Skip to content

Commit eaf8b48

Browse files
SchSebaSchSeba
authored
Merge pull request #979 from rollandf/ignition-cve
Fix CVE: Remove vulnerable ignition v0.35.0 dep
2 parents 1a01457 + 919de97 commit eaf8b48

File tree

7 files changed

+117
-76
lines changed

7 files changed

+117
-76
lines changed

go.mod

Lines changed: 8 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,9 @@ require (
88
github.com/Masterminds/sprig/v3 v3.3.0
99
github.com/blang/semver v3.5.1+incompatible
1010
github.com/cenkalti/backoff v2.2.1+incompatible
11+
github.com/coreos/fcct v0.5.0
1112
github.com/coreos/go-systemd/v22 v22.6.0
13+
github.com/coreos/ignition/v2 v2.20.0
1214
github.com/fsnotify/fsnotify v1.9.0
1315
github.com/go-logr/logr v1.4.3
1416
github.com/go-logr/stdr v1.2.2
@@ -26,7 +28,6 @@ require (
2628
github.com/openshift-kni/k8sreporter v1.0.7
2729
github.com/openshift/api v0.0.0-20251202143230-02f6733e651c
2830
github.com/openshift/client-go v0.0.0-20251202151200-fb4471581cf8
29-
github.com/openshift/machine-config-operator v0.0.1-0.20251202231743-8e6beb0a3dd1
3031
github.com/ovn-kubernetes/libovsdb v0.8.1
3132
github.com/pkg/errors v0.9.1
3233
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.87.0
@@ -51,17 +52,16 @@ require (
5152
k8s.io/kubectl v0.34.2
5253
k8s.io/utils v0.0.0-20251002143259-bc988d571ff4
5354
sigs.k8s.io/controller-runtime v0.22.4
55+
sigs.k8s.io/yaml v1.6.0
5456
)
5557

