Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

go.mod: update dependencies #1657

Draft
wants to merge 24 commits into
base: master
Choose a base branch
from

Commits on Nov 7, 2022

  1. server: move prometheus metrics to separate files

    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    5869b05 View commit details
    Browse the repository at this point in the history
  2. server: add no_metrics build-tag to disable prometheus

    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    ca2d641 View commit details
    Browse the repository at this point in the history
  3. server: use docker/go-metrics utilities for prometheus

    The old code was no longer compatible with current versions of prometheus.
    This switches the code to use docker/go-metrics, which is compatible with
    current versions of prometheus, and already in use in other code in the
    dependency tree.
    
    I tried to keep the metrics the same as before, but there may be some
    differences.
    
    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    07a34ba View commit details
    Browse the repository at this point in the history
  4. go.mod: github.com/spf13/cobra v1.6.1

    Fixes a panic when AddGroup isn't called before AddCommand(my-sub-command) is executed
    
    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    8a54c2b View commit details
    Browse the repository at this point in the history
  5. go.mod: golang.org/x/term v0.1.0

    The golang.org/x/ projects now tag releases.
    
    full diff: golang/term@f5c789d...v0.1.0
    
    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    208b0ac View commit details
    Browse the repository at this point in the history
  6. go.mod: golang.org/x/sys v0.1.0

    The golang.org/x/ projects now tag releases.
    
    full diff: golang/sys@bc2c85a...v0.1.0
    
    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    f0a6949 View commit details
    Browse the repository at this point in the history
  7. go.mod: golang.org/x/text v0.4.0

    The golang.org/x/ projects now tag releases.
    
    includes fixes for CVE-2022-32149 (v0.3.8)
    
    full diff: golang/text@v0.3.3...v0.4.0
    
    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    80f2ee2 View commit details
    Browse the repository at this point in the history
  8. go.mod: golang.org/x/net v0.1.0

    The golang.org/x/ projects now tag releases.
    
    - updates to a version that fixes CVE-2022-27664
    
    full diff: golang/net@f585440...v0.1.0
    
    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    162195a View commit details
    Browse the repository at this point in the history
  9. go.mod: golang.org/x/crypto v0.1.0

    The golang.org/x/ projects now tag releases.
    
    Also removing uses of golang.org/x/crypto/ed25519, which is now part of stdlib:
    
        Beginning with Go 1.13, the functionality of this package was moved to the
        standard library as crypto/ed25519. This package only acts as a compatibility
        wrapper.
    
    full diff: golang/crypto@f585440...v0.1.0
    
    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    a01f6a2 View commit details
    Browse the repository at this point in the history
  10. go.mod: github.com/dvsekhvalnov/jose2go v1.5.0

    Adds go.mod support
    
    full diff: dvsekhvalnov/jose2go@248326c...v1.5.0
    
    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    ccbc076 View commit details
    Browse the repository at this point in the history
  11. Configuration menu
    Copy the full SHA
    f5cb2fe View commit details
    Browse the repository at this point in the history
  12. go.mod: github.com/sirupsen/logrus v1.9.0

    full diff: sirupsen/logrus@v1.7.1...v1.9.0
    
    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    cf853a9 View commit details
    Browse the repository at this point in the history
  13. go.mod: github.com/miekg/pkcs11 v1.1.1

    full diff: miekg/pkcs11@v1.0.3...v1.1.1
    
    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    faeb999 View commit details
    Browse the repository at this point in the history
  14. go.mod: github.com/stretchr/testify v1.8.1

    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    afd9eef View commit details
    Browse the repository at this point in the history
  15. go.mod: google.golang.org/protobuf v1.28.0

    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    e058f41 View commit details
    Browse the repository at this point in the history
  16. go.mod: github.com/gogo/protobuf v1.3.2

    contains fixes for CVE-2021-3121 "skippy peanut butter"
    
    full diff: gogo/protobuf@v1.0.0...v1.3.2
    
    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    fb1c0d5 View commit details
    Browse the repository at this point in the history
  17. go.mod: github.com/spf13/viper v1.13.0

    removes the deprecated github.com/BurntSushi/toml dependency
    
    full diff: spf13/viper@be5ff3e...v1.13.0
    
    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    04ae5f3 View commit details
    Browse the repository at this point in the history
  18. go.mod: github.com/opencontainers/image-spec v1.0.2

    This is a dependency for docker/distribution, which does not yet use go modules,
    so indirect dependencies aren't updated automatically.
    
    image-spec v1.0.2 contains mitigations for CVE-2021-41190.
    
    full diff: opencontainers/image-spec@v1.0.1...v1.0.2
    
    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    6593165 View commit details
    Browse the repository at this point in the history
  19. go.mod: github.com/docker/distribution v2.8.1

    full diff: distribution/distribution@v2.7.1...v2.8.1
    
    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    c45a639 View commit details
    Browse the repository at this point in the history
  20. go.mod: github.com/gorilla/mux v1.8.0

    full diff: gorilla/mux@v1.7.0...v1.8.0
    
    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    f3c9d4f View commit details
    Browse the repository at this point in the history
  21. go.mod: github.com/prometheus/client_golang v1.12.1

    not the latest version, but this version looks to be commonly used in various
    projects. Also contains fixes for CVE-2022-21698 (affects versions < 1.11.1)
    
    full diff: prometheus/client_golang@c332b6f...v1.12.1
    
    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    2b3b1cf View commit details
    Browse the repository at this point in the history
  22. go.mod: github.com/docker/go-metrics v0.0.1

    adds go.mod
    
    full diff: docker/go-metrics@c332b6f...v0.0.1
    
    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    6a37534 View commit details
    Browse the repository at this point in the history
  23. go.mod: github.com/cloudflare/cfssl v1.5.0

    not using latest version, as that brings many indirect dependencies (through cobra)
    
    - removes github.com/gogo/protobuf dependency
    - unfortunately, brings back golang.org/x/crypto/ed25519 (will open a PR for that)
    
    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    fc0da05 View commit details
    Browse the repository at this point in the history
  24. go.mod: github.com/matttproud/golang_protobuf_extensions v1.0.2

    updating the indirect dependency to match other projects; this version adds
    a go.mod;
    
    matttproud/golang_protobuf_extensions@v1.0.1...v1.0.2
    
    Signed-off-by: Sebastiaan van Stijn <[email protected]>
    thaJeztah committed Nov 7, 2022
    Configuration menu
    Copy the full SHA
    1c7f718 View commit details
    Browse the repository at this point in the history