Fix dependency cves (#6353)

* Upgraded golang.org/x/crypto v0.28.0 => v0.31.0. Signed-off-by: peng wu <2030047311@qq.com> * Upgraded golang.org/x/net v0.30.0 => v0.33.0. Signed-off-by: peng wu <2030047311@qq.com> * Upgraded github.com/golang/glog v1.2.2 => v1.2.4. Fix CVE-2024-45339. Signed-off-by: peng wu <2030047311@qq.com> * Upgrade go stdlib from 1.22.8 to 1.22.11. Fix CVE-2024-45336. Signed-off-by: peng wu <2030047311@qq.com> * Upgraded github.com/go-git/go-git/v5 v5.11.0 => v5.13.0. Fix CVE-2025-21613、CVE-2025-21614. Signed-off-by: peng wu <2030047311@qq.com> * Upgraded telemetry v1.0.1 => v1.0.2. Fix CVE-2024-45338、CVE-2024-34156、CVE-2024-34155、CVE-2024-34158、CVE-2024-4536、CVE-2024-45341. Signed-off-by: peng wu <2030047311@qq.com> --------- Signed-off-by: peng wu <2030047311@qq.com>
2025-02-08 14:54:12 +08:00
parent b4069c6b3d
commit d38db0054c
150 changed files with 6945 additions and 1748 deletions
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -43,8 +43,8 @@ github.com/NYTimes/gziphandler
 # github.com/OneOfOne/xxhash v1.2.8
 ## explicit; go 1.11
 github.com/OneOfOne/xxhash
-# github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371
-## explicit; go 1.13
+# github.com/ProtonMail/go-crypto v1.1.3
+## explicit; go 1.17
 github.com/ProtonMail/go-crypto/bitcurves
 github.com/ProtonMail/go-crypto/brainpool
 github.com/ProtonMail/go-crypto/eax
@@ -55,6 +55,8 @@ github.com/ProtonMail/go-crypto/openpgp/aes/keywrap
 github.com/ProtonMail/go-crypto/openpgp/armor
 github.com/ProtonMail/go-crypto/openpgp/ecdh
 github.com/ProtonMail/go-crypto/openpgp/ecdsa
+github.com/ProtonMail/go-crypto/openpgp/ed25519
+github.com/ProtonMail/go-crypto/openpgp/ed448
 github.com/ProtonMail/go-crypto/openpgp/eddsa
 github.com/ProtonMail/go-crypto/openpgp/elgamal
 github.com/ProtonMail/go-crypto/openpgp/errors
@@ -63,6 +65,8 @@ github.com/ProtonMail/go-crypto/openpgp/internal/ecc
 github.com/ProtonMail/go-crypto/openpgp/internal/encoding
 github.com/ProtonMail/go-crypto/openpgp/packet
 github.com/ProtonMail/go-crypto/openpgp/s2k
+github.com/ProtonMail/go-crypto/openpgp/x25519
+github.com/ProtonMail/go-crypto/openpgp/x448
 # github.com/agnivade/levenshtein v1.2.0
 ## explicit; go 1.21
 github.com/agnivade/levenshtein
@@ -312,16 +316,16 @@ github.com/go-git/gcfg
 github.com/go-git/gcfg/scanner
 github.com/go-git/gcfg/token
 github.com/go-git/gcfg/types
-# github.com/go-git/go-billy/v5 v5.5.0
-## explicit; go 1.19
+# github.com/go-git/go-billy/v5 v5.6.0
+## explicit; go 1.20
 github.com/go-git/go-billy/v5
 github.com/go-git/go-billy/v5/helper/chroot
 github.com/go-git/go-billy/v5/helper/polyfill
 github.com/go-git/go-billy/v5/memfs
 github.com/go-git/go-billy/v5/osfs
 github.com/go-git/go-billy/v5/util
-# github.com/go-git/go-git/v5 v5.11.0 => github.com/go-git/go-git/v5 v5.11.0
-## explicit; go 1.19
+# github.com/go-git/go-git/v5 v5.13.0 => github.com/go-git/go-git/v5 v5.13.0
+## explicit; go 1.21
 github.com/go-git/go-git/v5
 github.com/go-git/go-git/v5/config
 github.com/go-git/go-git/v5/internal/path_util
@@ -460,7 +464,7 @@ github.com/golang-jwt/jwt/v4
 # github.com/golang/example v0.0.0-20170904185048-46695d81d1fa => github.com/golang/example v0.0.0-20170904185048-46695d81d1fa
 ## explicit
 github.com/golang/example/stringutil
-# github.com/golang/glog v1.2.2 => github.com/golang/glog v1.2.2
+# github.com/golang/glog v1.2.4 => github.com/golang/glog v1.2.4
 ## explicit; go 1.19
 github.com/golang/glog
 github.com/golang/glog/internal/logsink
@@ -916,8 +920,8 @@ github.com/sagikazarmark/locafero
 # github.com/sagikazarmark/slog-shim v0.1.0
 ## explicit; go 1.20
 github.com/sagikazarmark/slog-shim
-# github.com/sergi/go-diff v1.3.1
-## explicit; go 1.12
+# github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3
+## explicit; go 1.13
 github.com/sergi/go-diff/diffmatchpatch
 # github.com/shopspring/decimal v1.4.0
 ## explicit; go 1.10
@@ -925,7 +929,7 @@ github.com/shopspring/decimal
 # github.com/sirupsen/logrus v1.9.3 => github.com/sirupsen/logrus v1.9.3
 ## explicit; go 1.13
 github.com/sirupsen/logrus
