Skip to content

Commit 79dada3

Browse files
authored
Merge pull request conforma#2959 from joejstuart/upgrade-go-getter
Fix go-getter vulnerability to symlink attacks
2 parents d6c416d + d0f0f2b commit 79dada3

4 files changed

Lines changed: 182 additions & 2234 deletions

File tree

go.mod

Lines changed: 29 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -48,8 +48,8 @@ require (
4848
github.com/testcontainers/testcontainers-go/modules/registry v0.34.0
4949
golang.org/x/benchmarks v0.0.0-20241115175113-a2b48b605b42
5050
golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0
51-
golang.org/x/net v0.41.0
52-
golang.org/x/sync v0.15.0
51+
golang.org/x/net v0.43.0
52+
golang.org/x/sync v0.16.0
5353
k8s.io/apiextensions-apiserver v0.31.0
5454
k8s.io/apimachinery v0.32.3
5555
k8s.io/client-go v0.32.3
@@ -112,22 +112,26 @@ require (
112112
github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
113113
github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
114114
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
115-
github.com/aws/aws-sdk-go v1.55.5 // indirect
116-
github.com/aws/aws-sdk-go-v2 v1.30.5 // indirect
117-
github.com/aws/aws-sdk-go-v2/config v1.27.33 // indirect
118-
github.com/aws/aws-sdk-go-v2/credentials v1.17.32 // indirect
119-
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.13 // indirect
120-
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.17 // indirect
121-
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.17 // indirect
122-
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
115+
github.com/aws/aws-sdk-go-v2 v1.36.3 // indirect
116+
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.10 // indirect
117+
github.com/aws/aws-sdk-go-v2/config v1.29.15 // indirect
118+
github.com/aws/aws-sdk-go-v2/credentials v1.17.68 // indirect
119+
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 // indirect
120+
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 // indirect
121+
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 // indirect
122+
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect
123+
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.34 // indirect
123124
github.com/aws/aws-sdk-go-v2/service/ecr v1.32.2 // indirect
124125
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.25.4 // indirect
125-
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4 // indirect
126-
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.19 // indirect
127-
github.com/aws/aws-sdk-go-v2/service/sso v1.22.7 // indirect
128-
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.7 // indirect
129-
github.com/aws/aws-sdk-go-v2/service/sts v1.30.7 // indirect
130-
github.com/aws/smithy-go v1.20.4 // indirect
126+
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 // indirect
127+
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.7.2 // indirect
128+
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 // indirect
129+
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.15 // indirect
130+
github.com/aws/aws-sdk-go-v2/service/s3 v1.80.1 // indirect
131+
github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 // indirect
132+
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 // indirect
133+
github.com/aws/aws-sdk-go-v2/service/sts v1.33.20 // indirect
134+
github.com/aws/smithy-go v1.22.3 // indirect
131135
github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20240826150212-5dc58b6e29f8 // indirect
132136
github.com/basgys/goxml2json v1.1.0 // indirect
133137
github.com/beorn7/perks v1.0.1 // indirect
@@ -222,9 +226,10 @@ require (
222226
github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
223227
github.com/googleapis/gax-go/v2 v2.14.1 // indirect
224228
github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 // indirect
229+
github.com/hashicorp/aws-sdk-go-base/v2 v2.0.0-beta.65 // indirect
225230
github.com/hashicorp/errwrap v1.1.0 // indirect
226231
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
227-
github.com/hashicorp/go-getter v1.7.8 // indirect
232+
github.com/hashicorp/go-getter v1.8.1 // indirect
228233
github.com/hashicorp/go-multierror v1.1.1 // indirect
229234
github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
230235
github.com/hashicorp/go-safetemp v1.0.0 // indirect
@@ -251,7 +256,6 @@ require (
251256
github.com/mattn/go-runewidth v0.0.16 // indirect
252257
github.com/miekg/pkcs11 v1.1.1 // indirect
253258
github.com/mitchellh/go-homedir v1.1.0 // indirect
254-
github.com/mitchellh/go-testing-interface v1.14.1 // indirect
255259
github.com/mitchellh/mapstructure v1.5.0 // indirect
256260
github.com/moby/buildkit v0.23.2 // indirect
257261
github.com/moby/docker-image-spec v1.3.1 // indirect
@@ -325,7 +329,7 @@ require (
325329
github.com/tmccombs/hcl2json v0.6.7 // indirect
326330
github.com/tonistiigi/go-csvvalue v0.0.0-20240814133006-030d3b2625d0 // indirect
327331
github.com/transparency-dev/merkle v0.0.2 // indirect
328-
github.com/ulikunitz/xz v0.5.12 // indirect
332+
github.com/ulikunitz/xz v0.5.15 // indirect
329333
github.com/vbatts/tar-split v0.12.1 // indirect
330334
github.com/vektah/gqlparser/v2 v2.5.28 // indirect
331335
github.com/x448/float16 v0.8.4 // indirect
@@ -358,14 +362,14 @@ require (
358362
go.uber.org/automaxprocs v1.6.0 // indirect
359363
go.uber.org/multierr v1.11.0 // indirect
360364
go.uber.org/zap v1.27.0 // indirect
361-
golang.org/x/crypto v0.39.0 // indirect
362-
golang.org/x/mod v0.25.0 // indirect
365+
golang.org/x/crypto v0.41.0 // indirect
366+
golang.org/x/mod v0.26.0 // indirect
363367
golang.org/x/oauth2 v0.30.0 // indirect
364-
golang.org/x/sys v0.33.0 // indirect
365-
golang.org/x/term v0.32.0 // indirect
366-
golang.org/x/text v0.26.0 // indirect
368+
golang.org/x/sys v0.35.0 // indirect
369+
golang.org/x/term v0.34.0 // indirect
370+
golang.org/x/text v0.28.0 // indirect
367371
golang.org/x/time v0.11.0 // indirect
368-
golang.org/x/tools v0.34.0 // indirect
372+
golang.org/x/tools v0.35.0 // indirect
369373
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
370374
google.golang.org/api v0.215.0 // indirect
371375
google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect

0 commit comments

Comments
 (0)