View file
19 changes: 19 additions & 0 deletions vendor/cloud.google.com/go/compute/metadata/CHANGES.md
View file
202 changes: 202 additions & 0 deletions vendor/cloud.google.com/go/compute/metadata/LICENSE
View file
27 changes: 27 additions & 0 deletions vendor/cloud.google.com/go/compute/metadata/README.md
View file
31 changes: 19 additions & 12 deletions vendor/cloud.google.com/go/compute/metadata/metadata.go
View file
23 changes: 23 additions & 0 deletions vendor/cloud.google.com/go/compute/metadata/tidyfix.go
View file
31 changes: 17 additions & 14 deletions vendor/github.com/cespare/xxhash/v2/README.md
View file
10 changes: 10 additions & 0 deletions vendor/github.com/cespare/xxhash/v2/testall.sh
View file
47 changes: 20 additions & 27 deletions vendor/github.com/cespare/xxhash/v2/xxhash.go
View file
336 changes: 165 additions & 171 deletions vendor/github.com/cespare/xxhash/v2/xxhash_amd64.s
View file
183 changes: 183 additions & 0 deletions vendor/github.com/cespare/xxhash/v2/xxhash_arm64.s
View file
2 changes: 2 additions & 0 deletions ...hub.com/cespare/xxhash/v2/xxhash_amd64.go → ...ithub.com/cespare/xxhash/v2/xxhash_asm.go
View file
22 changes: 11 additions & 11 deletions vendor/github.com/cespare/xxhash/v2/xxhash_other.go
View file
1 change: 1 addition & 0 deletions vendor/github.com/cespare/xxhash/v2/xxhash_safe.go
View file
3 changes: 2 additions & 1 deletion vendor/github.com/cespare/xxhash/v2/xxhash_unsafe.go
View file
1,217 changes: 329 additions & 888 deletions vendor/github.com/golang/glog/glog.go
View file

Large diffs are not rendered by default.

305 changes: 294 additions & 11 deletions vendor/github.com/golang/glog/glog_file.go
View file
395 changes: 395 additions & 0 deletions vendor/github.com/golang/glog/glog_flags.go
View file
387 changes: 387 additions & 0 deletions vendor/github.com/golang/glog/internal/logsink/logsink.go
View file
35 changes: 35 additions & 0 deletions vendor/github.com/golang/glog/internal/logsink/logsink_fatal.go
View file
127 changes: 127 additions & 0 deletions vendor/github.com/golang/glog/internal/stackdump/stackdump.go
View file
16 changes: 14 additions & 2 deletions vendor/github.com/google/cel-go/checker/cost.go
View file
202 changes: 202 additions & 0 deletions vendor/github.com/googleapis/enterprise-certificate-proxy/LICENSE
View file
185 changes: 185 additions & 0 deletions vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go
View file
91 changes: 91 additions & 0 deletions vendor/github.com/googleapis/enterprise-certificate-proxy/client/util/util.go
View file
3 changes: 3 additions & 0 deletions vendor/github.com/googleapis/gax-go/v2/.release-please-manifest.json
View file
Loading