chore: Bump github.com/moby/buildkit from 0.7.2 to 0.11.1

[dependabot]

Bumps github.com/moby/buildkit from 0.7.2 to 0.11.1.

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.11.1

Welcome to the 0.11.1 release of buildkit! This is a pre-release of buildkit

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Notable changes

• Builtin Dockerfile frontend has been updated to 1.5.1, fixing possible panic in certain warning condition #3505
• Fix possible hang when closing down the SSH forwarding socket in v0.11.0 #3506
• Fix typo in an environment variable used to configure OpenTelemetry endpoints #3508

v0.11.0

Welcome to the 0.11.0 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Notable Changes

• Builtin Dockerfile frontend has been updated to v1.5.0 https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.5.0

• BuildKit and compatible frontends can now produce SBOM (Software Bill of Materials) attestations for the build results to show the dependencies of the build. These attestations can be added to images and locally exported files. Using Dockerfiles, SBOM information can be configured to be produced also based on files in intermediate build stages or build context, or run processes that manually define the SBOM dependencies. When exporting an image, layer mapping is also produced that allows tracing a SBOM package to a specific build step. #3258 #3290 #3249 #2983 #3358 #3312 #3407 #3408 #3410 #3414 #3422 Read documentation

• BuildKit can now produce a Provenance attestation for the build result in SLSA format. Provenance attestations describe how a build was produced, and what sources/parameters were used. In addition to fields part of the SLSA specification, Buildkit's provenance also exports BuildKit-specific metadata like LLB steps with their source- and layer mapping. Provenance attestation will capture all the build sources visible to BuildKit, for example, not only the Git repository where the project's source is coming from but also the digests of all the container images used during the build. #3240 #3428 #3428 #3462 Read documentation

• BuildKit now supports reproducible builds by setting SOURCE_DATE_EPOCH build argument or source-date-epoch exporter attribute. This deterministic date will be used in image metadata instead of the current time. #2918 #3262 #3152 Read documentation

• OCI annotations can now be set to build results exported as images or OCI layouts. Annotations can be set on both image manifests and indexes, as well as descriptors to them. #3283 #3061 #2975 #2879 Read documentation

• New Build History API allows listening to events about builds starting and completing, and streaming progress of active builds. New commands buildctl debug monitor, buildctl debug logs and buildctl debug get have been added to use this API. Build records also keep OpenTelemetry traces, provenance attestations, and image manifests if they were created by the build. #3294 #3339 #3440

• Build results exported with image, local or tar exporters now support attestations. In addition to builtin SBOM and Provenance attestations, frontends can produce custom attestations in in-toto format #3197 #3070 #3129 #3073 #3063 #2935 #3289 #3389 #3321 #3342 #3461 Read documentation

• New Source type oci-layout:// allows builds to import images from OCI directory structure on the client side. This allows using local versions of the image. #3112 #3300 #3122 #3034 #2971 #2827 #3397

• Build requests now support sending a Source policy definition. A policy can be used to deny access to specific sources (e.g. images or URLs) or only allow access to specific image namespaces. Policies can also be used to modify sources when they are requested by the build, for example, pin a tag requested by the build to a specific digest even if it has already changed in the registry. #3332

• New remote cache backend: Azure Blob Storage #3010

• New remote cache backend: S3 #2824 #3065

• BuildKit now supports Nydus compression type #2581

• OCI exporter now supports attribute tar=false to export OCI layout into a directory instead of downloading a tarball. #3162

• Setting multiple cache exporters for a single build is now supported #3024 #3271

... (truncated)

Commits

• b6051af Merge pull request #3512 from tonistiigi/v0.11.1-cherry-picks
• 822a6ec fix(tracing): spelling of OTEL_TRACES_EXPORTER value
• 0282ebe Propagate sshforward send side connection close
• 3e30eaa dockerfile: fix panic on warnings with multi-platform
• e1d867e Merge pull request #3504 from AkihiroSuda/cherrypick-3485
• ce20f82 docs/build-repro.md: add the SOURCE_DATE_EPOCH section
• a8e8d2a Merge pull request #3487 from jedevc/cherry-pick-docs-0.11
• 35a1da0 docs: master -> 0.11
• 830288a Merge pull request #3483 from tonistiigi/v0.11-grpc-path-err
• c5143c0 [v0.11] make tracing socket forward error non-fatal
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[guardrails]

