Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

go.mod: bump dependencies to latest version #312

Merged
merged 1 commit into from Nov 10, 2021
Merged

go.mod: bump dependencies to latest version #312

merged 1 commit into from Nov 10, 2021

Conversation

tklauser
Copy link
Contributor

@tklauser tklauser commented Jul 7, 2021

No description provided.

invidian
invidian reviewed Aug 17, 2021
View reviewed changes
go.mod
github.com/pkg/sftp v1.10.1
golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586
golang.org/x/text v0.3.3
github.com/pkg/sftp v1.13.1
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This also fixes a security vulnerability marked by Snyk, which has been fixed in v1.11.0.

invidian added a commit to newrelic/nri-discovery-kubernetes that referenced this pull request Aug 17, 2021
@invidian
go.mod: force-update github.com/pkg/sftp to latest version
852d604 
To fix snyk security scan. Upstream update is pending here:
spf13/afero#312

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
invidian added a commit to newrelic/nri-discovery-kubernetes that referenced this pull request Aug 30, 2021
@invidian
go.mod: force-update github.com/pkg/sftp to latest version
a5785b6 
To fix snyk security scan. Upstream update is pending here:
spf13/afero#312

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
invidian added a commit to newrelic/nri-discovery-kubernetes that referenced this pull request Sep 2, 2021
@invidian
Improvements and Kubernetes v1.22 support (#46)
acfc9ae 
* Make golangci.yml effective again

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

* internal/utils: remove dead code

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

* internal: fix found linter warnings

After making linter configuration effective, linter popped up new
issues. This commit addresses them in a minimal way.

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

* Hide goreleaser.yml file

As usually it is hidden.

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

* Update Go Kubernetes modules to v1.22.0

As part of #45

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

* go.mod: update viper to latest version

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

* go.mod: update nri-kubernetes to latest version

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

* .github/workflows/push_pr.yml: fix link to Kubernetes releases

Previous link now redirects to new link and old link will be not
available by the end of this year.

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

* deploy: make manifests compatible with Kubernetes v1.22+

As part of #45.

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

* .github/workflows/push_pr.yml: test against Kubernetes v1.22.X

Closes #45

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

* .golangci.yml: increase timeout

Closes #38

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

* go.mod: force-update github.com/pkg/sftp to latest version

To fix snyk security scan. Upstream update is pending here:
spf13/afero#312

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

* .github/workflows/push_pr.yml: drop support for Kubernetes v1.15

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

* .github/workflows/push_pr.yml: bump patch versions for Kubernetes

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
@tklauser
go.mod: bump dependencies to latest version
d461d4f 
github.com/pkg/sftp to v1.13.1 (this fixes a security vulnerability)
golang.org/x/crypto to v0.0.0-20211108221036-ceb1ce70b4fa
golang.org/x/text to v0.3.7
@tklauser
Copy link
Contributor Author

tklauser commented Nov 10, 2021
edited

Updated to the latest versions of all dependencies as of today:

github.com/pkg/sftp to v1.13.1 (this fixes a security vulnerability as pointed out by @invidian)
golang.org/x/crypto to v0.0.0-20211108221036-ceb1ce70b4fa
golang.org/x/text to v0.3.7

Could one of the maintainers please take a look? /cc @spf13 @Kargakis

@0xmichalis 0xmichalis merged commit f0ee686 into spf13:master Nov 10, 2021
This was referenced Nov 10, 2021
Closed
Closed
Closed
@tklauser tklauser deleted the bump-deps branch November 10, 2021 09:37
This was referenced Nov 10, 2021
Closed
Closed
@jxsl13 jxsl13 mentioned this pull request Apr 29, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@invidian invidian invidian left review comments

@0xmichalis 0xmichalis 0xmichalis approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@tklauser @0xmichalis @invidian