-# github.com/skeema/knownhosts v1.2.1
+# github.com/skeema/knownhosts v1.3.0
 ## explicit; go 1.17
 github.com/skeema/knownhosts
 # github.com/sony/sonyflake v1.2.0 => github.com/sony/sonyflake v1.2.0
@@ -970,7 +974,7 @@ github.com/spf13/viper/internal/features
 # github.com/stoewer/go-strcase v1.2.0
 ## explicit; go 1.11
 github.com/stoewer/go-strcase
-# github.com/stretchr/testify v1.9.0 => github.com/stretchr/testify v1.9.0
+# github.com/stretchr/testify v1.10.0 => github.com/stretchr/testify v1.9.0
 ## explicit; go 1.17
 github.com/stretchr/testify/assert
 # github.com/subosito/gotenv v1.6.0
@@ -1116,7 +1120,7 @@ go.uber.org/zap/internal/pool
 go.uber.org/zap/internal/stacktrace
 go.uber.org/zap/zapcore
 go.uber.org/zap/zapgrpc
-# golang.org/x/crypto v0.28.0 => golang.org/x/crypto v0.28.0
+# golang.org/x/crypto v0.31.0 => golang.org/x/crypto v0.31.0
 ## explicit; go 1.20
 golang.org/x/crypto/argon2
 golang.org/x/crypto/bcrypt
@@ -1159,7 +1163,7 @@ golang.org/x/exp/slog/internal/buffer
 golang.org/x/mod/internal/lazyregexp
 golang.org/x/mod/module
 golang.org/x/mod/semver
-# golang.org/x/net v0.30.0 => golang.org/x/net v0.30.0
+# golang.org/x/net v0.33.0 => golang.org/x/net v0.33.0
 ## explicit; go 1.18
 golang.org/x/net/context
 golang.org/x/net/html
@@ -1178,12 +1182,12 @@ golang.org/x/net/websocket
 ## explicit; go 1.18
 golang.org/x/oauth2
 golang.org/x/oauth2/internal
-# golang.org/x/sync v0.8.0 => golang.org/x/sync v0.1.0
+# golang.org/x/sync v0.10.0 => golang.org/x/sync v0.1.0
 ## explicit
 golang.org/x/sync/errgroup
 golang.org/x/sync/semaphore
 golang.org/x/sync/singleflight
-# golang.org/x/sys v0.26.0 => golang.org/x/sys v0.26.0
+# golang.org/x/sys v0.28.0 => golang.org/x/sys v0.26.0
 ## explicit; go 1.18
 golang.org/x/sys/cpu
 golang.org/x/sys/execabs
@@ -1191,10 +1195,10 @@ golang.org/x/sys/plan9
 golang.org/x/sys/unix
 golang.org/x/sys/windows
 golang.org/x/sys/windows/registry
-# golang.org/x/term v0.25.0
+# golang.org/x/term v0.27.0
 ## explicit; go 1.18
 golang.org/x/term
-# golang.org/x/text v0.19.0 => golang.org/x/text v0.19.0
+# golang.org/x/text v0.21.0 => golang.org/x/text v0.19.0
 ## explicit; go 1.18
 golang.org/x/text/cases
 golang.org/x/text/encoding
@@ -2448,7 +2452,7 @@ sigs.k8s.io/yaml/goyaml.v3
 # github.com/emicklei/go-restful/v3 => github.com/emicklei/go-restful/v3 v3.11.0
 # github.com/evanphx/json-patch/v5 => github.com/evanphx/json-patch/v5 v5.9.0
 # github.com/fsnotify/fsnotify => github.com/fsnotify/fsnotify v1.7.0
-# github.com/go-git/go-git/v5 => github.com/go-git/go-git/v5 v5.11.0
+# github.com/go-git/go-git/v5 => github.com/go-git/go-git/v5 v5.13.0
 # github.com/go-ldap/ldap => github.com/go-ldap/ldap v3.0.3+incompatible
 # github.com/go-logr/logr => github.com/go-logr/logr v1.4.2
 # github.com/go-openapi/analysis => github.com/go-openapi/analysis v0.21.4
@@ -2464,7 +2468,7 @@ sigs.k8s.io/yaml/goyaml.v3
 # github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2
 # github.com/golang-jwt/jwt/v4 => github.com/golang-jwt/jwt/v4 v4.5.1
 # github.com/golang/example => github.com/golang/example v0.0.0-20170904185048-46695d81d1fa
-# github.com/golang/glog => github.com/golang/glog v1.2.2
+# github.com/golang/glog => github.com/golang/glog v1.2.4
 # github.com/golang/protobuf => github.com/golang/protobuf v1.5.4
 # github.com/google/go-cmp => github.com/google/go-cmp v0.6.0
 # github.com/google/go-containerregistry => github.com/google/go-containerregistry v0.14.0
@@ -2508,8 +2512,8 @@ sigs.k8s.io/yaml/goyaml.v3
 # go.opentelemetry.io/otel/metric => go.opentelemetry.io/otel/metric v1.28.0
 # go.opentelemetry.io/otel/sdk => go.opentelemetry.io/otel/sdk v1.28.0
 # go.opentelemetry.io/otel/trace => go.opentelemetry.io/otel/trace v1.28.0
-# golang.org/x/crypto => golang.org/x/crypto v0.28.0
-# golang.org/x/net => golang.org/x/net v0.30.0
+# golang.org/x/crypto => golang.org/x/crypto v0.31.0
+# golang.org/x/net => golang.org/x/net v0.33.0
 # golang.org/x/oauth2 => golang.org/x/oauth2 v0.21.0
 # golang.org/x/sync => golang.org/x/sync v0.1.0
 # golang.org/x/sys => golang.org/x/sys v0.26.0