⚠️ We detected 204 security issues in this pull request:

Vulnerable Libraries (204)

Severity	Details
High	pkg:golang/github.com/prometheus/client_golang@v1.0.0@v1.0.0 upgrade to: 1.11.1
N/A	pkg:golang/golang.org/x/net@v0.0.0-20181106065722-10aee1819953@v0.0.0-20181106065722-10aee1819953 upgrade to: 0.0.0-20210520170846-37e1c6afe023
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20190209173611-3b5209105503@v0.0.0-20190209173611-3b5209105503 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
Medium	pkg:golang/github.com/yuin/goldmark@v1.1.27@v1.1.27 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20201201145000-ef89a241ccb3@v0.0.0-20201201145000-ef89a241ccb3 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210630005230-0f9fa26af87c@v0.0.0-20210630005230-0f9fa26af87c upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/net@v0.0.0-20200501053045-e0ff5e5a1de5@v0.0.0-20200501053045-e0ff5e5a1de5 upgrade to: 1.18.9,1.19.4,0.4.0
N/A	pkg:golang/golang.org/x/text@v0.0.0-20170915032832-14c0d48ead0c@v0.0.0-20170915032832-14c0d48ead0c upgrade to: 0.3.8
N/A	pkg:golang/golang.org/x/net@v0.0.0-20211216030914-fe4d6282115f@v0.0.0-20211216030914-fe4d6282115f upgrade to: 1.18.9,1.19.4,0.4.0
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20181029174526-d69651ed3497@v0.0.0-20181029174526-d69651ed3497 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20191001151750-bb3f8db39f24@v0.0.0-20191001151750-bb3f8db39f24 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210330210617-4fbd30eecc44@v0.0.0-20210330210617-4fbd30eecc44 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210906170528-6f6e22806c34@v0.0.0-20210906170528-6f6e22806c34 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b@v3.0.0-20210107192922-496545a6307b upgrade to: 3.0.0
High	pkg:golang/golang.org/x/text@v0.3.7@v0.3.7 - no patch available
High	pkg:golang/github.com/opencontainers/runc@v1.1.2@v1.1.2 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20200909081042-eff7692f9009@v0.0.0-20200909081042-eff7692f9009 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210305230114-8fe3ee5dd75b@v0.0.0-20210305230114-8fe3ee5dd75b upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/net@v0.0.0-20190813141303-74dc4d7220e7@v0.0.0-20190813141303-74dc4d7220e7 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20190826190057-c7b8b68b1456@v0.0.0-20190826190057-c7b8b68b1456 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/net@v0.0.0-20190923162816-aa69164e4478@v0.0.0-20190923162816-aa69164e4478 - no patch available
N/A	pkg:golang/golang.org/x/net@v0.0.0-20190125091013-d26f9f9a57f3@v0.0.0-20190125091013-d26f9f9a57f3 upgrade to: 1.18.6,1.19.1,0.0.0-20220906165146-f3363e06e74c
High	pkg:golang/golang.org/x/net@v0.0.0-20210119194325-5f4716e94777@v0.0.0-20210119194325-5f4716e94777 - no patch available
N/A	pkg:golang/golang.org/x/net@v0.0.0-20220722155237-a158d28d115b@v0.0.0-20220722155237-a158d28d115b upgrade to: 0.1.1-0.20221104162952-702349b0e862
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20211216021012-1d35b9e2eb4e@v0.0.0-20211216021012-1d35b9e2eb4e upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210112080510-489259a85091@v0.0.0-20210112080510-489259a85091 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
Low	pkg:golang/github.com/aws/aws-sdk-go@v1.25.11@v1.25.11 - no patch available
Low	pkg:golang/github.com/aws/aws-sdk-go@v1.15.90@v1.15.90 - no patch available
High	pkg:golang/golang.org/x/net@v0.0.0-20200822124328-c89045814202@v0.0.0-20200822124328-c89045814202 - no patch available
