Commit Graph

11 Commits

Author SHA1 Message Date
Madhu Rajanna
aa4271a32a rebase: update vault to latest release
even 1.9.9 i havign security vulnerabilities
https://github.com/ceph/ceph-csi/actions/
\runs/5088482029/jobs/9144940410?pr=3859

updating the vault to latest release and all other
updates are due to the dependency update by `go mod tidy`

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-05-26 16:16:57 +00:00
dependabot[bot]
855a3fa193 rebase: bump golang.org/x/crypto from 0.3.0 to 0.4.0
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](https://github.com/golang/crypto/compare/v0.3.0...v0.4.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-13 10:04:00 +00:00
Niels de Vos
e08005f402 rebase: ParseAcceptLanguage takes a long time to parse complex tags
A vulnerability was found in golang.org/x/text/language package which
could cause a denial of service. An attacker can craft an
Accept-Language header which ParseAcceptLanguage will take significant
time to parse.
Version v0.3.8 of golang.org/x/text fixes a vulnerability.

See-also: https://go.dev/issue/56152
See-also: https://bugzilla.redhat.com/CVE-2022-32149
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2022-10-18 11:58:37 +00:00
Madhu Rajanna
fb7dc13dfe rebase: update packages in go.mod to latest releases
updated few packages in go.mod to latest
available release.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-06-04 11:52:22 +00:00
Madhu Rajanna
83559144b1 rebase: update kubernetes to v1.20.0
updated kubernetes packages to latest
release.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-17 16:04:54 +00:00
Niels de Vos
91774fc936 rebase: vendor dependencies for Vault API
Uses github.com/libopenstorage/secrets to communicate with Vault. This
removes the need for maintaining our own limited Vault APIs.

By adding the new dependency, several other packages got updated in the
process. Unused indirect dependencies have been removed from go.mod.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-11-29 04:03:59 +00:00
Mudit Agarwal
8e434bb3ee build: update vendor with latest version
Updating the version of golang.org/x/text to version v0.3.3.
It fixes the vulnerability in http://golang.org/x/text/encoding/unicode
which leads UTF-16 decoder entering an infinite loop causing
the program to crash or run out of memory.

Signed-off-by: Mudit Agarwal <muagarwa@redhat.com>
2020-09-21 10:49:28 +00:00
Madhu Rajanna
d5a0606c33 Migrate from dep to go module
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-03-17 10:44:07 +00:00
Madhu Rajanna
d300da19b7 vendor update for E2E framework
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-06-04 11:39:42 +05:30
Madhu Rajanna
b10ba188e7 vendor cleanup: remove unused,non-go and test files 2019-01-16 00:19:28 +05:30
Serguei Bezverkhi
7b24313bd6 vendor files 2018-01-10 13:42:26 -05:00