-
Notifications
You must be signed in to change notification settings - Fork 593
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix security issues reported by Black Duck (#5014)
- Loading branch information
Showing
11 changed files
with
224 additions
and
197 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -15,7 +15,7 @@ jobs: | |
| - uses: styfle/[email protected] | ||
| - uses: actions/setup-go@v5 | ||
| with: | ||
| go-version: '1.21.x' | ||
| go-version: '1.22.4' | ||
| - name: Cache Golang Packages | ||
| uses: actions/cache@v3 | ||
| with: | ||
|
|
@@ -43,7 +43,7 @@ jobs: | |
| steps: | ||
| - uses: actions/setup-go@v5 | ||
| with: | ||
| go-version: '1.21.x' | ||
| go-version: '1.22.4' | ||
| - name: Cache Golang Packages | ||
| uses: actions/cache@v3 | ||
| with: | ||
|
|
@@ -63,7 +63,7 @@ jobs: | |
| steps: | ||
| - uses: actions/setup-go@v5 | ||
| with: | ||
| go-version: '1.21.x' | ||
| go-version: '1.22.4' | ||
| - name: checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
|
|
@@ -78,7 +78,7 @@ jobs: | |
| steps: | ||
| - uses: actions/setup-go@v5 | ||
| with: | ||
| go-version: '1.21.x' | ||
| go-version: '1.22.4' | ||
| - name: Cache Golang Packages | ||
| uses: actions/cache@v3 | ||
| with: | ||
|
|
@@ -98,7 +98,7 @@ jobs: | |
| steps: | ||
| - uses: actions/setup-go@v5 | ||
| with: | ||
| go-version: '1.21.x' | ||
| go-version: '1.22.4' | ||
| - name: Cache Golang Packages | ||
| uses: actions/cache@v3 | ||
| with: | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| FROM golang:1.21 AS build-env | ||
| FROM golang:1.22.4 AS build-env | ||
| COPY . /build | ||
| WORKDIR /build | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,12 +1,6 @@ | ||
| module github.com/SAP/jenkins-library | ||
|
|
||
| go 1.21 | ||
|
|
||
| toolchain go1.21.9 | ||
|
|
||
| // It is a locked dependency of github.com/buildpacks/[email protected]. The maintainers may remove the lock | ||
| // in future releases. Check if 'replace' statement still there in their go.mod file. Remove line below if not. | ||
| replace github.com/moby/buildkit => github.com/moby/buildkit v0.11.6 | ||
| go 1.22.4 | ||
|
|
||
| require ( | ||
| cloud.google.com/go/storage v1.38.0 | ||
|
|
@@ -15,14 +9,14 @@ require ( | |
| github.com/Jeffail/gabs/v2 v2.6.1 | ||
| github.com/Masterminds/sprig v2.22.0+incompatible | ||
| github.com/antchfx/htmlquery v1.2.4 | ||
| github.com/aws/aws-sdk-go-v2/config v1.19.0 | ||
| github.com/aws/aws-sdk-go-v2/config v1.26.6 | ||
| github.com/aws/aws-sdk-go-v2/service/s3 v1.31.0 | ||
| github.com/bmatcuk/doublestar v1.3.4 | ||
| github.com/bndr/gojenkins v1.1.1-0.20240109173050-c316119c46d5 | ||
| github.com/buildpacks/lifecycle v0.18.4 | ||
| github.com/buildpacks/lifecycle v0.18.5 | ||
| github.com/cloudevents/sdk-go/v2 v2.10.1 | ||
| github.com/docker/cli v24.0.6+incompatible | ||
| github.com/docker/docker v24.0.7+incompatible | ||
| github.com/docker/cli v27.1.0+incompatible | ||
| github.com/docker/docker v27.1.1+incompatible | ||
| github.com/evanphx/json-patch v5.7.0+incompatible | ||
| github.com/getsentry/sentry-go v0.26.0 | ||
| github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 | ||
|
|
@@ -34,7 +28,7 @@ require ( | |
| github.com/go-playground/universal-translator v0.18.1 | ||
| github.com/go-playground/validator/v10 v10.14.1 | ||
| github.com/google/go-cmp v0.6.0 | ||
| github.com/google/go-containerregistry v0.16.1 | ||
| github.com/google/go-containerregistry v0.19.0 | ||
| github.com/google/go-github/v45 v45.2.0 | ||
| github.com/google/uuid v1.6.0 | ||
| github.com/hashicorp/go-retryablehttp v0.7.2 | ||