Medium	pkg:golang/golang.org/x/crypto@v0.0.0-20190211182817-74369b46fc67@v0.0.0-20190211182817-74369b46fc67 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20200923182605-d9f96fdee20d@v0.0.0-20200923182605-d9f96fdee20d upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/net@v0.0.0-20200301022130-244492dfa37a@v0.0.0-20200301022130-244492dfa37a upgrade to: 1.18.6,1.19.1,0.0.0-20220906165146-f3363e06e74c
Critical	pkg:golang/github.com/gogo/protobuf@v1.3.2@v1.3.2 - no patch available
Critical	pkg:golang/github.com/gogo/protobuf@v1.3.2@v1.3.2 - no patch available
N/A	pkg:golang/golang.org/x/net@v0.0.0-20181108082009-03003ca0c849@v0.0.0-20181108082009-03003ca0c849 upgrade to: 1.18.9,1.19.4,0.4.0
High	pkg:golang/golang.org/x/net@v0.0.0-20211015210444-4f30a5c0130f@v0.0.0-20211015210444-4f30a5c0130f - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20200511232937-7e40ca221e25@v0.0.0-20200511232937-7e40ca221e25 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/gopkg.in/yaml.v2@v2.2.5@v2.2.5 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20191228213918-04cbcbbfeed8@v0.0.0-20191228213918-04cbcbbfeed8 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20200124204421-9fbb57f87de9@v0.0.0-20200124204421-9fbb57f87de9 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
Medium	pkg:golang/golang.org/x/crypto@v0.0.0-20220511200225-c6db032c6c88@v0.0.0-20220511200225-c6db032c6c88 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20181205085412-a5c9d58dba9a@v0.0.0-20181205085412-a5c9d58dba9a upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
Medium	pkg:golang/github.com/yuin/goldmark@v1.1.25@v1.1.25 - no patch available
High	pkg:golang/golang.org/x/crypto@v0.0.0-20191002192127-34f69633bfdc@v0.0.0-20191002192127-34f69633bfdc upgrade to: 0.0.0-20200220183623-bac4c82f6975
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210119212857-b64e53b001e4@v0.0.0-20210119212857-b64e53b001e4 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
Medium	pkg:golang/golang.org/x/crypto@v0.0.0-20200220183623-bac4c82f6975@v0.0.0-20200220183623-bac4c82f6975 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20201013081832-0aaa2718063a@v0.0.0-20201013081832-0aaa2718063a upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/k8s.io/client-go@v0.19.0@v0.19.0 upgrade to: 0.20.0-alpha.2,1.20.0-alpha.2
N/A	pkg:golang/golang.org/x/net@v0.0.0-20211209124913-491a49abca63@v0.0.0-20211209124913-491a49abca63 upgrade to: 1.18.6,1.19.1,0.0.0-20220906165146-f3363e06e74c
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20211025201205-69cdffdb9359@v0.0.0-20211025201205-69cdffdb9359 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
Low	pkg:golang/github.com/aws/aws-sdk-go@v1.19.18@v1.19.18 - no patch available
High	pkg:golang/gopkg.in/yaml.v2@v2.4.0@v2.4.0 - no patch available
High	pkg:golang/gopkg.in/yaml.v2@v2.4.0@v2.4.0 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20211019181941-9d821ace8654@v0.0.0-20211019181941-9d821ace8654 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/gopkg.in/yaml.v2@v2.2.3@v2.2.3 upgrade to: 2.2.4
High	pkg:golang/golang.org/x/net@v0.0.0-20190628185345-da137c7871d7@v0.0.0-20190628185345-da137c7871d7 - no patch available
High	pkg:golang/golang.org/x/net@v0.0.0-20190724013045-ca1201d0de80@v0.0.0-20190724013045-ca1201d0de80 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20200202164722-d101bd2416d5@v0.0.0-20200202164722-d101bd2416d5 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
