Skip to content

Commit bbbcece

Browse files
khrmkhrm
committed
Fix CVE-2026-33186: gRPC-Go
This pr fixes the CVE gRPC-Go: Authorization bypass due to improper HTTP/2 path validation by bumping dependencies.
1 parent 76660c5 commit bbbcece

501 files changed

Lines changed: 29368 additions & 29665 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

go.mod

Lines changed: 28 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -18,14 +18,14 @@ require (
1818
github.com/tektoncd/plumbing v0.0.0-20250430145243-3b7cd59879c1
1919
github.com/tidwall/sjson v1.2.5
2020
go.opencensus.io v0.24.0
21-
go.opentelemetry.io/otel v1.38.0
22-
go.opentelemetry.io/otel/metric v1.38.0
21+
go.opentelemetry.io/otel v1.39.0
22+
go.opentelemetry.io/otel/metric v1.39.0
2323
go.uber.org/zap v1.27.0
24-
golang.org/x/oauth2 v0.32.0
25-
golang.org/x/sync v0.17.0
24+
golang.org/x/oauth2 v0.34.0
25+
golang.org/x/sync v0.19.0
2626
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028
27-
google.golang.org/grpc v1.76.0
28-
google.golang.org/protobuf v1.36.10
27+
google.golang.org/grpc v1.79.3
28+
google.golang.org/protobuf v1.36.11
2929
gopkg.in/yaml.v2 v2.4.0
3030
k8s.io/api v0.32.9
3131
k8s.io/apiextensions-apiserver v0.32.9
@@ -41,18 +41,18 @@ require (
4141
)
4242

4343
require (
44-
cel.dev/expr v0.24.0 // indirect
44+
cel.dev/expr v0.25.1 // indirect
4545
cloud.google.com/go v0.120.0 // indirect
4646
cloud.google.com/go/auth v0.16.1 // indirect
4747
cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
48-
cloud.google.com/go/compute/metadata v0.7.0 // indirect
48+
cloud.google.com/go/compute/metadata v0.9.0 // indirect
4949
cloud.google.com/go/iam v1.5.0 // indirect
5050
cloud.google.com/go/monitoring v1.24.0 // indirect
5151
cloud.google.com/go/storage v1.50.0 // indirect
5252
contrib.go.opencensus.io/exporter/ocagent v0.7.1-0.20200907061046-05415f1de66d // indirect
5353
contrib.go.opencensus.io/exporter/prometheus v0.4.2 // indirect
5454
contrib.go.opencensus.io/exporter/zipkin v0.1.2 // indirect
55-
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.29.0 // indirect
55+
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.30.0 // indirect
5656
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.50.0 // indirect
5757
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.50.0 // indirect
5858
github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
@@ -62,15 +62,15 @@ require (
6262
github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
6363
github.com/cespare/xxhash/v2 v2.3.0 // indirect
6464
github.com/cloudevents/sdk-go/observability/opencensus/v2 v2.4.1 // indirect
65-
github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443 // indirect
65+
github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 // indirect
6666
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
6767
github.com/emicklei/go-restful/v3 v3.12.1 // indirect
68-
github.com/envoyproxy/go-control-plane/envoy v1.32.4 // indirect
69-
github.com/envoyproxy/protoc-gen-validate v1.2.1 // indirect
68+
github.com/envoyproxy/go-control-plane/envoy v1.36.0 // indirect
69+
github.com/envoyproxy/protoc-gen-validate v1.3.0 // indirect
7070
github.com/evanphx/json-patch/v5 v5.9.11 // indirect
7171
github.com/felixge/httpsnoop v1.0.4 // indirect
7272
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
73-
github.com/go-jose/go-jose/v4 v4.1.2 // indirect
73+
github.com/go-jose/go-jose/v4 v4.1.3 // indirect
7474
github.com/go-kit/log v0.2.1 // indirect
7575
github.com/go-logfmt/logfmt v0.5.1 // indirect
7676
github.com/go-logr/logr v1.4.3 // indirect
@@ -110,7 +110,7 @@ require (
110110
github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
111111
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
112112
github.com/prometheus/client_golang v1.20.5 // indirect
113-
github.com/prometheus/client_model v0.6.1 // indirect
113+
github.com/prometheus/client_model v0.6.2 // indirect
114114
github.com/prometheus/common v0.62.0 // indirect
115115
github.com/prometheus/procfs v0.15.1 // indirect
116116
github.com/prometheus/statsd_exporter v0.22.7 // indirect
@@ -125,31 +125,31 @@ require (
125125
github.com/tidwall/match v1.1.1 // indirect
126126
github.com/tidwall/pretty v1.2.0 // indirect
127127
github.com/x448/float16 v0.8.4 // indirect
128-
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
129-
go.opentelemetry.io/contrib/detectors/gcp v1.36.0 // indirect
128+
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
129+
go.opentelemetry.io/contrib/detectors/gcp v1.39.0 // indirect
130130
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 // indirect
131131
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
132-
go.opentelemetry.io/otel/sdk v1.37.0 // indirect
133-
go.opentelemetry.io/otel/sdk/metric v1.37.0 // indirect
134-
go.opentelemetry.io/otel/trace v1.38.0 // indirect
132+
go.opentelemetry.io/otel/sdk v1.39.0 // indirect
133+
go.opentelemetry.io/otel/sdk/metric v1.39.0 // indirect
134+
go.opentelemetry.io/otel/trace v1.39.0 // indirect
135135
go.uber.org/automaxprocs v1.6.0 // indirect
136136
go.uber.org/multierr v1.11.0 // indirect
137137
go.yaml.in/yaml/v2 v2.4.2 // indirect
138-
golang.org/x/crypto v0.43.0 // indirect
138+
golang.org/x/crypto v0.47.0 // indirect
139139
golang.org/x/exp v0.0.0-20250210185358-939b2ce775ac // indirect
140-
golang.org/x/mod v0.28.0 // indirect
141-
golang.org/x/net v0.45.0 // indirect
142-
golang.org/x/sys v0.37.0 // indirect
143-
golang.org/x/term v0.36.0 // indirect
144-
golang.org/x/text v0.30.0 // indirect
140+
golang.org/x/mod v0.33.0 // indirect
141+
golang.org/x/net v0.49.0 // indirect
142+
golang.org/x/sys v0.40.0 // indirect
143+
golang.org/x/term v0.39.0 // indirect
144+
golang.org/x/text v0.33.0 // indirect
145145
golang.org/x/time v0.12.0 // indirect
146-
golang.org/x/tools v0.37.0 // indirect
146+
golang.org/x/tools v0.41.0 // indirect
147147
golang.org/x/tools/go/expect v0.1.1-deprecated // indirect
148148
gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
149149
google.golang.org/api v0.233.0 // indirect
150150
google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb // indirect
151-
google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b // indirect
152-
google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b // indirect
151+
google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 // indirect
152+
google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect
153153
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
154154
gopkg.in/inf.v0 v0.9.1 // indirect
155155
gopkg.in/yaml.v3 v3.0.1 // indirect

0 commit comments

Comments
 (0)