Skip to content

Commit 9ee60e3

Browse files
cicoylecicoyle
authored
Merge pull request #1587 from fyzanshaik/security/fix-helm-otel-vulnerabilities
security(deps): bump helm and opentelemetry to fix HIGH vulnerabilities
2 parents d32486a + 284fc18 commit 9ee60e3

3 files changed

Lines changed: 136 additions & 150 deletions

File tree

go.mod

Lines changed: 31 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -28,11 +28,11 @@ require (
2828
github.com/olekukonko/tablewriter v0.0.5
2929
github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
3030
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c
31-
github.com/redis/go-redis/v9 v9.6.3
31+
github.com/redis/go-redis/v9 v9.7.3
3232
github.com/shirou/gopsutil v3.21.11+incompatible
3333
github.com/sijms/go-ora/v2 v2.8.22
3434
github.com/spf13/cobra v1.9.1
35-
github.com/spf13/pflag v1.0.6
35+
github.com/spf13/pflag v1.0.7
3636
github.com/spf13/viper v1.13.0
3737
github.com/stretchr/testify v1.11.1
3838
go.etcd.io/etcd/client/v3 v3.5.21
@@ -42,14 +42,14 @@ require (
4242
google.golang.org/grpc v1.78.0
4343
google.golang.org/protobuf v1.36.11
4444
gopkg.in/yaml.v2 v2.4.0
45-
helm.sh/helm/v3 v3.17.4
46-
k8s.io/api v0.32.3
47-
k8s.io/apiextensions-apiserver v0.32.2
48-
k8s.io/apimachinery v0.33.0
49-
k8s.io/cli-runtime v0.32.2
50-
k8s.io/client-go v0.32.3
45+
helm.sh/helm/v3 v3.18.5
46+
k8s.io/api v0.33.3
47+
k8s.io/apiextensions-apiserver v0.33.3
48+
k8s.io/apimachinery v0.33.3
49+
k8s.io/cli-runtime v0.33.3
50+
k8s.io/client-go v0.33.3
5151
k8s.io/helm v2.16.10+incompatible
52-
sigs.k8s.io/yaml v1.4.0
52+
sigs.k8s.io/yaml v1.5.0
5353
)
5454