Critical	pkg:golang/github.com/emicklei/go-restful@v2.9.5+incompatible@v2.9.5+incompatible upgrade to: 2.16.0,3.8.0
High	pkg:golang/github.com/prometheus/client_golang@v1.11.0@v1.11.0 upgrade to: 1.11.1
Medium	pkg:golang/golang.org/x/crypto@v0.0.0-20211117183948-ae814b36b871@v0.0.0-20211117183948-ae814b36b871 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20200501052902-10377860bb8e@v0.0.0-20200501052902-10377860bb8e upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/crypto@v0.0.0-20211209193657-4570a0811e8b@v0.0.0-20211209193657-4570a0811e8b upgrade to: 0.0.0-20220314234659-1baeb1ce4c0b
High	pkg:golang/github.com/prometheus/client_golang@v0.9.3@v0.9.3 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20190801041406-cbf593c0f2f3@v0.0.0-20190801041406-cbf593c0f2f3 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20200905004654-be1d3432aa8f@v0.0.0-20200905004654-be1d3432aa8f upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/net@v0.0.0-20210503060351-7fd8e65b6420@v0.0.0-20210503060351-7fd8e65b6420 - no patch available
N/A	pkg:golang/golang.org/x/net@v0.0.0-20181029044818-c44066c5c816@v0.0.0-20181029044818-c44066c5c816 upgrade to: 0.0.0-20210520170846-37e1c6afe023
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20181122145206-62eef0e2fa9b@v0.0.0-20181122145206-62eef0e2fa9b upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20190620070143-6f217b454f45@v0.0.0-20190620070143-6f217b454f45 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/net@v0.0.0-20201224014010-6772e930b67b@v0.0.0-20201224014010-6772e930b67b - no patch available
High	pkg:golang/golang.org/x/text@v0.3.6@v0.3.6 - no patch available
N/A	pkg:golang/k8s.io/apimachinery@v0.0.0-20180904193909-def12e63c512@v0.0.0-20180904193909-def12e63c512 upgrade to: 0.0.0-20190927203648-9ce6eca90e73
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210220050731-9a76102bfb43@v0.0.0-20210220050731-9a76102bfb43 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/github.com/prometheus/client_golang@v1.1.0@v1.1.0 upgrade to: 1.11.1
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20220319134239-a9b59b0215f8@v0.0.0-20220319134239-a9b59b0215f8 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/gopkg.in/yaml.v2@v2.2.7@v2.2.7 - no patch available
High	pkg:golang/golang.org/x/net@v0.0.0-20200625001655-4c5254603344@v0.0.0-20200625001655-4c5254603344 - no patch available
High	pkg:golang/github.com/aws/aws-sdk-go@v1.31.6@v1.31.6 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210315160823-c6e025ad8005@v0.0.0-20210315160823-c6e025ad8005 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
Medium	pkg:golang/k8s.io/kubernetes@v1.11.10@v1.11.10 upgrade to: 0.17.0,1.16.0-beta.1
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210603125802-9665404d3644@v0.0.0-20210603125802-9665404d3644 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20200331124033-c3d80250170d@v0.0.0-20200331124033-c3d80250170d upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210615035016-665e8c7367d1@v0.0.0-20210615035016-665e8c7367d1 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20211116061358-0a5406a5449c@v0.0.0-20211116061358-0a5406a5449c upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/k8s.io/client-go@v0.17.4@v0.17.4 upgrade to: 0.20.0-alpha.2,1.20.0-alpha.2
High	pkg:golang/k8s.io/apiserver@v0.17.4@v0.17.4 - no patch available
High	pkg:golang/golang.org/x/net@v0.0.0-20200324143707-d3edc9973b7e@v0.0.0-20200324143707-d3edc9973b7e - no patch available
N/A	pkg:golang/github.com/apache/thrift@v0.12.0@v0.12.0 upgrade to: 0.13.0