5658
require (
5759
dario.cat/mergo v1.0.1 // indirect
58-
github.com/Azure/ARO-RP v0.0.0-20250602035759-0693f32d5ccc // indirect
5960
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
6061
github.com/MakeNowJust/heredoc v1.0.0 // indirect
6162
github.com/Masterminds/goutils v1.1.1 // indirect
6263
github.com/Masterminds/semver/v3 v3.4.0 // indirect
6364
github.com/Mellanox/sriovnet v1.0.3 // indirect
64-
github.com/ajeddeloh/go-json v0.0.0-20200220154158-5ae607161559 // indirect
6565
github.com/aws/aws-sdk-go v1.55.6 // indirect
6666
github.com/beorn7/perks v1.0.1 // indirect
6767
github.com/blang/semver/v4 v4.0.0 // indirect
@@ -70,22 +70,17 @@ require (
7070
github.com/cenkalti/rpc2 v1.0.4 // indirect
7171
github.com/cespare/xxhash/v2 v2.3.0 // indirect
7272
github.com/chai2010/gettext-go v1.0.2 // indirect
73-
github.com/clarketm/json v1.17.1 // indirect
74-
github.com/coreos/fcct v0.5.0 // indirect
7573
github.com/coreos/go-json v0.0.0-20230131223807-18775e0fb4fb // indirect
7674
github.com/coreos/go-semver v0.3.1 // indirect
77-
github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f // indirect
78-
github.com/coreos/ign-converter v0.0.0-20241125185625-2f773079ca81 // indirect
79-
github.com/coreos/ignition v0.35.0 // indirect
80-
github.com/coreos/ignition/v2 v2.20.0 // indirect
8175
github.com/coreos/vcontext v0.0.0-20231102161604-685dc7299dc5 // indirect
8276
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
8377
github.com/emicklei/go-restful/v3 v3.13.0 // indirect
78+
github.com/evanphx/json-patch v5.6.0+incompatible // indirect
8479
github.com/evanphx/json-patch/v5 v5.9.11 // indirect
8580
github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
81+
github.com/fatih/color v1.18.0 // indirect
8682
github.com/fxamacker/cbor/v2 v2.9.0 // indirect
8783
github.com/gabriel-vasile/mimetype v1.4.8 // indirect
88-
github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 // indirect
8984
github.com/go-errors/errors v1.4.2 // indirect
9085
github.com/go-logr/zapr v1.3.0 // indirect
9186
github.com/go-ole/go-ole v1.2.6 // indirect
@@ -116,7 +111,6 @@ require (
116111
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
117112
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
118113
github.com/huandu/xstrings v1.5.0 // indirect
119-
github.com/imdario/mergo v0.3.16 // indirect
120114
github.com/inconshreveable/mousetrap v1.1.0 // indirect
121115
github.com/json-iterator/go v1.1.12 // indirect
122116
github.com/k8snetworkplumbingwg/govdpa v0.1.4 // indirect
@@ -134,14 +128,14 @@ require (
134128
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
135129
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
136130
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
137-
github.com/openshift/library-go v0.0.0-20251120164824-14a789e09884 // indirect
131+
github.com/nxadm/tail v1.4.11 // indirect
138132
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
139133
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
140134
github.com/prometheus/client_golang v1.22.0 // indirect
141135
github.com/prometheus/procfs v0.15.1 // indirect
142-
github.com/robfig/cron v1.2.0 // indirect
143136
github.com/rogpeppe/go-internal v1.13.1 // indirect
144137
github.com/russross/blackfriday/v2 v2.1.0 // indirect
138+
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
145139
github.com/shopspring/decimal v1.4.0 // indirect
146140
github.com/spf13/afero v1.11.0 // indirect
147141
github.com/spf13/cast v1.7.0 // indirect
@@ -151,12 +145,9 @@ require (
151145
github.com/x448/float16 v0.8.4 // indirect
152146
github.com/xlab/treeprint v1.2.0 // indirect
153147
github.com/yusufpapurcu/wmi v1.2.4 // indirect
154-
go.opentelemetry.io/otel v1.35.0 // indirect
155-
go.opentelemetry.io/otel/trace v1.35.0 // indirect
156148
go.uber.org/multierr v1.11.0 // indirect
157149
go.yaml.in/yaml/v2 v2.4.3 // indirect
158150
go.yaml.in/yaml/v3 v3.0.4 // indirect
159-
go4.org v0.0.0-20200104003542-c7e774b10ea0 // indirect
160151
golang.org/x/crypto v0.44.0 // indirect
161152
golang.org/x/mod v0.29.0 // indirect
162153
golang.org/x/net v0.47.0 // indirect
@@ -167,26 +158,22 @@ require (
167158
golang.org/x/text v0.31.0 // indirect
168159
golang.org/x/time v0.13.0 // indirect
169160
golang.org/x/tools v0.38.0 // indirect
161+
golang.org/x/tools/go/expect v0.1.1-deprecated // indirect
170162
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
171163
google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4 // indirect
172164
google.golang.org/grpc v1.72.1 // indirect
173165
google.golang.org/protobuf v1.36.10 // indirect
174166
gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
175167
gopkg.in/inf.v0 v0.9.1 // indirect
176-
gopkg.in/yaml.v2 v2.4.0 // indirect
177168
howett.net/plist v1.0.2-0.20250314012144-ee69052608d9 // indirect
178-
k8s.io/apiserver v0.34.2 // indirect
179169
k8s.io/cli-runtime v0.34.2 // indirect
180170
k8s.io/component-base v0.34.2 // indirect
181171
k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f // indirect
182-
k8s.io/kube-aggregator v0.34.1 // indirect
183172
k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect
184173
k8s.io/kubelet v0.34.1 // indirect
185174
sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect
186-
sigs.k8s.io/kube-storage-version-migrator v0.0.6-0.20230721195810-5c8923c5ff96 // indirect
187175
sigs.k8s.io/kustomize/api v0.20.1 // indirect
188176
sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect
189177
sigs.k8s.io/randfill v1.0.0 // indirect
190178
sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect
191-
sigs.k8s.io/yaml v1.6.0 // indirect
192179
)

0 commit comments

Comments
 (0)