|
|
@@ -53,15 +47,15 @@ require ( | |
| github.com/pkg/errors v0.9.1 | ||
| github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 | ||
| github.com/sirupsen/logrus v1.9.3 | ||
| github.com/spf13/cobra v1.8.0 | ||
| github.com/spf13/cobra v1.8.1 | ||
| github.com/spf13/pflag v1.0.5 | ||
| github.com/stretchr/testify v1.9.0 | ||
| github.com/testcontainers/testcontainers-go v0.25.0 | ||
| github.com/testcontainers/testcontainers-go v0.33.0 | ||
| github.com/xuri/excelize/v2 v2.4.1 | ||
| golang.org/x/mod v0.16.0 | ||
| golang.org/x/oauth2 v0.17.0 | ||
| golang.org/x/text v0.14.0 | ||
| google.golang.org/api v0.167.0 | ||
| golang.org/x/mod v0.17.0 | ||
| golang.org/x/oauth2 v0.18.0 | ||
| golang.org/x/text v0.16.0 | ||
| google.golang.org/api v0.169.0 | ||
| gopkg.in/ini.v1 v1.67.0 | ||
| gopkg.in/yaml.v2 v2.4.0 | ||
| helm.sh/helm/v3 v3.14.0 | ||
|
|
@@ -74,42 +68,44 @@ require ( | |
| dario.cat/mergo v1.0.0 // indirect | ||
| github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect | ||
| github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 // indirect | ||
| github.com/Microsoft/hcsshim v0.11.4 // indirect | ||
| github.com/agext/levenshtein v1.2.3 // indirect | ||
| github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect | ||
| github.com/apex/log v1.9.0 // indirect | ||
| github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.23 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect | ||
| github.com/cenkalti/backoff/v4 v4.2.1 // indirect | ||
| github.com/cloudflare/circl v1.3.3 // indirect | ||
| github.com/containerd/errdefs v0.1.0 // indirect | ||
| github.com/containerd/log v0.1.0 // indirect | ||
| github.com/containerd/typeurl v1.0.2 // indirect | ||
| github.com/containerd/platforms v0.2.1 // indirect | ||
| github.com/containerd/typeurl/v2 v2.1.1 // indirect | ||
| github.com/cpuguy83/dockercfg v0.3.1 // indirect | ||
| github.com/cyphar/filepath-securejoin v0.2.4 // indirect | ||
| github.com/distribution/reference v0.5.0 // indirect | ||
| github.com/distribution/reference v0.6.0 // indirect | ||
| github.com/felixge/httpsnoop v1.0.4 // indirect | ||
| github.com/gabriel-vasile/mimetype v1.4.2 // indirect | ||
| github.com/go-jose/go-jose/v3 v3.0.1 // indirect | ||
| github.com/go-jose/go-jose/v3 v3.0.3 // indirect | ||
| github.com/go-logr/stdr v1.2.2 // indirect | ||
| github.com/go-ole/go-ole v1.2.6 // indirect | ||
| github.com/google/gnostic-models v0.6.8 // indirect | ||
| github.com/google/s2a-go v0.1.7 // indirect | ||
| github.com/heroku/color v0.0.6 // indirect | ||
| github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect | ||
| github.com/moby/buildkit v0.12.2 // indirect | ||
| github.com/moby/buildkit v0.12.5 // indirect | ||
| github.com/moby/docker-image-spec v1.3.1 // indirect | ||
| github.com/moby/patternmatcher v0.6.0 // indirect | ||
| github.com/moby/sys/sequential v0.5.0 // indirect | ||
| github.com/moby/sys/user v0.1.0 // indirect | ||
| github.com/oapi-codegen/runtime v1.0.0 // indirect | ||
| github.com/opencontainers/runc v1.1.9 // indirect | ||
| github.com/pjbgf/sha1cd v0.3.0 // indirect | ||
| github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect | ||
| github.com/shirou/gopsutil/v3 v3.23.8 // indirect | ||
| github.com/shirou/gopsutil/v3 v3.23.12 // indirect | ||
| github.com/shoenig/go-m1cpu v0.1.6 // indirect | ||
| github.com/skeema/knownhosts v1.2.1 // indirect | ||
| github.com/tklauser/go-sysconf v0.3.12 // indirect | ||
| github.com/tklauser/numcpus v0.6.1 // indirect | ||
