Fix dependency cves (#6353)

* Upgraded golang.org/x/crypto v0.28.0 => v0.31.0. Signed-off-by: peng wu <2030047311@qq.com> * Upgraded golang.org/x/net v0.30.0 => v0.33.0. Signed-off-by: peng wu <2030047311@qq.com> * Upgraded github.com/golang/glog v1.2.2 => v1.2.4. Fix CVE-2024-45339. Signed-off-by: peng wu <2030047311@qq.com> * Upgrade go stdlib from 1.22.8 to 1.22.11. Fix CVE-2024-45336. Signed-off-by: peng wu <2030047311@qq.com> * Upgraded github.com/go-git/go-git/v5 v5.11.0 => v5.13.0. Fix CVE-2025-21613、CVE-2025-21614. Signed-off-by: peng wu <2030047311@qq.com> * Upgraded telemetry v1.0.1 => v1.0.2. Fix CVE-2024-45338、CVE-2024-34156、CVE-2024-34155、CVE-2024-34158、CVE-2024-4536、CVE-2024-45341. Signed-off-by: peng wu <2030047311@qq.com> --------- Signed-off-by: peng wu <2030047311@qq.com> (cherry picked from commit d38db0054c)
2025-02-08 14:54:12 +08:00
parent b34b7ea1fe
commit e7c97d3a56
158 changed files with 7268 additions and 1794 deletions
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -43,8 +43,8 @@ github.com/NYTimes/gziphandler
 # github.com/OneOfOne/xxhash v1.2.8
 ## explicit; go 1.11
 github.com/OneOfOne/xxhash
-# github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371
-## explicit; go 1.13
+# github.com/ProtonMail/go-crypto v1.1.3
+## explicit; go 1.17
 github.com/ProtonMail/go-crypto/bitcurves
 github.com/ProtonMail/go-crypto/brainpool
 github.com/ProtonMail/go-crypto/eax
@@ -55,6 +55,8 @@ github.com/ProtonMail/go-crypto/openpgp/aes/keywrap
 github.com/ProtonMail/go-crypto/openpgp/armor
 github.com/ProtonMail/go-crypto/openpgp/ecdh
 github.com/ProtonMail/go-crypto/openpgp/ecdsa
+github.com/ProtonMail/go-crypto/openpgp/ed25519
+github.com/ProtonMail/go-crypto/openpgp/ed448
 github.com/ProtonMail/go-crypto/openpgp/eddsa
 github.com/ProtonMail/go-crypto/openpgp/elgamal
 github.com/ProtonMail/go-crypto/openpgp/errors
@@ -63,6 +65,8 @@ github.com/ProtonMail/go-crypto/openpgp/internal/ecc
 github.com/ProtonMail/go-crypto/openpgp/internal/encoding
 github.com/ProtonMail/go-crypto/openpgp/packet
 github.com/ProtonMail/go-crypto/openpgp/s2k
+github.com/ProtonMail/go-crypto/openpgp/x25519
+github.com/ProtonMail/go-crypto/openpgp/x448
 # github.com/agnivade/levenshtein v1.2.0
 ## explicit; go 1.21
 github.com/agnivade/levenshtein
@@ -312,16 +316,16 @@ github.com/go-git/gcfg
 github.com/go-git/gcfg/scanner
 github.com/go-git/gcfg/token
 github.com/go-git/gcfg/types
-# github.com/go-git/go-billy/v5 v5.5.0
-## explicit; go 1.19
+# github.com/go-git/go-billy/v5 v5.6.0
+## explicit; go 1.20
 github.com/go-git/go-billy/v5
 github.com/go-git/go-billy/v5/helper/chroot
 github.com/go-git/go-billy/v5/helper/polyfill
 github.com/go-git/go-billy/v5/memfs
 github.com/go-git/go-billy/v5/osfs
 github.com/go-git/go-billy/v5/util
-# github.com/go-git/go-git/v5 v5.11.0 => github.com/go-git/go-git/v5 v5.11.0
-## explicit; go 1.19
+# github.com/go-git/go-git/v5 v5.13.0 => github.com/go-git/go-git/v5 v5.13.0
+## explicit; go 1.21
 github.com/go-git/go-git/v5