N/A	pkg:golang/github.com/apache/thrift@v0.12.0@v0.12.0 upgrade to: 0.13.0
N/A	pkg:golang/github.com/sassoftware/go-rpmutils@v0.0.0-20190420191620-a8f1baeba37b@v0.0.0-20190420191620-a8f1baeba37b upgrade to: 0.1.0
N/A	pkg:golang/github.com/ulikunitz/xz@v0.5.6@v0.5.6 upgrade to: 0.5.8
Medium	pkg:golang/golang.org/x/crypto@v0.0.0-20181203042331-505ab145d0a9@v0.0.0-20181203042331-505ab145d0a9 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210510120138-977fb7262007@v0.0.0-20210510120138-977fb7262007 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/net@v0.0.0-20191112182307-2180aed22343@v0.0.0-20191112182307-2180aed22343 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210819135213-f52c844e1c1c@v0.0.0-20210819135213-f52c844e1c1c upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/net@v0.2.0@v0.2.0 upgrade to: 1.18.9,1.19.4,0.4.0
High	pkg:golang/golang.org/x/net@v0.0.0-20201209123823-ac852fbbde11@v0.0.0-20201209123823-ac852fbbde11 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210124154548-22da62e12c0c@v0.0.0-20210124154548-22da62e12c0c upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/crypto@v0.0.0-20220315160706-3147a52a75dd@v0.0.0-20220315160706-3147a52a75dd - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210908233432-aa78b53d3365@v0.0.0-20210908233432-aa78b53d3365 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20200122134326-e047566fdf82@v0.0.0-20200122134326-e047566fdf82 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20200917073148-efd3b9a0ff20@v0.0.0-20200917073148-efd3b9a0ff20 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/net@v0.0.0-20200114155413-6afb5195e5aa@v0.0.0-20200114155413-6afb5195e5aa upgrade to: 0.0.0-20210520170846-37e1c6afe023
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210423082822-04245dca01da@v0.0.0-20210423082822-04245dca01da upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20191112214154-59a1497f0cea@v0.0.0-20191112214154-59a1497f0cea upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/net@v0.0.0-20191004110552-13f9640d40b9@v0.0.0-20191004110552-13f9640d40b9 - no patch available
High	pkg:golang/golang.org/x/net@v0.0.0-20201010224723-4f7140c49acb@v0.0.0-20201010224723-4f7140c49acb - no patch available
High	pkg:golang/golang.org/x/net@v0.0.0-20201031054903-ff519b6c9102@v0.0.0-20201031054903-ff519b6c9102 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20201119102817-f84b799fce68@v0.0.0-20201119102817-f84b799fce68 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20200515095857-1151b9dac4a9@v0.0.0-20200515095857-1151b9dac4a9 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20200615200032-f1bc736245b1@v0.0.0-20200615200032-f1bc736245b1 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/github.com/ulikunitz/xz@v0.5.7@v0.5.7 upgrade to: 0.5.8
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20190626221950-04f50cda93cb@v0.0.0-20190626221950-04f50cda93cb upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/net@v0.0.0-20200202094626-16171245cfb2@v0.0.0-20200202094626-16171245cfb2 - no patch available
High	pkg:golang/github.com/containernetworking/cni@v0.8.0@v0.8.0 upgrade to: 0.8.1,0.8.1
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20190726091711-fc99dfbffb4e@v0.0.0-20190726091711-fc99dfbffb4e upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20220114195835-da31bd327af9@v0.0.0-20220114195835-da31bd327af9 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/gopkg.in/yaml.v3@v3.0.0-20200615113413-eeeca48fe776@v3.0.0-20200615113413-eeeca48fe776 upgrade to: 3.0.0
