-
Notifications
You must be signed in to change notification settings - Fork 596
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix security issues reported by Black Duck #5014
Merged
Merged
Changes from 3 commits
Commits
Show all changes
9 commits
Select commit
Hold shift + click to select a range
3463f64
Fix security issues reported by Black Duck
D074360 b05fd27
Fix failing test
D074360 7e49067
Remove unused replace statement
D074360 0d7f7f6
Updated golang version in Dockerfile and workflows
D074360 26dac38
Merge branch 'master' into fix-black-duck-issues
D074360 4cb3229
Update golang version in integration tests
D074360 cc4651a
Merge branch 'master' into fix-black-duck-issues
D074360 8fe9b3e
Merge branch 'master' into fix-black-duck-issues
D074360 d71286e
Fix integration tests
D074360 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,12 +1,6 @@ | ||
module github.com/SAP/jenkins-library | ||
|
||
go 1.21 | ||
|
||
toolchain go1.21.9 | ||
|
||
// It is a locked dependency of github.com/buildpacks/[email protected]. The maintainers may remove the lock | ||
// in future releases. Check if 'replace' statement still there in their go.mod file. Remove line below if not. | ||
replace github.com/moby/buildkit => github.com/moby/buildkit v0.11.6 | ||
go 1.22.4 | ||
|
||
require ( | ||
cloud.google.com/go/storage v1.38.0 | ||
|
@@ -15,14 +9,14 @@ require ( | |
github.com/Jeffail/gabs/v2 v2.6.1 | ||
github.com/Masterminds/sprig v2.22.0+incompatible | ||
github.com/antchfx/htmlquery v1.2.4 | ||
github.com/aws/aws-sdk-go-v2/config v1.19.0 | ||
github.com/aws/aws-sdk-go-v2/config v1.26.6 | ||
github.com/aws/aws-sdk-go-v2/service/s3 v1.31.0 | ||
github.com/bmatcuk/doublestar v1.3.4 | ||
github.com/bndr/gojenkins v1.1.1-0.20240109173050-c316119c46d5 | ||
github.com/buildpacks/lifecycle v0.18.4 | ||
github.com/buildpacks/lifecycle v0.18.5 | ||
github.com/cloudevents/sdk-go/v2 v2.10.1 | ||
github.com/docker/cli v24.0.6+incompatible | ||
github.com/docker/docker v24.0.7+incompatible | ||
github.com/docker/cli v27.1.0+incompatible | ||
github.com/docker/docker v27.1.0+incompatible | ||
github.com/evanphx/json-patch v5.7.0+incompatible | ||
github.com/getsentry/sentry-go v0.26.0 | ||
github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 | ||
|
@@ -34,7 +28,7 @@ require ( | |
github.com/go-playground/universal-translator v0.18.1 | ||
github.com/go-playground/validator/v10 v10.14.1 | ||
github.com/google/go-cmp v0.6.0 | ||
github.com/google/go-containerregistry v0.16.1 | ||
github.com/google/go-containerregistry v0.19.0 | ||
github.com/google/go-github/v45 v45.2.0 | ||
github.com/google/uuid v1.6.0 | ||
github.com/hashicorp/go-retryablehttp v0.7.2 | ||
|
@@ -53,14 +47,14 @@ require ( | |
github.com/pkg/errors v0.9.1 | ||
github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 | ||
github.com/sirupsen/logrus v1.9.3 | ||
github.com/spf13/cobra v1.8.0 | ||
github.com/spf13/cobra v1.8.1 | ||
github.com/spf13/pflag v1.0.5 | ||
github.com/stretchr/testify v1.9.0 | ||
github.com/testcontainers/testcontainers-go v0.25.0 | ||
github.com/xuri/excelize/v2 v2.4.1 | ||
golang.org/x/mod v0.16.0 | ||
golang.org/x/mod v0.17.0 | ||
golang.org/x/oauth2 v0.17.0 | ||
golang.org/x/text v0.14.0 | ||
golang.org/x/text v0.16.0 | ||
google.golang.org/api v0.167.0 | ||
gopkg.in/ini.v1 v1.67.0 | ||
gopkg.in/yaml.v2 v2.4.0 | ||
|
@@ -74,33 +68,36 @@ require ( | |
dario.cat/mergo v1.0.0 // indirect | ||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect | ||
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 // indirect | ||
github.com/Microsoft/hcsshim v0.11.4 // indirect | ||
github.com/Microsoft/hcsshim v0.11.7 // indirect | ||
github.com/agext/levenshtein v1.2.3 // indirect | ||
github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect | ||
github.com/apex/log v1.9.0 // indirect | ||