 github.com/go-git/go-git/v5/config
 github.com/go-git/go-git/v5/internal/path_util
@@ -460,7 +464,7 @@ github.com/golang-jwt/jwt/v4
 # github.com/golang/example v0.0.0-20170904185048-46695d81d1fa => github.com/golang/example v0.0.0-20170904185048-46695d81d1fa
 ## explicit
 github.com/golang/example/stringutil
-# github.com/golang/glog v1.2.2 => github.com/golang/glog v1.2.2
+# github.com/golang/glog v1.2.4 => github.com/golang/glog v1.2.4
 ## explicit; go 1.19
 github.com/golang/glog
 github.com/golang/glog/internal/logsink
@@ -916,8 +920,8 @@ github.com/sagikazarmark/locafero
 # github.com/sagikazarmark/slog-shim v0.1.0
 ## explicit; go 1.20
 github.com/sagikazarmark/slog-shim
-# github.com/sergi/go-diff v1.3.1
-## explicit; go 1.12
+# github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3
+## explicit; go 1.13
 github.com/sergi/go-diff/diffmatchpatch
 # github.com/shopspring/decimal v1.4.0
 ## explicit; go 1.10
@@ -925,7 +929,7 @@ github.com/shopspring/decimal
 # github.com/sirupsen/logrus v1.9.3 => github.com/sirupsen/logrus v1.9.3
 ## explicit; go 1.13
 github.com/sirupsen/logrus
-# github.com/skeema/knownhosts v1.2.1
+# github.com/skeema/knownhosts v1.3.0
 ## explicit; go 1.17
 github.com/skeema/knownhosts
 # github.com/sony/sonyflake v1.2.0 => github.com/sony/sonyflake v1.2.0
@@ -970,9 +974,10 @@ github.com/spf13/viper/internal/features
 # github.com/stoewer/go-strcase v1.2.0
 ## explicit; go 1.11
 github.com/stoewer/go-strcase
-# github.com/stretchr/testify v1.9.0 => github.com/stretchr/testify v1.9.0
+# github.com/stretchr/testify v1.10.0 => github.com/stretchr/testify v1.10.0
 ## explicit; go 1.17
 github.com/stretchr/testify/assert
+github.com/stretchr/testify/assert/yaml
 # github.com/subosito/gotenv v1.6.0
 ## explicit; go 1.18
 github.com/subosito/gotenv
@@ -1116,7 +1121,7 @@ go.uber.org/zap/internal/pool
 go.uber.org/zap/internal/stacktrace
 go.uber.org/zap/zapcore
 go.uber.org/zap/zapgrpc
-# golang.org/x/crypto v0.28.0 => golang.org/x/crypto v0.28.0
+# golang.org/x/crypto v0.31.0 => golang.org/x/crypto v0.31.0
 ## explicit; go 1.20
 golang.org/x/crypto/argon2
 golang.org/x/crypto/bcrypt
@@ -1159,7 +1164,7 @@ golang.org/x/exp/slog/internal/buffer
 golang.org/x/mod/internal/lazyregexp
 golang.org/x/mod/module
 golang.org/x/mod/semver
-# golang.org/x/net v0.30.0 => golang.org/x/net v0.30.0
+# golang.org/x/net v0.33.0 => golang.org/x/net v0.33.0
 ## explicit; go 1.18
 golang.org/x/net/context
 golang.org/x/net/html
@@ -1178,12 +1183,12 @@ golang.org/x/net/websocket
 ## explicit; go 1.18
 golang.org/x/oauth2
 golang.org/x/oauth2/internal
-# golang.org/x/sync v0.8.0 => golang.org/x/sync v0.1.0
+# golang.org/x/sync v0.10.0 => golang.org/x/sync v0.1.0
 ## explicit
 golang.org/x/sync/errgroup
 golang.org/x/sync/semaphore
 golang.org/x/sync/singleflight
-# golang.org/x/sys v0.26.0 => golang.org/x/sys v0.26.0
+# golang.org/x/sys v0.28.0 => golang.org/x/sys v0.26.0
 ## explicit; go 1.18
 golang.org/x/sys/cpu