Critical	pkg:golang/github.com/gogo/protobuf@v1.2.2-0.20190723190241-65acae22fc9d@v1.2.2-0.20190723190241-65acae22fc9d - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20200622214017-ed371f2e16b4@v0.0.0-20200622214017-ed371f2e16b4 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20200916030750-2334cc1a136f@v0.0.0-20200916030750-2334cc1a136f upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/text@v0.0.0-20160726164857-2910a502d2bf@v0.0.0-20160726164857-2910a502d2bf upgrade to: 0.3.8
Medium	pkg:golang/golang.org/x/crypto@v0.0.0-20210921155107-089bfa567519@v0.0.0-20210921155107-089bfa567519 - no patch available
High	pkg:golang/golang.org/x/net@v0.0.0-20190613194153-d28f0bde5980@v0.0.0-20190613194153-d28f0bde5980 - no patch available
N/A	pkg:golang/golang.org/x/crypto@v0.0.0-20181030102418-4d3f4d9ffa16@v0.0.0-20181030102418-4d3f4d9ffa16 upgrade to: 0.0.0-20201216223049-8b5274cf687f
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20200625212154-ddb9806d33ae@v0.0.0-20200625212154-ddb9806d33ae upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/net@v0.0.0-20220127200216-cd36cc0744dd@v0.0.0-20220127200216-cd36cc0744dd - no patch available
N/A	pkg:golang/github.com/gorilla/websocket@v0.0.0-20170926233335-4201258b820c@v0.0.0-20170926233335-4201258b820c upgrade to: 1.4.1
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20190606203320-7fc4e5ec1444@v0.0.0-20190606203320-7fc4e5ec1444 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/net@v0.0.0-20220425223048-2871e0cb64e4@v0.0.0-20220425223048-2871e0cb64e4 - no patch available
High	pkg:golang/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781@v0.0.0-20210428140749-89ef3d95e781 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20200728102440-3e129f6d46b1@v0.0.0-20200728102440-3e129f6d46b1 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20200106162015-b016eb3dc98e@v0.0.0-20200106162015-b016eb3dc98e upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210426230700-d19ff857e887@v0.0.0-20210426230700-d19ff857e887 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/net@v0.0.0-20200513185701-a91f0712d120@v0.0.0-20200513185701-a91f0712d120 - no patch available
N/A	pkg:golang/github.com/docker/distribution@v0.0.0-20190905152932-14b96e55d84c@v0.0.0-20190905152932-14b96e55d84c upgrade to: 2.7.0-rc.0
High	pkg:golang/golang.org/x/net@v0.0.0-20210525063256-abc453219eb5@v0.0.0-20210525063256-abc453219eb5 - no patch available
Medium	pkg:golang/golang.org/x/crypto@v0.0.0-20201117144127-c1f2f97bffc9@v0.0.0-20201117144127-c1f2f97bffc9 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210603081109-ebe580a85c40@v0.0.0-20210603081109-ebe580a85c40 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210514084401-e8d321eab015@v0.0.0-20210514084401-e8d321eab015 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20200302150141-5c8b2ff67527@v0.0.0-20200302150141-5c8b2ff67527 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20190616124812-15dcb6c0061f@v0.0.0-20190616124812-15dcb6c0061f upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20191026070338-33540a1f6037@v0.0.0-20191026070338-33540a1f6037 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/net@v0.0.0-20180911220305-26e67e76b6c3@v0.0.0-20180911220305-26e67e76b6c3 upgrade to: 0.0.0-20180925071336-cf3bd585ca2a
N/A	pkg:golang/github.com/docker/distribution@v2.6.0-rc.1.0.20180327202408-83389a148052+incompatible@v2.6.0-rc.1.0.20180327202408-83389a148052+incompatible upgrade to: 2.8.0
