Fix dependency cves (#6353)

* Upgraded golang.org/x/crypto v0.28.0 => v0.31.0. Signed-off-by: peng wu <2030047311@qq.com> * Upgraded golang.org/x/net v0.30.0 => v0.33.0. Signed-off-by: peng wu <2030047311@qq.com> * Upgraded github.com/golang/glog v1.2.2 => v1.2.4. Fix CVE-2024-45339. Signed-off-by: peng wu <2030047311@qq.com> * Upgrade go stdlib from 1.22.8 to 1.22.11. Fix CVE-2024-45336. Signed-off-by: peng wu <2030047311@qq.com> * Upgraded github.com/go-git/go-git/v5 v5.11.0 => v5.13.0. Fix CVE-2025-21613、CVE-2025-21614. Signed-off-by: peng wu <2030047311@qq.com> * Upgraded telemetry v1.0.1 => v1.0.2. Fix CVE-2024-45338、CVE-2024-34156、CVE-2024-34155、CVE-2024-34158、CVE-2024-4536、CVE-2024-45341. Signed-off-by: peng wu <2030047311@qq.com> --------- Signed-off-by: peng wu <2030047311@qq.com> (cherry picked from commit d38db0054c)
2025-02-08 14:54:12 +08:00
parent b34b7ea1fe
commit e7c97d3a56
158 changed files with 7268 additions and 1794 deletions
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k_cache.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k_cache.go
@@ -5,7 +5,7 @@ package s2k
 // the same parameters.
 type Cache map[Params][]byte

-// GetOrComputeDerivedKey tries to retrieve the key 
+// GetOrComputeDerivedKey tries to retrieve the key
 // for the given s2k parameters from the cache.
 // If there is no hit, it derives the key with the s2k function from the passphrase,
 // updates the cache, and returns the key.