Skip to content

Commit

Permalink
CVE-2023-44487: Fix indirect calls
Browse files Browse the repository at this point in the history
We still have potential indirect uses
of affected google.golang.org/grpc.

GHSA-qppj-fm5r-hxr3

Signed-off-by: Or Shoval <[email protected]>
  • Loading branch information
oshoval committed Nov 13, 2023
1 parent 69b2631 commit 8ff1f0d
Show file tree
Hide file tree
Showing 11 changed files with 2,356 additions and 762 deletions.
14 changes: 10 additions & 4 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,8 @@ require (
)

require (
cloud.google.com/go v0.97.0 // indirect
cloud.google.com/go/compute v1.21.0 // indirect
cloud.google.com/go/compute/metadata v0.2.3 // indirect
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
github.com/Azure/go-autorest/autorest v0.11.27 // indirect
github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect
Expand All @@ -26,7 +27,7 @@ require (
github.com/PuerkitoBio/purell v1.1.1 // indirect
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/cespare/xxhash/v2 v2.1.2 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/emicklei/go-restful/v3 v3.8.0 // indirect
github.com/evanphx/json-patch/v5 v5.6.0 // indirect
Expand All @@ -42,7 +43,7 @@ require (
github.com/google/gnostic v0.5.7-v3refs // indirect
github.com/google/go-cmp v0.5.9 // indirect
github.com/google/gofuzz v1.1.0 // indirect
github.com/google/uuid v1.1.2 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/imdario/mergo v0.3.12 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
Expand All @@ -55,7 +56,7 @@ require (
github.com/pborman/uuid v1.2.0 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/prometheus/client_golang v1.12.2 // indirect
github.com/prometheus/client_model v0.2.0 // indirect
github.com/prometheus/client_model v0.4.0 // indirect
github.com/prometheus/common v0.32.1 // indirect
github.com/prometheus/procfs v0.7.3 // indirect
github.com/spf13/pflag v1.0.5 // indirect
Expand Down Expand Up @@ -85,3 +86,8 @@ require (
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
)

replace (
github.com/cespare/xxhash/v2 => github.com/cespare/xxhash/v2 v2.1.2
google.golang.org/grpc => google.golang.org/grpc v1.58.3
)
1,212 changes: 1,156 additions & 56 deletions go.sum

Large diffs are not rendered by default.

202 changes: 0 additions & 202 deletions vendor/cloud.google.com/go/LICENSE

This file was deleted.

31 changes: 19 additions & 12 deletions vendor/cloud.google.com/go/compute/metadata/metadata.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 0 additions & 13 deletions vendor/github.com/cespare/xxhash/v2/xxhash_amd64.go

This file was deleted.

4 changes: 2 additions & 2 deletions vendor/github.com/google/uuid/hash.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion vendor/github.com/google/uuid/sql.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 8ff1f0d

Please sign in to comment.