N/A	pkg:golang/golang.org/x/net@v0.0.0-20211112202133-69e39bad7dc2@v0.0.0-20211112202133-69e39bad7dc2 upgrade to: 1.16.12,1.17.5,0.0.0-20211209124913-491a49abca63
N/A	pkg:golang/golang.org/x/crypto@v0.0.0-20211215153901-e495a2d5b3d3@v0.0.0-20211215153901-e495a2d5b3d3 upgrade to: 0.0.0-20220314234659-1baeb1ce4c0b
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210104204734-6f8348627aad@v0.0.0-20210104204734-6f8348627aad upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/net@v0.0.0-20210405180319-a5a99cb37ef4@v0.0.0-20210405180319-a5a99cb37ef4 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210823070655-63515b42dcdf@v0.0.0-20210823070655-63515b42dcdf upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20200113162924-86b910548bc1@v0.0.0-20200113162924-86b910548bc1 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
Medium	pkg:golang/golang.org/x/crypto@v0.0.0-20191206172530-e9b2fee46413@v0.0.0-20191206172530-e9b2fee46413 - no patch available
Medium	pkg:golang/golang.org/x/crypto@v0.0.0-20190611184440-5c40567a22f8@v0.0.0-20190611184440-5c40567a22f8 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210423185535-09eb48e85fd7@v0.0.0-20210423185535-09eb48e85fd7 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20200803210538-64077c9b5642@v0.0.0-20200803210538-64077c9b5642 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/github.com/aws/aws-sdk-go@v1.16.26@v1.16.26 upgrade to: 1.34.0
High	pkg:golang/golang.org/x/net@v0.0.0-20200222125558-5a598a2470a0@v0.0.0-20200222125558-5a598a2470a0 - no patch available
Critical	pkg:golang/github.com/emicklei/go-restful@v0.0.0-20170410110728-ff4f55a20633@v0.0.0-20170410110728-ff4f55a20633 upgrade to: 2.16.0,3.8.0
High	pkg:golang/golang.org/x/net@v0.0.0-20220225172249-27dd8689420f@v0.0.0-20220225172249-27dd8689420f - no patch available
N/A	pkg:golang/golang.org/x/net@v0.0.0-20170114055629-f2499483f923@v0.0.0-20170114055629-f2499483f923 upgrade to: 0.0.0-20180921000356-2f5d2388922f
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20200217220822-9197077df867@v0.0.0-20200217220822-9197077df867 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20200831180312-196b9ba8737a@v0.0.0-20200831180312-196b9ba8737a upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/net@v0.0.0-20201021035429-f5854403a974@v0.0.0-20201021035429-f5854403a974 - no patch available
High	pkg:golang/golang.org/x/net@v0.0.0-20210226172049-e18ecbb05110@v0.0.0-20210226172049-e18ecbb05110 - no patch available
Critical	pkg:golang/github.com/gogo/protobuf@v1.2.0@v1.2.0 - no patch available
High	pkg:golang/golang.org/x/net@v0.0.0-20191209160850-c0dbc17a3553@v0.0.0-20191209160850-c0dbc17a3553 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210616094352-59db8d763f22@v0.0.0-20210616094352-59db8d763f22 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20220405210540-1e041c57c461@v0.0.0-20220405210540-1e041c57c461 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/net@v0.0.0-20210825183410-e898025ed96a@v0.0.0-20210825183410-e898025ed96a - no patch available
N/A	pkg:golang/golang.org/x/net@v0.0.0-20200707034311-ab3426394381@v0.0.0-20200707034311-ab3426394381 upgrade to: 1.18.9,1.19.4,0.4.0
N/A	pkg:golang/github.com/prometheus/client_golang@v0.8.0@v0.8.0 upgrade to: 1.11.1
High	pkg:golang/golang.org/x/net@v0.0.0-20200520182314-0ba52f642ac2@v0.0.0-20200520182314-0ba52f642ac2 - no patch available
Medium	pkg:golang/golang.org/x/crypto@v0.0.0-20190426145343-a29dc8fdc734@v0.0.0-20190426145343-a29dc8fdc734 - no patch available