github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.23 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect | ||
github.com/cenkalti/backoff/v4 v4.2.1 // indirect | ||
github.com/cloudflare/circl v1.3.3 // indirect | ||
github.com/containerd/errdefs v0.1.0 // indirect | ||
github.com/containerd/log v0.1.0 // indirect | ||
github.com/containerd/typeurl v1.0.2 // indirect | ||
github.com/containerd/platforms v0.2.1 // indirect | ||
github.com/containerd/typeurl/v2 v2.1.1 // indirect | ||
github.com/cpuguy83/dockercfg v0.3.1 // indirect | ||
github.com/cyphar/filepath-securejoin v0.2.4 // indirect | ||
github.com/distribution/reference v0.5.0 // indirect | ||
github.com/distribution/reference v0.6.0 // indirect | ||
github.com/felixge/httpsnoop v1.0.4 // indirect | ||
github.com/gabriel-vasile/mimetype v1.4.2 // indirect | ||
github.com/go-jose/go-jose/v3 v3.0.1 // indirect | ||
github.com/go-jose/go-jose/v3 v3.0.3 // indirect | ||
github.com/go-logr/stdr v1.2.2 // indirect | ||
github.com/go-ole/go-ole v1.2.6 // indirect | ||
github.com/google/gnostic-models v0.6.8 // indirect | ||
github.com/google/s2a-go v0.1.7 // indirect | ||
github.com/heroku/color v0.0.6 // indirect | ||
github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect | ||
github.com/moby/buildkit v0.12.2 // indirect | ||
github.com/moby/buildkit v0.12.5 // indirect | ||
github.com/moby/docker-image-spec v1.3.1 // indirect | ||
github.com/moby/patternmatcher v0.6.0 // indirect | ||
github.com/moby/sys/sequential v0.5.0 // indirect | ||
github.com/moby/sys/user v0.1.0 // indirect | ||
github.com/oapi-codegen/runtime v1.0.0 // indirect | ||
github.com/opencontainers/runc v1.1.9 // indirect | ||
github.com/pjbgf/sha1cd v0.3.0 // indirect | ||
github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect | ||
github.com/shirou/gopsutil/v3 v3.23.8 // indirect | ||
|
@@ -118,7 +115,6 @@ require ( | |
go.uber.org/multierr v1.6.0 // indirect | ||
go.uber.org/zap v1.17.0 // indirect | ||
golang.org/x/image v0.0.0-20220302094943-723b81ca9867 // indirect | ||
golang.org/x/tools v0.17.0 // indirect | ||
google.golang.org/genproto/googleapis/api v0.0.0-20240304161311-37d4d3c04a78 // indirect | ||
google.golang.org/genproto/googleapis/rpc v0.0.0-20240228224816-df926f6c8641 // indirect | ||
) | ||
|
@@ -134,34 +130,34 @@ require ( | |
github.com/Masterminds/goutils v1.1.1 // indirect | ||
github.com/Masterminds/semver v1.5.0 // indirect | ||
github.com/Masterminds/semver/v3 v3.2.1 // indirect | ||
github.com/Microsoft/go-winio v0.6.1 // indirect | ||
github.com/Microsoft/go-winio v0.6.2 // indirect | ||
github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect | ||
github.com/antchfx/xpath v1.2.0 // indirect | ||
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect | ||
github.com/aws/aws-sdk-go-v2 v1.21.2 // indirect | ||
github.com/aws/aws-sdk-go-v2 v1.24.1 // indirect | ||
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 // indirect | ||
github.com/aws/aws-sdk-go-v2/credentials v1.13.43 // indirect | ||
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 // indirect | ||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect | ||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect | ||
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 // indirect | ||
github.com/aws/aws-sdk-go-v2/credentials v1.16.16 // indirect | ||
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect | ||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect | ||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect | ||
github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.26 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.0 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 // indirect | ||
github.com/aws/smithy-go v1.15.0 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect | ||
github.com/aws/smithy-go v1.19.0 // indirect | ||
github.com/beorn7/perks v1.0.1 // indirect | ||
