keel-hq
/
keel
mirror of https://github.com/keel-hq/keel/tree/master/chart/keel
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update GO to 1.22 and bump dependencies with vulnerabilities 

Update GO to 1.22 and bump dependencies with vulnerabilities
pull/750/merge
David 2024-11-05 13:11:52 +01:00 committed by GitHub
parent a2ececac2b
commit 0473dc645a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
9 changed files with 689 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.drone.yml
View File

@ -7,12 +7,12 @@ workspace:
steps:
- name: unit-test
image: golang:1.21.3
image: golang:1.22.8
commands:
- make test
- name: build
image: golang:1.21.3
image: golang:1.22.8
commands:
- make install

4
Dockerfile
View File

@ -1,4 +1,4 @@
FROM golang:1.21.3
FROM golang:1.22.8
COPY . /go/src/github.com/keel-hq/keel
WORKDIR /go/src/github.com/keel-hq/keel
RUN make install
@ -10,7 +10,7 @@ RUN yarn
RUN yarn run lint --no-fix
RUN yarn run build
FROM alpine:latest
FROM alpine:3.20.3
RUN apk --no-cache add ca-certificates
VOLUME /data

2
Dockerfile.debian
View File

@ -1,4 +1,4 @@
FROM golang:1.14.2
FROM golang:1.22.8
COPY . /go/src/github.com/keel-hq/keel
WORKDIR /go/src/github.com/keel-hq/keel
RUN make build

4
Dockerfile.debug
View File

@ -1,4 +1,4 @@
FROM golang:1.21.3
FROM golang:1.22.8
COPY . /go/src/github.com/keel-hq/keel
WORKDIR /go/src/github.com/keel-hq/keel
RUN make install-debug
@ -10,7 +10,7 @@ RUN yarn
RUN yarn run lint --no-fix
RUN yarn run build
FROM golang:1.21.3
FROM golang:1.22.8
RUN apt-get update && \
apt-get install -y --no-install-recommends ca-certificates && \

2
Dockerfile.tests
View File

@ -1,4 +1,4 @@
FROM golang:1.21.3
FROM golang:1.22.8
# Install tparse and go-junit-report
RUN go install github.com/mfridman/tparse@latest && \