N/A	pkg:golang/golang.org/x/net@v0.1.1-0.20221027164007-c63010009c80@v0.1.1-0.20221027164007-c63010009c80 upgrade to: 1.18.9,1.19.4,0.4.0
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20181218192612-074acd46bca6@v0.0.0-20181218192612-074acd46bca6 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20200212091648-12a6c2dcc1e4@v0.0.0-20200212091648-12a6c2dcc1e4 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
Low	pkg:golang/github.com/aws/aws-sdk-go@v1.15.27@v1.15.27 - no patch available
High	pkg:golang/github.com/opencontainers/runc@v1.0.0-rc10@v1.0.0-rc10 upgrade to: 1.0.0-rc95
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20200523222454-059865788121@v0.0.0-20200523222454-059865788121 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/net@v0.0.0-20190827160401-ba9fcec4b297@v0.0.0-20190827160401-ba9fcec4b297 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20190922100055-0a153f010e69@v0.0.0-20190922100055-0a153f010e69 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
Medium	pkg:golang/github.com/yuin/goldmark@v1.1.32@v1.1.32 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210806184541-e5e7981a1069@v0.0.0-20210806184541-e5e7981a1069 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/github.com/prometheus/client_golang@v1.7.1@v1.7.1 upgrade to: 1.11.1
High	pkg:golang/golang.org/x/crypto@v0.0.0-20201002170205-7f63de1d35b0@v0.0.0-20201002170205-7f63de1d35b0 - no patch available
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20191204072324-ce4227a45e2e@v0.0.0-20191204072324-ce4227a45e2e upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/github.com/docker/distribution@v2.7.1+incompatible@v2.7.1+incompatible upgrade to: 2.8.0
N/A	pkg:golang/go.etcd.io/etcd@v0.0.0-20191023171146-3cf2f69b5738@v0.0.0-20191023171146-3cf2f69b5738 upgrade to: 0.5.0-alpha.5.0.20190108173120-83c051b701d3
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20210320140829-1e4c9ba3b0c4@v0.0.0-20210320140829-1e4c9ba3b0c4 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/github.com/opencontainers/runc@v1.0.0-rc92@v1.0.0-rc92 upgrade to: 1.0.0-rc95
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20170830134202-bb24a47a89ea@v0.0.0-20170830134202-bb24a47a89ea upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/sys@v0.0.0-20211210111614-af8b64212486@v0.0.0-20211210111614-af8b64212486 upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
Low	pkg:golang/github.com/aws/aws-sdk-go@v1.19.45@v1.19.45 - no patch available
High	pkg:golang/golang.org/x/net@v0.0.0-20210316092652-d523dce5a7f4@v0.0.0-20210316092652-d523dce5a7f4 - no patch available
High	pkg:golang/golang.org/x/text@v0.3.5@v0.3.5 - no patch available
Low	pkg:golang/github.com/aws/aws-sdk-go@v1.27.1@v1.27.1 - no patch available
Low	pkg:golang/github.com/aws/aws-sdk-go@v1.20.6@v1.20.6 - no patch available
Medium	pkg:golang/golang.org/x/crypto@v0.0.0-20210220033148-5ea612d1eb83@v0.0.0-20210220033148-5ea612d1eb83 - no patch available
N/A	pkg:golang/k8s.io/client-go@v0.0.0-20180910083459-2cefa64ff137@v0.0.0-20180910083459-2cefa64ff137 upgrade to: 0.20.0-alpha.2,1.20.0-alpha.2
High	pkg:golang/golang.org/x/text@v0.3.4@v0.3.4 - no patch available
High	pkg:golang/golang.org/x/net@v0.0.0-20200506145744-7e3656a0809f@v0.0.0-20200506145744-7e3656a0809f - no patch available
High	pkg:golang/github.com/opencontainers/runc@v1.0.2@v1.0.2 - no patch available
High	pkg:golang/github.com/valyala/fasthttp@v1.2.0@v1.2.0 upgrade to: 1.34.0

More info on how to fix Vulnerable Libraries in Go.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.