| github.com/yusufpapurcu/wmi v1.2.3 // indirect | ||
| go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.48.0 // indirect | ||
| go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect | ||
| go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect | ||
| go.opentelemetry.io/otel v1.24.0 // indirect | ||
| go.opentelemetry.io/otel/metric v1.24.0 // indirect | ||
|
|
@@ -118,14 +114,13 @@ require ( | |
| go.uber.org/multierr v1.6.0 // indirect | ||
| go.uber.org/zap v1.17.0 // indirect | ||
| golang.org/x/image v0.0.0-20220302094943-723b81ca9867 // indirect | ||
| golang.org/x/tools v0.17.0 // indirect | ||
| google.golang.org/genproto/googleapis/api v0.0.0-20240304161311-37d4d3c04a78 // indirect | ||
| google.golang.org/genproto/googleapis/rpc v0.0.0-20240228224816-df926f6c8641 // indirect | ||
| google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237 // indirect | ||
| google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect | ||
| ) | ||
|
|
||
| require ( | ||
| cloud.google.com/go v0.112.1 // indirect | ||
| cloud.google.com/go/compute v1.24.0 // indirect | ||
| cloud.google.com/go/compute v1.25.1 // indirect | ||
| cloud.google.com/go/iam v1.1.6 // indirect | ||
| github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0 // indirect | ||
| github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect | ||
|
|
@@ -134,34 +129,34 @@ require ( | |
| github.com/Masterminds/goutils v1.1.1 // indirect | ||
| github.com/Masterminds/semver v1.5.0 // indirect | ||
| github.com/Masterminds/semver/v3 v3.2.1 // indirect | ||
| github.com/Microsoft/go-winio v0.6.1 // indirect | ||
| github.com/Microsoft/go-winio v0.6.2 // indirect | ||
| github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect | ||
| github.com/antchfx/xpath v1.2.0 // indirect | ||
| github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect | ||
| github.com/aws/aws-sdk-go-v2 v1.21.2 // indirect | ||
| github.com/aws/aws-sdk-go-v2 v1.24.1 // indirect | ||
| github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 // indirect | ||
| github.com/aws/aws-sdk-go-v2/credentials v1.13.43 // indirect | ||
| github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 // indirect | ||
| github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect | ||
| github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect | ||
| github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 // indirect | ||
| github.com/aws/aws-sdk-go-v2/credentials v1.16.16 // indirect | ||
| github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect | ||
| github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect | ||
| github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect | ||
| github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.26 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.0 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 // indirect | ||
| github.com/aws/smithy-go v1.15.0 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect | ||
| github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect | ||
| github.com/aws/smithy-go v1.19.0 // indirect | ||
| github.com/beorn7/perks v1.0.1 // indirect | ||
| github.com/buildpacks/imgutil v0.0.0-20230919143643-4ec9360d5f02 // indirect | ||
| github.com/cenkalti/backoff/v3 v3.2.2 // indirect | ||
| github.com/cespare/xxhash/v2 v2.2.0 // indirect | ||
| github.com/containerd/containerd v1.7.11 // indirect | ||
| github.com/containerd/containerd v1.7.20 // indirect | ||
| github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect | ||
| github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect | ||
