Sebastiaan van Stijn
f9dee9dc90
vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c
...
Update to the latest version that contains a fix for CVE-2022-27664;
f3363e06e7
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 23:09:44 +02:00
Sebastiaan van Stijn
ec47096efc
vendor: github.com/prometheus/client_golang v1.12.1
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-05 18:43:00 +02:00
Trevor Wood
decc64eb5c
go.mod: github.com/aws/aws-sdk-go v1.43.16
...
Signed-off-by: Trevor Wood <Trevor.G.Wood@gmail.com>
2022-03-10 20:27:01 -05:00
Sebastiaan van Stijn
4f1c1e4268
go.mod: github.com/Azure/go-autorest/autorest v0.11.24
...
Update the indirect dependency to remove the transitional github.com/form3tech-oss/jwt-go
dependency from the dependency graph.
Updates:
- github.com/Azure/go-autorest/autorest v0.11.24: https://github.com/Azure/go-autorest/compare/autorest/v0.11.20...autorest/v0.11.24
- github.com/Azure/go-autorest/autorest/adal v0.9.18: https://github.com/Azure/go-autorest/compare/autorest/adal/v0.9.15...autorest/adal/v0.9.18
- github.com/golang-jwt/jwt v4.2.0: https://github.com/golang-jwt/jwt/compare/v4.0.0...v4.2.0
- golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3: 32db794688...e495a2d5b3
Before this:
go mod graph | grep 'jwt'
github.com/Azure/go-autorest/autorest/adal@v0.9.15 github.com/golang-jwt/jwt/v4@v4.0.0
github.com/Azure/go-autorest/autorest/adal@v0.9.13 github.com/form3tech-oss/jwt-go@v3.2.2+incompatible
After this:
go mod graph | grep 'jwt'
github.com/Azure/go-autorest/autorest@v0.11.24 github.com/golang-jwt/jwt/v4@v4.2.0
github.com/Azure/go-autorest/autorest/adal@v0.9.18 github.com/golang-jwt/jwt/v4@v4.0.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-28 18:02:58 +01:00
Sebastiaan van Stijn
79ead619be
go.mod: spf13/cobra v1.0.0
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-26 16:59:40 +01:00
Adam Kaplan
81a2d171ee
Update aws-sdk to 1.42.27
...
Upgrade the aws golang SDK to 1.42.27 to add the new options for
configuring S3 dualstack endpoints.
Signed-off-by: Adam Kaplan <adam.kaplan@redhat.com>
2022-01-04 17:19:05 -05:00
Sebastiaan van Stijn
6fbba6a99b
go.mod: github.com/opencontainers/image-spec v1.0.2
...
- Bring mediaType out of reserved status
- specs-go: adding mediaType to the index and manifest structures
full diff: https://github.com/opencontainers/image-spec/compare/v1.0.1...v1.0.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-11-17 22:25:16 +01:00
Wang Yan
3f4c558dac
bump up golang v1.17
...
Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-10-27 15:51:30 +08:00
David Justice
3e68d47da6
chore: update azure go-autorest dependencies
...
Signed-off-by: David Justice <david@devigned.com>
2021-08-25 13:43:18 -04:00
Sebastiaan van Stijn
226ad1e639
go.mod: update logrus to v1.8.1
...
Newer versions contain fixes for recent Go versions, and this removes
the dependency on github.com/konsorten/go-windows-terminal-sequences
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-22 14:36:56 +02:00
Sebastiaan van Stijn
06c8d441f8
go.mod: gopkg.in/yaml.v2 v2.4.0
...
This updates the package to a version to include the security fixes in v2.2.3.
Version 2.3.0 was known introduce a breaking change for some users, so using
the latest (v2.4.0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-22 14:31:11 +02:00
olegburov
907e7be545
Bump Logstash hook for logrus to v1.0.0
.
...
Signed-off-by: olegburov <oleg.burov@outlook.com>
2021-02-11 21:51:13 -08:00
olegburov
03aaf6ab51
Bump Gorilla Handlers to v1.5.1
.