5555
require (
@@ -58,15 +58,14 @@ require (
5858
dario.cat/mergo v1.0.1 // indirect
5959
filippo.io/edwards25519 v1.1.0 // indirect
6060
github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect
61-
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
62-
github.com/BurntSushi/toml v1.4.0 // indirect
61+
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
62+
github.com/BurntSushi/toml v1.5.0 // indirect
6363
github.com/Code-Hex/go-generics-cache v1.3.1 // indirect
6464
github.com/MakeNowJust/heredoc v1.0.0 // indirect
6565
github.com/Masterminds/goutils v1.1.1 // indirect
6666
github.com/Masterminds/sprig/v3 v3.3.0 // indirect
6767
github.com/Masterminds/squirrel v1.5.4 // indirect
6868
github.com/Microsoft/go-winio v0.6.2 // indirect
69-
github.com/Microsoft/hcsshim v0.12.5 // indirect
7069
github.com/PuerkitoBio/purell v1.2.1 // indirect
7170
github.com/aavaz-ai/pii-scrubber v0.0.0-20220812094047-3fa450ab6973 // indirect
7271
github.com/alphadose/haxmap v1.4.0 // indirect
@@ -82,9 +81,7 @@ require (
8281
github.com/chebyrash/promise v0.0.0-20230709133807-42ec49ba1459 // indirect
8382
github.com/cloudevents/sdk-go/binding/format/protobuf/v2 v2.15.2 // indirect
8483
github.com/cloudevents/sdk-go/v2 v2.15.2 // indirect
85-
github.com/containerd/cgroups/v3 v3.1.2 // indirect
8684
github.com/containerd/containerd v1.7.29 // indirect
87-
github.com/containerd/continuity v0.4.5 // indirect
8885
github.com/containerd/errdefs v1.0.0 // indirect
8986
github.com/containerd/log v0.1.0 // indirect
9087
github.com/containerd/platforms v0.2.1 // indirect
@@ -96,16 +93,12 @@ require (
9693
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
9794
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
9895
github.com/distribution/reference v0.6.0 // indirect
99-
github.com/dlclark/regexp2 v1.10.0 // indirect
100-
github.com/docker/cli v25.0.1+incompatible // indirect
101-
github.com/docker/distribution v2.8.3+incompatible // indirect
102-
github.com/docker/docker-credential-helpers v0.7.0 // indirect
96+
github.com/dlclark/regexp2 v1.11.0 // indirect
10397
github.com/docker/go-connections v0.5.0 // indirect
10498
github.com/docker/go-events v0.0.0-20250808211157-605354379745 // indirect
105-
github.com/docker/go-metrics v0.0.1 // indirect
10699
github.com/docker/go-units v0.5.0 // indirect
107100
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
108-
github.com/evanphx/json-patch v5.9.0+incompatible // indirect
101+
github.com/evanphx/json-patch v5.9.11+incompatible // indirect
109102
github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
110103
github.com/felixge/httpsnoop v1.0.4 // indirect
111104
github.com/fsnotify/fsnotify v1.9.0 // indirect
@@ -134,13 +127,12 @@ require (
134127
github.com/golang/protobuf v1.5.4 // indirect
135128
github.com/golang/snappy v1.0.0 // indirect
136129
github.com/google/btree v1.1.3 // indirect
137-
github.com/google/cel-go v0.22.0 // indirect
130+
github.com/google/cel-go v0.23.2 // indirect
138131
github.com/google/gnostic-models v0.6.9 // indirect
139132
github.com/google/go-cmp v0.7.0 // indirect
140133
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
141134
github.com/google/uuid v1.6.0 // indirect
142-
github.com/gorilla/mux v1.8.1 // indirect
143-
github.com/gorilla/websocket v1.5.3 // indirect
135+
github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
144136
github.com/gosuri/uitable v0.0.4 // indirect
145137
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
146138
github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
@@ -179,10 +171,8 @@ require (
179171
github.com/mitchellh/go-wordwrap v1.0.1 // indirect
180172
github.com/mitchellh/mapstructure v1.5.1-0.20220423185008-bf980b35cac4 // indirect
181173
github.com/mitchellh/reflectwalk v1.0.2 // indirect
182-
github.com/moby/locker v1.0.1 // indirect
183174
github.com/moby/spdystream v0.5.0 // indirect
184-
github.com/moby/sys/mountinfo v0.7.2 // indirect
185-
github.com/moby/term v0.5.0 // indirect
175+
github.com/moby/term v0.5.2 // indirect
186176
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
187177
github.com/modern-go/reflect2 v1.0.2 // indirect
188178
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
@@ -204,8 +194,9 @@ require (
204194
github.com/prometheus/common v0.64.0 // indirect
205195
github.com/prometheus/procfs v0.16.1 // indirect
206196
github.com/prometheus/statsd_exporter v0.22.7 // indirect
207-
github.com/rubenv/sql-migrate v1.7.1 // indirect
197+
github.com/rubenv/sql-migrate v1.8.0 // indirect
208198
github.com/russross/blackfriday/v2 v2.1.0 // indirect
199+
github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 // indirect
209200
github.com/segmentio/asm v1.2.0 // indirect
210201
github.com/shopspring/decimal v1.4.0 // indirect
211202
github.com/sirupsen/logrus v1.9.4 // indirect
@@ -225,9 +216,6 @@ require (
225216
github.com/xdg-go/pbkdf2 v1.0.0 // indirect
226217
github.com/xdg-go/scram v1.1.2 // indirect
227218
github.com/xdg-go/stringprep v1.0.4 // indirect
228-
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
229-
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
230-
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
231219
github.com/xlab/treeprint v1.2.0 // indirect
232220
github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect
233221
github.com/yusufpapurcu/wmi v1.2.3 // indirect
@@ -236,17 +224,19 @@ require (
236224
go.opencensus.io v0.24.0 // indirect
237225
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
238226
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 // indirect
239-
go.opentelemetry.io/otel v1.39.0 // indirect
227+
go.opentelemetry.io/otel v1.40.0 // indirect
240228
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 // indirect
241229
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0 // indirect
242230
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0 // indirect
243231
go.opentelemetry.io/otel/exporters/zipkin v1.34.0 // indirect
244-
go.opentelemetry.io/otel/metric v1.39.0 // indirect
245-
go.opentelemetry.io/otel/sdk v1.39.0 // indirect
246-
go.opentelemetry.io/otel/trace v1.39.0 // indirect
232+
go.opentelemetry.io/otel/metric v1.40.0 // indirect
233+
go.opentelemetry.io/otel/sdk v1.40.0 // indirect
234+
go.opentelemetry.io/otel/trace v1.40.0 // indirect
247235
go.opentelemetry.io/proto/otlp v1.6.0 // indirect
248236
go.uber.org/multierr v1.11.0 // indirect
249237
go.uber.org/zap v1.27.0 // indirect
238+
go.yaml.in/yaml/v2 v2.4.2 // indirect
239+
go.yaml.in/yaml/v3 v3.0.3 // indirect
250240
golang.org/x/crypto v0.47.0 // indirect
251241
golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 // indirect
252242
golang.org/x/net v0.49.0 // indirect
@@ -261,17 +251,18 @@ require (
261251
gopkg.in/inf.v0 v0.9.1 // indirect
262252
gopkg.in/ini.v1 v1.67.0 // indirect
263253
gopkg.in/yaml.v3 v3.0.1 // indirect
264-
k8s.io/apiserver v0.32.2 // indirect
265-
k8s.io/component-base v0.32.2 // indirect
254+
gotest.tools/v3 v3.4.0 // indirect
255+
k8s.io/apiserver v0.33.3 // indirect
256+
k8s.io/component-base v0.33.3 // indirect
266257
k8s.io/klog/v2 v2.130.1 // indirect
267258
k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
268-
k8s.io/kubectl v0.32.2 // indirect
259+
k8s.io/kubectl v0.33.3 // indirect
269260
k8s.io/utils v0.0.0-20250502105355-0f33e8f1c979 // indirect
270-
oras.land/oras-go v1.2.5 // indirect
261+
oras.land/oras-go/v2 v2.6.0 // indirect
271262
sigs.k8s.io/controller-runtime v0.19.0 // indirect
272263
sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
273-
sigs.k8s.io/kustomize/api v0.18.0 // indirect
274-
sigs.k8s.io/kustomize/kyaml v0.18.1 // indirect
264+
sigs.k8s.io/kustomize/api v0.19.0 // indirect
265+
sigs.k8s.io/kustomize/kyaml v0.19.0 // indirect
275266
sigs.k8s.io/randfill v1.0.0 // indirect
276267
sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect
277268
)

0 commit comments

Comments
 (0)