Skip to content

Commit b2a44b4

Browse files
cx-shaked-kartacx-shaked-karta
authored
Merge pull request #20 from Checkmarx/sk-fix-vulns
Fix security vulnerabilities (AST-0000)
2 parents 1d71866 + 99c01c0 commit b2a44b4

File tree

2 files changed

+149
-29
lines changed

2 files changed

+149
-29
lines changed

go.mod

Lines changed: 54 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -3,14 +3,15 @@ module github.com/Checkmarx/containers-resolver
33
go 1.24.1
44

55
require (
6-
github.com/Checkmarx/containers-images-extractor v1.0.16
7-
github.com/Checkmarx/containers-syft-packages-extractor v1.0.15
6+
github.com/Checkmarx/containers-images-extractor v1.0.18
7+
github.com/Checkmarx/containers-syft-packages-extractor v1.0.16
88
github.com/Checkmarx/containers-types v1.0.9
99
github.com/rs/zerolog v1.34.0
1010
github.com/stretchr/testify v1.10.0
1111
)
1212

1313
require (
14+
cel.dev/expr v0.20.0 // indirect
1415
dario.cat/mergo v1.0.1 // indirect
1516
github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect
1617
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20240914100643-eb91380d8434 // indirect
@@ -25,7 +26,8 @@ require (
2526
github.com/Masterminds/sprig/v3 v3.3.0 // indirect
2627
github.com/Masterminds/squirrel v1.5.4 // indirect
2728
github.com/Microsoft/go-winio v0.6.2 // indirect
28-
github.com/Microsoft/hcsshim v0.12.9 // indirect
29+
github.com/Microsoft/hcsshim v0.13.1-0.20250731174403-0842153594e0 // indirect
30+
github.com/NYTimes/gziphandler v1.1.1 // indirect
2931
github.com/ProtonMail/go-crypto v1.1.6 // indirect
3032
github.com/acobaugh/osrelease v0.1.0 // indirect
3133
github.com/adrg/xdg v0.5.3 // indirect
@@ -43,6 +45,7 @@ require (
4345
github.com/anchore/stereoscope v0.1.0 // indirect
4446
github.com/anchore/syft v1.21.0 // indirect
4547
github.com/andybalholm/brotli v1.1.2-0.20250424173009-453214e765f3 // indirect
48+
github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
4649
github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
4750
github.com/aquasecurity/go-pep440-version v0.0.1 // indirect
4851
github.com/aquasecurity/go-version v0.0.1 // indirect
@@ -53,29 +56,33 @@ require (
5356
github.com/bitnami/go-version v0.0.0-20250324202741-04b9d491e744 // indirect
5457
github.com/blang/semver/v4 v4.0.0 // indirect
5558
github.com/bmatcuk/doublestar/v4 v4.8.1 // indirect
59+
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
5660
github.com/cespare/xxhash/v2 v2.3.0 // indirect
5761
github.com/chai2010/gettext-go v1.0.3 // indirect
5862
github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc // indirect
5963
github.com/charmbracelet/lipgloss v1.1.0 // indirect
6064
github.com/charmbracelet/x/ansi v0.8.0 // indirect
6165
github.com/charmbracelet/x/cellbuf v0.0.13 // indirect
6266
github.com/charmbracelet/x/term v0.2.1 // indirect
63-
github.com/cloudflare/circl v1.6.0 // indirect
67+
github.com/cloudflare/circl v1.6.1 // indirect
6468
github.com/containerd/cgroups/v3 v3.0.5 // indirect
65-
github.com/containerd/containerd v1.7.27 // indirect
66-
github.com/containerd/containerd/api v1.8.0 // indirect
69+
github.com/containerd/containerd v1.7.28 // indirect
70+
github.com/containerd/containerd/api v1.9.0 // indirect
6771
github.com/containerd/continuity v0.4.5 // indirect
6872
github.com/containerd/errdefs v1.0.0 // indirect
6973
github.com/containerd/errdefs/pkg v0.3.0 // indirect
7074
github.com/containerd/fifo v1.1.0 // indirect
7175
github.com/containerd/log v0.1.0 // indirect
72-
github.com/containerd/platforms v0.2.1 // indirect
76+
github.com/containerd/platforms v1.0.0-rc.1 // indirect
7377
github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect
7478
github.com/containerd/ttrpc v1.2.7 // indirect
7579
github.com/containerd/typeurl/v2 v2.2.3 // indirect
80+
github.com/coreos/go-semver v0.3.1 // indirect
81+