...
Signed-off-by: olegburov <oleg.burov@outlook.com>
2020-11-06 10:22:21 -08:00
Arko Dasgupta
f4506b517a
Merge pull request #3237 from olegburov/bump-gorilla-mux
...
Upgrade Gorilla Mux to `1.8.0`.
2020-11-05 13:23:17 -08:00
olegburov
264e26fd8c
Bump Redigo to v1.8.2
.
...
Signed-off-by: olegburov <oleg.burov@outlook.com>
2020-08-31 18:07:54 -07:00
olegburov
545596ae2c
Bump Gorilla Mux to v1.8.0
.
...
Signed-off-by: olegburov <oleg.burov@outlook.com>
2020-08-31 08:54:44 -07:00
Manish Tomar
5dc1f65acc
Merge pull request #3224 from AndreasHassing/fix/bad-pointer-windows-EnableVirtualTerminalProcessing
...
Update logrus to v1.6.0, fixes #3223
2020-08-24 15:04:52 -07:00
Sebastiaan van Stijn
8a8d91529d
vendor: opencontainers/go-digest v1.0.0
...
full diff: https://github.com/opencontainers/go-digest/compare/v1.0.0-rc1...v1.0.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-08-24 18:46:53 +02:00
Andreas Hassing
9466dd4e5a
Update logrus to v1.6.0
...
Fixes #3223 by bumping logrus to v1.6.0, which in turn bumps
github.com/konsorten/go-windows-terminal-sequences to v1.0.3
wherein the fix to bad pointer is found.
Signed-off-by: Andreas Hassing <andreas@famhassing.dk>
2020-08-24 13:14:04 +02:00
Manish Tomar
0316f34bf2
Merge pull request #3118 from lawliet89/bump-aws-sdk
...
Bump AWS SDK to v1.34.9
2020-08-21 15:57:08 -07:00
Yong Wen Chua
e1464fd317
Bump AWS SDK
...
Fixes https://github.com/docker/distribution/issues/3097
Signed-off-by: Yong Wen Chua <lawliet89@users.noreply.github.com>
2020-08-21 17:35:24 +08:00
wang yan
bf56f348be
Update oci library
...
1, update go-digest to v1.0.0-rc1
2, update image-spec to v1.0.1
Signed-off-by: wang yan <wangyan@vmware.com>
2020-03-10 23:19:29 +08:00
Elliot Pahl
800cb95821
Use go-events package
...
TBD: Queue not converted yet
Signed-off-by: Elliot Pahl <elliot.pahl@gmail.com>
2020-03-04 12:49:32 -08:00
Sebastiaan van Stijn
98dcc5195e
vendor: update docker/go-metrics v0.0.1
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-03-02 20:14:15 +01:00
Sebastiaan van Stijn
7e290869e7
vendor: update golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d (CVE-2020-7919)
...
Includes 69ecbb4d6d
(forward-port of 8b5121be2f
),
which fixes CVE-2020-7919:
- Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte
On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing
functions of golang.org/x/crypto/cryptobyte can lead to a panic.
The malformed certificate can be delivered via a crypto/tls connection to a
client, or to a server that accepts client certificates. net/http clients can
be made to crash by an HTTPS server, while net/http servers that accept client
certificates will recover the panic and are unaffected.
Thanks to Project Wycheproof for providing the test cases that led to the
discovery of this issue. The issue is CVE-2020-7919 and Go issue golang.org/issue/36837.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-21 23:45:56 +01:00
Tariq Ibrahim
afe29bb697
update the golang compiler version and the versions of several dependencies
...
Signed-off-by: Tariq Ibrahim <tariq181290@gmail.com>
2019-06-19 22:43:52 -07:00
Tariq Ibrahim
5223c27422
migrate to go modules from vndr
...
Signed-off-by: Tariq Ibrahim <tariq181290@gmail.com>
2019-06-19 12:24:07 -07:00