 golang.org/x/sys/execabs
@@ -1191,10 +1196,10 @@ golang.org/x/sys/plan9
 golang.org/x/sys/unix
 golang.org/x/sys/windows
 golang.org/x/sys/windows/registry
-# golang.org/x/term v0.25.0
+# golang.org/x/term v0.27.0
 ## explicit; go 1.18
 golang.org/x/term
-# golang.org/x/text v0.19.0 => golang.org/x/text v0.19.0
+# golang.org/x/text v0.21.0 => golang.org/x/text v0.19.0
 ## explicit; go 1.18
 golang.org/x/text/cases
 golang.org/x/text/encoding
@@ -2448,7 +2453,7 @@ sigs.k8s.io/yaml/goyaml.v3
 # github.com/emicklei/go-restful/v3 => github.com/emicklei/go-restful/v3 v3.11.0
 # github.com/evanphx/json-patch/v5 => github.com/evanphx/json-patch/v5 v5.9.0
 # github.com/fsnotify/fsnotify => github.com/fsnotify/fsnotify v1.7.0
-# github.com/go-git/go-git/v5 => github.com/go-git/go-git/v5 v5.11.0
+# github.com/go-git/go-git/v5 => github.com/go-git/go-git/v5 v5.13.0
 # github.com/go-ldap/ldap => github.com/go-ldap/ldap v3.0.3+incompatible
 # github.com/go-logr/logr => github.com/go-logr/logr v1.4.2
 # github.com/go-openapi/analysis => github.com/go-openapi/analysis v0.21.4
@@ -2464,7 +2469,7 @@ sigs.k8s.io/yaml/goyaml.v3
 # github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2
 # github.com/golang-jwt/jwt/v4 => github.com/golang-jwt/jwt/v4 v4.5.1
 # github.com/golang/example => github.com/golang/example v0.0.0-20170904185048-46695d81d1fa
-# github.com/golang/glog => github.com/golang/glog v1.2.2
+# github.com/golang/glog => github.com/golang/glog v1.2.4
 # github.com/golang/protobuf => github.com/golang/protobuf v1.5.4
 # github.com/google/go-cmp => github.com/google/go-cmp v0.6.0
 # github.com/google/go-containerregistry => github.com/google/go-containerregistry v0.14.0
@@ -2498,7 +2503,7 @@ sigs.k8s.io/yaml/goyaml.v3
 # github.com/spf13/cobra => github.com/spf13/cobra v1.8.1
 # github.com/spf13/pflag => github.com/spf13/pflag v1.0.5
 # github.com/spf13/viper => github.com/spf13/viper v1.18.2
-# github.com/stretchr/testify => github.com/stretchr/testify v1.9.0
+# github.com/stretchr/testify => github.com/stretchr/testify v1.10.0
 # go.mongodb.org/mongo-driver => go.mongodb.org/mongo-driver v1.17.1
 # go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc => go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0
 # go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp => go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0
@@ -2508,8 +2513,8 @@ sigs.k8s.io/yaml/goyaml.v3
 # go.opentelemetry.io/otel/metric => go.opentelemetry.io/otel/metric v1.28.0
 # go.opentelemetry.io/otel/sdk => go.opentelemetry.io/otel/sdk v1.28.0
 # go.opentelemetry.io/otel/trace => go.opentelemetry.io/otel/trace v1.28.0
-# golang.org/x/crypto => golang.org/x/crypto v0.28.0
-# golang.org/x/net => golang.org/x/net v0.30.0
+# golang.org/x/crypto => golang.org/x/crypto v0.31.0
+# golang.org/x/net => golang.org/x/net v0.33.0
 # golang.org/x/oauth2 => golang.org/x/oauth2 v0.21.0
 # golang.org/x/sync => golang.org/x/sync v0.1.0
 # golang.org/x/sys => golang.org/x/sys v0.26.0