Skip to content

Commit c244523

Browse files
everettraveneverettraven
committed
OCPBUGS-32856: bump go-jose to v2.6.3
Signed-off-by: everettraven <[email protected]>
1 parent 81e34cb commit c244523

File tree

246 files changed

+35626
-19010
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

246 files changed

+35626
-19010
lines changed

forks/go-jose

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
Subproject commit 0dd4dd541c665fb292d664f77604ba694726f298

go.mod

Lines changed: 14 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ require (
1818
github.com/operator-framework/operator-registry v1.17.5
1919
github.com/sirupsen/logrus v1.9.3
2020
github.com/spf13/cobra v1.7.0
21-
github.com/stretchr/testify v1.8.4
21+
github.com/stretchr/testify v1.9.0
2222
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.3.0
2323
google.golang.org/protobuf v1.31.0
2424
gopkg.in/yaml.v2 v2.4.0
@@ -219,24 +219,25 @@ require (
219219
go.uber.org/atomic v1.7.0 // indirect
220220
go.uber.org/multierr v1.6.0 // indirect
221221
go.uber.org/zap v1.24.0 // indirect
222-
golang.org/x/crypto v0.16.0 // indirect
222+
golang.org/x/crypto v0.24.0 // indirect
223223
golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect
224-
golang.org/x/mod v0.12.0 // indirect
225-
golang.org/x/net v0.19.0 // indirect
224+
golang.org/x/mod v0.17.0 // indirect
225+
golang.org/x/net v0.25.0 // indirect
226226
golang.org/x/oauth2 v0.12.0 // indirect
227-
golang.org/x/sync v0.3.0 // indirect
228-
golang.org/x/sys v0.15.0 // indirect
229-
golang.org/x/term v0.15.0 // indirect
230-
golang.org/x/text v0.14.0 // indirect
227+
golang.org/x/sync v0.7.0 // indirect
228+
golang.org/x/sys v0.21.0 // indirect
229+
golang.org/x/term v0.21.0 // indirect
230+
golang.org/x/text v0.16.0 // indirect
231231
golang.org/x/time v0.3.0 // indirect
232-
golang.org/x/tools v0.13.0 // indirect
232+
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
233233
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
234234
gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
235235
google.golang.org/appengine v1.6.7 // indirect
236236
google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect
237237
google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d // indirect
238238
google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect
239239
google.golang.org/grpc v1.59.0 // indirect
240+
gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect
240241
gopkg.in/inf.v0 v0.9.1 // indirect
241242
gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect
242243
gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473 // indirect
@@ -277,6 +278,10 @@ replace (
277278
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc => go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0
278279
go.opentelemetry.io/otel => go.opentelemetry.io/otel v0.20.0
279280
go.opentelemetry.io/otel/sdk => go.opentelemetry.io/otel/sdk v0.20.0
281+
282+
// CVE-2024-28180: https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g
283+
// we had to fork the go-jose v2 repo to a local directory to resolve this due to various issues
284+
gopkg.in/square/go-jose.v2 => ./forks/go-jose/
280285
// this should be removeable once https://issues.redhat.com/browse/CLOUDBLD-11068 is resolved
281286
k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.25.0
282287

go.sum

Lines changed: 61 additions & 20 deletions
Large diffs are not rendered by default.

vendor/github.com/stretchr/testify/assert/assertion_compare.go

Lines changed: 25 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/github.com/stretchr/testify/assert/assertion_compare_can_convert.go

Lines changed: 0 additions & 16 deletions
This file was deleted.

vendor/github.com/stretchr/testify/assert/assertion_compare_legacy.go

Lines changed: 0 additions & 16 deletions
This file was deleted.

vendor/github.com/stretchr/testify/assert/assertion_format.go

Lines changed: 21 additions & 11 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/github.com/stretchr/testify/assert/assertion_forward.go

Lines changed: 41 additions & 18 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)