| github.com/docker/distribution v2.8.3+incompatible // indirect | ||
| github.com/docker/docker-credential-helpers v0.8.0 // indirect | ||
| github.com/docker/go-connections v0.4.0 // indirect | ||
| github.com/docker/go-connections v0.5.0 // indirect | ||
| github.com/docker/go-metrics v0.0.1 // indirect | ||
| github.com/docker/go-units v0.5.0 // indirect | ||
| github.com/emicklei/go-restful/v3 v3.11.0 // indirect | ||
|
|
@@ -188,7 +183,7 @@ require ( | |
| github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 | ||
| github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect | ||
| github.com/googleapis/gax-go/v2 v2.12.2 // indirect | ||
| github.com/gorilla/mux v1.8.0 // indirect | ||
| github.com/gorilla/mux v1.8.1 // indirect | ||
| github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect | ||
| github.com/hashicorp/errwrap v1.1.0 // indirect | ||
| github.com/hashicorp/go-cleanhttp v0.5.2 // indirect | ||
|
|
@@ -206,7 +201,7 @@ require ( | |
| github.com/josharian/intern v1.0.0 // indirect | ||
| github.com/json-iterator/go v1.1.12 // indirect | ||
| github.com/kevinburke/ssh_config v1.2.0 // indirect | ||
| github.com/klauspost/compress v1.17.1 // indirect | ||
| github.com/klauspost/compress v1.17.4 // indirect | ||
| github.com/leodido/go-urn v1.2.4 // indirect | ||
| github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect | ||
| github.com/magicsong/color-glog v0.0.1 // indirect | ||
|
|
@@ -229,7 +224,7 @@ require ( | |
| github.com/oklog/ulid v1.3.1 // indirect | ||
| github.com/onsi/ginkgo v1.16.5 // indirect | ||
| github.com/opencontainers/go-digest v1.0.0 // indirect | ||
| github.com/opencontainers/image-spec v1.1.0-rc5 // indirect | ||
| github.com/opencontainers/image-spec v1.1.0 // indirect | ||
| github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect | ||
| github.com/pasztorpisti/qs v0.0.0-20171216220353-8d6c33ee906c | ||
| github.com/peterbourgon/diskv v2.0.1+incompatible // indirect | ||
|
|
@@ -250,16 +245,16 @@ require ( | |
| go.mongodb.org/mongo-driver v1.11.6 // indirect | ||
| go.opencensus.io v0.24.0 // indirect | ||
| go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect | ||
| golang.org/x/crypto v0.22.0 | ||
| golang.org/x/crypto v0.25.0 | ||
| golang.org/x/exp v0.0.0-20240205201215-2c58cdc269a3 | ||
| golang.org/x/net v0.21.0 // indirect | ||
| golang.org/x/sync v0.6.0 | ||
| golang.org/x/sys v0.19.0 // indirect | ||
| golang.org/x/term v0.19.0 // indirect | ||
| golang.org/x/net v0.26.0 // indirect | ||
| golang.org/x/sync v0.7.0 | ||
| golang.org/x/sys v0.22.0 // indirect | ||
| golang.org/x/term v0.22.0 // indirect | ||
| golang.org/x/time v0.5.0 // indirect | ||
| google.golang.org/appengine v1.6.8 // indirect | ||
| google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect | ||
| google.golang.org/grpc v1.62.0 // indirect | ||
| google.golang.org/grpc v1.64.1 // indirect | ||
| google.golang.org/protobuf v1.33.0 // indirect | ||
| gopkg.in/inf.v0 v0.9.1 // indirect | ||
| gopkg.in/warnings.v0 v0.1.2 // indirect | ||
|
|
@@ -271,7 +266,7 @@ require ( | |
| k8s.io/klog/v2 v2.110.1 // indirect | ||
| k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect | ||
| k8s.io/utils v0.0.0-20240102154912-e7106e64919e | ||
| oras.land/oras-go v1.2.4 // indirect | ||
| oras.land/oras-go v1.2.6 // indirect | ||
| sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect | ||
| sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect | ||
| sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect | ||
|
|
||
Oops, something went wrong.