New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
go.mod: bump dependencies to latest version #312
Conversation
github.com/pkg/sftp v1.10.1 | ||
golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586 | ||
golang.org/x/text v0.3.3 | ||
github.com/pkg/sftp v1.13.1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This also fixes a security vulnerability marked by Snyk, which has been fixed in v1.11.0.
To fix snyk security scan. Upstream update is pending here: spf13/afero#312 Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
To fix snyk security scan. Upstream update is pending here: spf13/afero#312 Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
* Make golangci.yml effective again Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com> * internal/utils: remove dead code Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com> * internal: fix found linter warnings After making linter configuration effective, linter popped up new issues. This commit addresses them in a minimal way. Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com> * Hide goreleaser.yml file As usually it is hidden. Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com> * Update Go Kubernetes modules to v1.22.0 As part of #45 Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com> * go.mod: update viper to latest version Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com> * go.mod: update nri-kubernetes to latest version Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com> * .github/workflows/push_pr.yml: fix link to Kubernetes releases Previous link now redirects to new link and old link will be not available by the end of this year. Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com> * deploy: make manifests compatible with Kubernetes v1.22+ As part of #45. Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com> * .github/workflows/push_pr.yml: test against Kubernetes v1.22.X Closes #45 Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com> * .golangci.yml: increase timeout Closes #38 Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com> * go.mod: force-update github.com/pkg/sftp to latest version To fix snyk security scan. Upstream update is pending here: spf13/afero#312 Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com> * .github/workflows/push_pr.yml: drop support for Kubernetes v1.15 Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com> * .github/workflows/push_pr.yml: bump patch versions for Kubernetes Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
github.com/pkg/sftp to v1.13.1 (this fixes a security vulnerability) golang.org/x/crypto to v0.0.0-20211108221036-ceb1ce70b4fa golang.org/x/text to v0.3.7
Updated to the latest versions of all dependencies as of today: github.com/pkg/sftp to v1.13.1 (this fixes a security vulnerability as pointed out by @invidian) Could one of the maintainers please take a look? /cc @spf13 @Kargakis |
No description provided.