Skip to content

Commit

Permalink
Fix CVEs for k8s APIs and tekton
Browse files Browse the repository at this point in the history 
Signed-off-by: Ricardo M. Oliveira <rmartine@redhat.com>
  • Loading branch information
@rimolive
rimolive committed Oct 17, 2024
1 parent fc80fdc commit 3eae1aa
Show file tree
Hide file tree
Showing 2 changed files with 166 additions and 63 deletions.
53 changes: 25 additions & 28 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ require (
github.com/cenkalti/backoff v2.2.1+incompatible
github.com/eapache/go-resiliency v1.2.0
github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5 // indirect
github.com/fsnotify/fsnotify v1.6.0
github.com/fsnotify/fsnotify v1.7.0
github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32
github.com/go-openapi/errors v0.20.2
github.com/go-openapi/runtime v0.21.1
Expand All @@ -17,9 +17,9 @@ require (
github.com/go-openapi/validate v0.20.3
github.com/go-sql-driver/mysql v1.7.1
github.com/golang/glog v1.2.0
github.com/golang/protobuf v1.5.3
github.com/golang/protobuf v1.5.4
github.com/google/addlicense v0.0.0-20200906110928-a0294312aa76
github.com/google/cel-go v0.12.6
github.com/google/cel-go v0.18.1
github.com/google/go-cmp v0.6.0
github.com/google/uuid v1.5.0
github.com/gorilla/mux v1.8.0
Expand All @@ -44,23 +44,23 @@ require (
github.com/sirupsen/logrus v1.9.3
github.com/spf13/viper v1.15.0
github.com/stretchr/testify v1.9.0
github.com/tektoncd/pipeline v0.53.6
github.com/tektoncd/pipeline v0.56.6
go.uber.org/zap v1.26.0 // indirect
gocloud.dev v0.22.0
golang.org/x/net v0.24.0
google.golang.org/genproto v0.0.0-20231212172506-995d672761c0 // indirect
google.golang.org/grpc v1.60.1
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0
google.golang.org/protobuf v1.32.0
google.golang.org/protobuf v1.33.0
gopkg.in/yaml.v3 v3.0.1
k8s.io/api v0.27.2
k8s.io/apimachinery v0.27.3
k8s.io/client-go v0.27.2
k8s.io/code-generator v0.27.2
k8s.io/utils v0.0.0-20230505201702-9f6742963106 // indirect
k8s.io/api v0.29.8
k8s.io/apimachinery v0.29.8
k8s.io/client-go v0.29.8
k8s.io/code-generator v0.29.8
k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
knative.dev/pkg v0.0.0-20231023150739-56bfe0dd9626
sigs.k8s.io/controller-runtime v0.11.1
sigs.k8s.io/yaml v1.3.0
sigs.k8s.io/yaml v1.4.0
)

require (
Expand All @@ -81,7 +81,7 @@ require (
github.com/Masterminds/goutils v1.1.1 // indirect
github.com/Masterminds/semver/v3 v3.2.0 // indirect
github.com/Masterminds/sprig/v3 v3.2.3 // indirect
github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect
github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect
github.com/argoproj/pkg v0.13.6 // indirect
github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef // indirect
github.com/beorn7/perks v1.0.1 // indirect
Expand All @@ -91,7 +91,7 @@ require (
github.com/colinmarc/hdfs/v2 v2.4.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/doublerebel/bellows v0.0.0-20160303004610-f177d92a03d3 // indirect
github.com/emicklei/go-restful/v3 v3.10.2 // indirect
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
github.com/evanphx/json-patch v5.8.0+incompatible // indirect
github.com/evanphx/json-patch/v5 v5.6.0 // indirect
github.com/expr-lang/expr v1.16.0 // indirect
Expand All @@ -108,15 +108,15 @@ require (
github.com/go-stack/stack v1.8.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/google/gnostic v0.6.9 // indirect
github.com/google/go-containerregistry v0.16.1 // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/go-containerregistry v0.17.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/s2a-go v0.1.7 // indirect
github.com/google/wire v0.4.0 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
github.com/googleapis/gax-go/v2 v2.12.0 // indirect
github.com/gorilla/websocket v1.5.0 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/hashicorp/go-uuid v1.0.3 // indirect
Expand Down Expand Up @@ -152,13 +152,14 @@ require (
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
github.com/oklog/ulid v1.3.1 // indirect
github.com/oliveagle/jsonpath v0.0.0-20180606110733-2e52cf6e6852 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opentracing/opentracing-go v1.2.0 // indirect
github.com/pelletier/go-toml/v2 v2.0.6 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/prometheus/common v0.42.0 // indirect
github.com/prometheus/common v0.44.0 // indirect
github.com/prometheus/procfs v0.10.1 // indirect
github.com/prometheus/statsd_exporter v0.21.0 // indirect
github.com/robfig/cron/v3 v3.0.1 // indirect
Expand All @@ -179,7 +180,7 @@ require (
go.opentelemetry.io/otel/metric v1.21.0 // indirect
go.opentelemetry.io/otel/trace v1.21.0 // indirect
go.uber.org/atomic v1.10.0 // indirect
go.uber.org/multierr v1.10.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/crypto v0.22.0 // indirect
golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
golang.org/x/mod v0.17.0 // indirect
Expand All @@ -197,22 +198,18 @@ require (
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
k8s.io/apiextensions-apiserver v0.27.2 // indirect
k8s.io/component-base v0.27.2 // indirect
k8s.io/gengo v0.0.0-20221011193443-fad74ee6edd9 // indirect
k8s.io/klog/v2 v2.100.1 // indirect
k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5 // indirect
k8s.io/component-base v0.29.8 // indirect
k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect
k8s.io/klog/v2 v2.110.1 // indirect
k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
)

replace (
github.com/kubeflow/kfp-tekton/tekton-catalog/cache => github.com/kubeflow/kfp-tekton/tekton-catalog/cache v0.0.0-20231127195001-a75d4b3711ff
github.com/kubeflow/kfp-tekton/tekton-catalog/objectstore => github.com/kubeflow/kfp-tekton/tekton-catalog/objectstore v0.0.0-20231127195001-a75d4b3711ff
k8s.io/api => k8s.io/api v0.25.9
k8s.io/apimachinery => k8s.io/apimachinery v0.26.5
k8s.io/client-go => k8s.io/client-go v0.25.9
k8s.io/code-generator => k8s.io/code-generator v0.25.9
k8s.io/kubernetes => k8s.io/kubernetes v1.11.1
k8s.io/api => k8s.io/api v0.29.8
sigs.k8s.io/controller-tools => sigs.k8s.io/controller-tools v0.2.9
)

Expand Down
Loading

0 comments on commit 3eae1aa

Please sign in to comment.