github.com/coreos/go-systemd/v22 v22.5.0 // indirect
7682
github.com/cyphar/filepath-securejoin v0.4.1 // indirect
7783
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
7884
github.com/deitch/magic v0.0.0-20240306090643-c67ab88f10cb // indirect
85+
github.com/distribution/distribution/v3 v3.0.1-0.20250403190400-dbca4995c83c // indirect
7986
github.com/distribution/reference v0.6.0 // indirect
8087
github.com/docker/cli v28.0.3+incompatible // indirect
8188
github.com/docker/distribution v2.8.3+incompatible // indirect
@@ -112,13 +119,14 @@ require (
112119
github.com/go-openapi/jsonreference v0.21.0 // indirect
113120
github.com/go-openapi/swag v0.23.1 // indirect
114121
github.com/go-restruct/restruct v1.2.0-alpha // indirect
115-
github.com/go-viper/mapstructure/v2 v2.2.1 // indirect
122+
github.com/go-viper/mapstructure/v2 v2.3.0 // indirect
116123
github.com/gobwas/glob v0.2.3 // indirect
117124
github.com/gogo/protobuf v1.3.2 // indirect
118125
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
119126
github.com/golang/protobuf v1.5.4 // indirect
120127
github.com/golang/snappy v1.0.0 // indirect
121128
github.com/google/btree v1.1.3 // indirect
129+
github.com/google/cel-go v0.22.0 // indirect
122130
github.com/google/gnostic-models v0.6.9 // indirect
123131
github.com/google/go-cmp v0.7.0 // indirect
124132
github.com/google/go-containerregistry v0.20.3 // indirect
@@ -132,6 +140,8 @@ require (
132140
github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
133141
github.com/gosuri/uitable v0.0.4 // indirect
134142
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
143+
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
144+
github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 // indirect
135145
github.com/hashicorp/errwrap v1.1.0 // indirect
136146
github.com/hashicorp/go-multierror v1.1.1 // indirect
137147
github.com/hashicorp/hcl/v2 v2.23.0 // indirect
@@ -148,6 +158,7 @@ require (
148158
github.com/klauspost/compress v1.18.0 // indirect
149159
github.com/klauspost/pgzip v1.2.6 // indirect
150160
github.com/knqyf263/go-rpmdb v0.1.1 // indirect
161+
github.com/kylelemons/godebug v1.1.0 // indirect
151162
github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
152163
github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
153164
github.com/lib/pq v1.10.9 // indirect
@@ -170,7 +181,7 @@ require (
170181
github.com/moby/sys/mountinfo v0.7.2 // indirect
171182
github.com/moby/sys/sequential v0.6.0 // indirect
172183
github.com/moby/sys/signal v0.7.1 // indirect
173-
github.com/moby/sys/user v0.3.0 // indirect
184+
github.com/moby/sys/user v0.4.0 // indirect
174185
github.com/moby/sys/userns v0.1.0 // indirect
175186
github.com/moby/term v0.5.2 // indirect
176187
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
@@ -194,7 +205,7 @@ require (
194205
github.com/pkg/errors v0.9.1 // indirect
195206
github.com/pkg/profile v1.7.0 // indirect
196207
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
197-
github.com/prometheus/client_golang v1.21.1 // indirect
208+
github.com/prometheus/client_golang v1.22.0 // indirect
198209
github.com/prometheus/client_model v0.6.1 // indirect
199210
github.com/prometheus/common v0.63.0 // indirect
200211
github.com/prometheus/procfs v0.16.0 // indirect
@@ -220,6 +231,7 @@ require (
220231
github.com/spf13/cobra v1.9.1 // indirect
221232
github.com/spf13/pflag v1.0.6 // indirect
222233
github.com/spf13/viper v1.20.0 // indirect
234+
github.com/stoewer/go-strcase v1.3.0 // indirect
223235
github.com/stretchr/objx v0.5.2 // indirect
224236
github.com/subosito/gotenv v1.6.0 // indirect
225237
github.com/sylabs/sif/v2 v2.21.1 // indirect
@@ -240,46 +252,59 @@ require (
240252
github.com/xlab/treeprint v1.2.0 // indirect
241253
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
242254
github.com/zclconf/go-cty v1.16.2 // indirect
255+
