Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

go.mod: update dependencies #1657

Draft
wants to merge 24 commits into
base: master
Choose a base branch
from
Draft

go.mod: update dependencies #1657

wants to merge 24 commits into from
+151,239 −30,168

Commits on Nov 7, 2022

  1. server: move prometheus metrics to separate files 

    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    5869b05 View commit details
    Browse the repository at this point in the history

  2. server: add no_metrics build-tag to disable prometheus 

    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    ca2d641 View commit details
    Browse the repository at this point in the history

  3. server: use docker/go-metrics utilities for prometheus 

    The old code was no longer compatible with current versions of prometheus.
This switches the code to use docker/go-metrics, which is compatible with
current versions of prometheus, and already in use in other code in the
dependency tree.

I tried to keep the metrics the same as before, but there may be some
differences.

Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    07a34ba View commit details
    Browse the repository at this point in the history

  4. go.mod: github.com/spf13/cobra v1.6.1 

    Fixes a panic when AddGroup isn't called before AddCommand(my-sub-command) is executed

Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    8a54c2b View commit details
    Browse the repository at this point in the history

  5. go.mod: golang.org/x/term v0.1.0 

    The golang.org/x/ projects now tag releases.

full diff: golang/term@f5c789d...v0.1.0

Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    208b0ac View commit details
    Browse the repository at this point in the history

  6. go.mod: golang.org/x/sys v0.1.0 

    The golang.org/x/ projects now tag releases.

full diff: golang/sys@bc2c85a...v0.1.0

Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    f0a6949 View commit details
    Browse the repository at this point in the history

  7. go.mod: golang.org/x/text v0.4.0 

    The golang.org/x/ projects now tag releases.

includes fixes for CVE-2022-32149 (v0.3.8)

full diff: golang/text@v0.3.3...v0.4.0

Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    80f2ee2 View commit details
    Browse the repository at this point in the history

  8. go.mod: golang.org/x/net v0.1.0 

    The golang.org/x/ projects now tag releases.

- updates to a version that fixes CVE-2022-27664

full diff: golang/net@f585440...v0.1.0

Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    162195a View commit details
    Browse the repository at this point in the history

  9. go.mod: golang.org/x/crypto v0.1.0 

    The golang.org/x/ projects now tag releases.

Also removing uses of golang.org/x/crypto/ed25519, which is now part of stdlib:

    Beginning with Go 1.13, the functionality of this package was moved to the
    standard library as crypto/ed25519. This package only acts as a compatibility
    wrapper.

full diff: golang/crypto@f585440...v0.1.0

Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    a01f6a2 View commit details
    Browse the repository at this point in the history

  10. go.mod: github.com/dvsekhvalnov/jose2go v1.5.0 

    Adds go.mod support

full diff: dvsekhvalnov/jose2go@248326c...v1.5.0

Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    ccbc076 View commit details
    Browse the repository at this point in the history

  11. go.mod: github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577de… 

    …e27f20d

full diff: Shopify/logrus-bugsnag@6dbc35f...577dee2

Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    f5cb2fe View commit details
    Browse the repository at this point in the history

  12. go.mod: github.com/sirupsen/logrus v1.9.0 

    full diff: sirupsen/logrus@v1.7.1...v1.9.0

Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    cf853a9 View commit details
    Browse the repository at this point in the history

  13. go.mod: github.com/miekg/pkcs11 v1.1.1 

    full diff: miekg/pkcs11@v1.0.3...v1.1.1

Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    faeb999 View commit details
    Browse the repository at this point in the history

  14. go.mod: github.com/stretchr/testify v1.8.1 

    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    afd9eef View commit details
    Browse the repository at this point in the history

  15. go.mod: google.golang.org/protobuf v1.28.0 

    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    e058f41 View commit details
    Browse the repository at this point in the history

  16. go.mod: github.com/gogo/protobuf v1.3.2 

    contains fixes for CVE-2021-3121 "skippy peanut butter"

full diff: gogo/protobuf@v1.0.0...v1.3.2

Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    fb1c0d5 View commit details
    Browse the repository at this point in the history

  17. go.mod: github.com/spf13/viper v1.13.0 

    removes the deprecated github.com/BurntSushi/toml dependency

full diff: spf13/viper@be5ff3e...v1.13.0

Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    04ae5f3 View commit details
    Browse the repository at this point in the history

  18. go.mod: github.com/opencontainers/image-spec v1.0.2 

    This is a dependency for docker/distribution, which does not yet use go modules,
so indirect dependencies aren't updated automatically.

image-spec v1.0.2 contains mitigations for CVE-2021-41190.

full diff: opencontainers/image-spec@v1.0.1...v1.0.2

Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    6593165 View commit details
    Browse the repository at this point in the history

  19. go.mod: github.com/docker/distribution v2.8.1 

    full diff: distribution/distribution@v2.7.1...v2.8.1

Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    c45a639 View commit details
    Browse the repository at this point in the history

  20. go.mod: github.com/gorilla/mux v1.8.0 

    full diff: gorilla/mux@v1.7.0...v1.8.0

Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    f3c9d4f View commit details
    Browse the repository at this point in the history

  21. go.mod: github.com/prometheus/client_golang v1.12.1 

    not the latest version, but this version looks to be commonly used in various
projects. Also contains fixes for CVE-2022-21698 (affects versions < 1.11.1)

full diff: prometheus/client_golang@c332b6f...v1.12.1

Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    2b3b1cf View commit details
    Browse the repository at this point in the history

  22. go.mod: github.com/docker/go-metrics v0.0.1 

    adds go.mod

full diff: docker/go-metrics@c332b6f...v0.0.1

Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    6a37534 View commit details
    Browse the repository at this point in the history

  23. go.mod: github.com/cloudflare/cfssl v1.5.0 

    not using latest version, as that brings many indirect dependencies (through cobra)

- removes github.com/gogo/protobuf dependency
- unfortunately, brings back golang.org/x/crypto/ed25519 (will open a PR for that)

Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    fc0da05 View commit details
    Browse the repository at this point in the history

  24. go.mod: github.com/matttproud/golang_protobuf_extensions v1.0.2 

    updating the indirect dependency to match other projects; this version adds
a go.mod;

matttproud/golang_protobuf_extensions@v1.0.1...v1.0.2

Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    1c7f718 View commit details
    Browse the repository at this point in the history