github.com/buildpacks/imgutil v0.0.0-20230919143643-4ec9360d5f02 // indirect | ||
github.com/cenkalti/backoff/v3 v3.2.2 // indirect | ||
github.com/cespare/xxhash/v2 v2.2.0 // indirect | ||
github.com/containerd/containerd v1.7.11 // indirect | ||
github.com/containerd/containerd v1.7.20 // indirect | ||
github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect | ||
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect | ||
github.com/docker/distribution v2.8.3+incompatible // indirect | ||
github.com/docker/docker-credential-helpers v0.8.0 // indirect | ||
github.com/docker/go-connections v0.4.0 // indirect | ||
github.com/docker/go-connections v0.5.0 // indirect | ||
github.com/docker/go-metrics v0.0.1 // indirect | ||
github.com/docker/go-units v0.5.0 // indirect | ||
github.com/emicklei/go-restful/v3 v3.11.0 // indirect | ||
|
@@ -188,7 +184,7 @@ require ( | |
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 | ||
github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect | ||
github.com/googleapis/gax-go/v2 v2.12.2 // indirect | ||
github.com/gorilla/mux v1.8.0 // indirect | ||
github.com/gorilla/mux v1.8.1 // indirect | ||
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect | ||
github.com/hashicorp/errwrap v1.1.0 // indirect | ||
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect | ||
|
@@ -206,7 +202,7 @@ require ( | |
github.com/josharian/intern v1.0.0 // indirect | ||
github.com/json-iterator/go v1.1.12 // indirect | ||
github.com/kevinburke/ssh_config v1.2.0 // indirect | ||
github.com/klauspost/compress v1.17.1 // indirect | ||
github.com/klauspost/compress v1.17.4 // indirect | ||
github.com/leodido/go-urn v1.2.4 // indirect | ||
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect | ||
github.com/magicsong/color-glog v0.0.1 // indirect | ||
|
@@ -229,7 +225,7 @@ require ( | |
github.com/oklog/ulid v1.3.1 // indirect | ||
github.com/onsi/ginkgo v1.16.5 // indirect | ||
github.com/opencontainers/go-digest v1.0.0 // indirect | ||
github.com/opencontainers/image-spec v1.1.0-rc5 // indirect | ||
github.com/opencontainers/image-spec v1.1.0 // indirect | ||
github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect | ||
github.com/pasztorpisti/qs v0.0.0-20171216220353-8d6c33ee906c | ||
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect | ||
|
@@ -250,12 +246,12 @@ require ( | |
go.mongodb.org/mongo-driver v1.11.6 // indirect | ||
go.opencensus.io v0.24.0 // indirect | ||
go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect | ||
golang.org/x/crypto v0.22.0 | ||
golang.org/x/crypto v0.25.0 | ||
golang.org/x/exp v0.0.0-20240205201215-2c58cdc269a3 | ||
golang.org/x/net v0.21.0 // indirect | ||
golang.org/x/sync v0.6.0 | ||
golang.org/x/sys v0.19.0 // indirect | ||
golang.org/x/term v0.19.0 // indirect | ||
golang.org/x/net v0.26.0 // indirect | ||
golang.org/x/sync v0.7.0 | ||
golang.org/x/sys v0.22.0 // indirect | ||
golang.org/x/term v0.22.0 // indirect | ||
golang.org/x/time v0.5.0 // indirect | ||
google.golang.org/appengine v1.6.8 // indirect | ||
google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect | ||
|
@@ -271,7 +267,7 @@ require ( | |
k8s.io/klog/v2 v2.110.1 // indirect | ||
k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect | ||
k8s.io/utils v0.0.0-20240102154912-e7106e64919e | ||
oras.land/oras-go v1.2.4 // indirect | ||
oras.land/oras-go v1.2.6 // indirect | ||
sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect | ||
sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect | ||
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect | ||
|
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need to update version in github workflows as well. You can find them be keyword
1.21
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and here also: https://github.com/SAP/jenkins-library/blob/master/src/com/sap/piper/PiperGoUtils.groovy#L33