go.etcd.io/etcd/api/v3 v3.5.16 // indirect
256+
go.etcd.io/etcd/client/pkg/v3 v3.5.16 // indirect
257+
go.etcd.io/etcd/client/v3 v3.5.16 // indirect
243258
go.opencensus.io v0.24.0 // indirect
244259
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
260+
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect
245261
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect
246262
go.opentelemetry.io/otel v1.35.0 // indirect
263+
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0 // indirect
264+
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0 // indirect
247265
go.opentelemetry.io/otel/metric v1.35.0 // indirect
266+
go.opentelemetry.io/otel/sdk v1.35.0 // indirect
248267
go.opentelemetry.io/otel/trace v1.35.0 // indirect
268+
go.opentelemetry.io/proto/otlp v1.3.1 // indirect
249269
go.uber.org/multierr v1.11.0 // indirect
250-
golang.org/x/crypto v0.36.0 // indirect
270+
go.uber.org/zap v1.27.0 // indirect
271+
golang.org/x/crypto v0.40.0 // indirect
251272
golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 // indirect
252-
golang.org/x/mod v0.24.0 // indirect
253-
golang.org/x/net v0.38.0 // indirect
254-
golang.org/x/oauth2 v0.28.0 // indirect
255-
golang.org/x/sync v0.12.0 // indirect
256-
golang.org/x/sys v0.33.0 // indirect
257-
golang.org/x/term v0.30.0 // indirect
258-
golang.org/x/text v0.23.0 // indirect
259-
golang.org/x/time v0.11.0 // indirect
260-
golang.org/x/tools v0.31.0 // indirect
273+
golang.org/x/mod v0.26.0 // indirect
274+
golang.org/x/net v0.42.0 // indirect
275+
golang.org/x/oauth2 v0.30.0 // indirect
276+
golang.org/x/sync v0.16.0 // indirect
277+
golang.org/x/sys v0.34.0 // indirect
278+
golang.org/x/term v0.33.0 // indirect
279+
golang.org/x/text v0.27.0 // indirect
280+
golang.org/x/time v0.12.0 // indirect
281+
golang.org/x/tools v0.34.0 // indirect
261282
golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect
262283
google.golang.org/genproto v0.0.0-20250324211829-b45e905df463 // indirect
284+
google.golang.org/genproto/googleapis/api v0.0.0-20250227231956-55c901821b1e // indirect
263285
google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463 // indirect
264-
google.golang.org/grpc v1.72.0-dev // indirect
286+
google.golang.org/grpc v1.72.2 // indirect
265287
google.golang.org/protobuf v1.36.6 // indirect
266288
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
267289
gopkg.in/inf.v0 v0.9.1 // indirect
290+
gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
268291
gopkg.in/warnings.v0 v0.1.2 // indirect
269292
gopkg.in/yaml.v3 v3.0.1 // indirect
270-
helm.sh/helm/v3 v3.17.3 // indirect
271-
k8s.io/api v0.32.3 // indirect
272-
k8s.io/apiextensions-apiserver v0.32.3 // indirect
273-
k8s.io/apimachinery v0.32.3 // indirect
274-
k8s.io/apiserver v0.32.3 // indirect
293+
helm.sh/helm/v3 v3.17.4 // indirect
294+
k8s.io/api v0.32.7 // indirect
295+
k8s.io/apiextensions-apiserver v0.32.7 // indirect
296+
k8s.io/apimachinery v0.32.7 // indirect
297+
k8s.io/apiserver v0.32.7 // indirect
275298
k8s.io/cli-runtime v0.32.3 // indirect
276-
k8s.io/client-go v0.32.3 // indirect
277-
k8s.io/component-base v0.32.3 // indirect
299+
k8s.io/client-go v0.32.7 // indirect
300+
k8s.io/component-base v0.32.7 // indirect
278301
k8s.io/klog/v2 v2.130.1 // indirect
302+
k8s.io/kms v0.32.7 // indirect
279303
k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
280304
k8s.io/kubectl v0.32.3 // indirect
281305
k8s.io/utils v0.0.0-20250321185631-1f6e0b77f77e // indirect
282-
oras.land/oras-go v1.2.6 // indirect
306+
oras.land/oras-go v1.2.7-0.20241008061749-9193ba0ce99b // indirect
307+
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0 // indirect
283308
sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
284309
sigs.k8s.io/kustomize/api v0.19.0 // indirect
285310
sigs.k8s.io/kustomize/kyaml v0.19.0 // indirect

0 commit comments

Comments
 (0)