83
go.mod
View File

@ -1,6 +1,6 @@
module github.com/keel-hq/keel
go 1.21
go 1.22.4
replace (
k8s.io/api => k8s.io/api v0.28.3
@ -33,32 +33,30 @@ replace k8s.io/kubernetes => k8s.io/kubernetes v1.28.3
require (
cloud.google.com/go/pubsub v1.33.0
github.com/Masterminds/semver v1.5.0
github.com/aws/aws-sdk-go v1.46.6
github.com/containerd/containerd v1.7.11 // indirect
github.com/aws/aws-sdk-go v1.55.5
github.com/containerd/containerd v1.7.18 // indirect
github.com/daneharrigan/hipchat v0.0.0-20170512185232-835dc879394a
github.com/dgrijalva/jwt-go v3.2.0+incompatible
github.com/docker/distribution v2.8.3+incompatible
github.com/docker/docker v24.0.7+incompatible // indirect
github.com/google/uuid v1.4.0
github.com/gorilla/mux v1.8.0
github.com/docker/docker v27.3.1+incompatible // indirect
github.com/google/uuid v1.6.0
github.com/gorilla/mux v1.8.1
github.com/jinzhu/gorm v1.9.16
github.com/jmoiron/sqlx v1.3.5 // indirect
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.1.0-rc5
github.com/opencontainers/image-spec v1.1.0
github.com/prometheus/client_golang v1.17.0
github.com/rusenask/cron v1.1.0
github.com/rusenask/docker-registry-client v0.0.0-20200210164146-049272422097
github.com/ryanuber/go-glob v1.0.0
github.com/sirupsen/logrus v1.9.3
github.com/slack-go/slack v0.12.3
github.com/stretchr/testify v1.8.4
github.com/stretchr/testify v1.9.0
github.com/tbruyelle/hipchat-go v0.0.0-20170717082847-35aebc99209a
github.com/urfave/negroni v1.0.0
golang.org/x/crypto v0.17.0 // indirect
golang.org/x/net v0.17.0
google.golang.org/api v0.148.0
golang.org/x/crypto v0.25.0 // indirect
golang.org/x/net v0.26.0
google.golang.org/api v0.149.0
google.golang.org/grpc v1.59.0
helm.sh/helm/v3 v3.13.1
k8s.io/api v0.28.3
k8s.io/apimachinery v0.28.3
k8s.io/cli-runtime v0.28.3
@ -69,14 +67,16 @@ require (
require (
cloud.google.com/go/storage v1.30.1
github.com/alecthomas/kingpin/v2 v2.3.2
github.com/golang-jwt/jwt/v4 v4.5.1
golang.org/x/oauth2 v0.13.0
helm.sh/helm/v3 v3.0.0-00010101000000-000000000000
)
require (
cloud.google.com/go v0.110.8 // indirect
cloud.google.com/go/compute v1.23.0 // indirect
cloud.google.com/go v0.110.10 // indirect
cloud.google.com/go/compute v1.23.3 // indirect
cloud.google.com/go/compute/metadata v0.2.3 // indirect
cloud.google.com/go/iam v1.1.2 // indirect
cloud.google.com/go/iam v1.1.5 // indirect
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
github.com/BurntSushi/toml v1.3.2 // indirect
@ -85,30 +85,30 @@ require (
github.com/Masterminds/semver/v3 v3.2.1 // indirect
github.com/Masterminds/sprig/v3 v3.2.3 // indirect
github.com/Masterminds/squirrel v1.5.4 // indirect
github.com/Microsoft/hcsshim v0.11.4 // indirect
github.com/Microsoft/hcsshim v0.11.5 // indirect
github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect
github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/chai2010/gettext-go v1.0.2 // indirect
github.com/containerd/errdefs v0.1.0 // indirect
github.com/containerd/log v0.1.0 // indirect
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/distribution/reference v0.5.0 // indirect
github.com/docker/cli v24.0.6+incompatible // indirect
github.com/docker/cli v27.1.0+incompatible // indirect
github.com/docker/docker-credential-helpers v0.7.0 // indirect
github.com/docker/go-connections v0.4.0 // indirect
github.com/docker/go-connections v0.5.0 // indirect
github.com/docker/go-metrics v0.0.1 // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 // indirect
github.com/emicklei/go-restful/v3 v3.10.1 // indirect
github.com/evanphx/json-patch v5.6.0+incompatible // indirect
github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
github.com/fatih/color v1.13.0 // indirect
github.com/felixge/httpsnoop v1.0.3 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/go-errors/errors v1.4.2 // indirect
github.com/go-gorp/gorp/v3 v3.1.0 // indirect
github.com/go-logr/logr v1.2.4 // indirect
github.com/go-logr/logr v1.3.0 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/jsonpointer v0.19.6 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
@ -116,7 +116,7 @@ require (
github.com/gobwas/glob v0.2.3 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/btree v1.0.1 // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/go-cmp v0.6.0 // indirect
@ -124,7 +124,7 @@ require (
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/s2a-go v0.1.7 // indirect
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.3.1 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
github.com/googleapis/gax-go/v2 v2.12.0 // indirect
github.com/gorilla/websocket v1.4.2 // indirect
github.com/gosuri/uitable v0.0.4 // indirect
@ -138,7 +138,7 @@ require (
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/klauspost/compress v1.16.0 // indirect
github.com/klauspost/compress v1.17.4 // indirect
github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
github.com/lib/pq v1.10.9 // indirect
@ -158,12 +158,11 @@ require (
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
github.com/morikuni/aec v1.0.0 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 // indirect
github.com/prometheus/client_model v0.5.0 // indirect
github.com/prometheus/common v0.44.0 // indirect
github.com/prometheus/procfs v0.11.1 // indirect
github.com/rivo/uniseg v0.4.4 // indirect
@ -171,7 +170,7 @@ require (
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/shopspring/decimal v1.3.1 // indirect
github.com/spf13/cast v1.5.0 // indirect
github.com/spf13/cobra v1.7.0 // indirect
github.com/spf13/cobra v1.8.1 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
@ -179,22 +178,22 @@ require (
github.com/xhit/go-str2duration/v2 v2.1.0 // indirect
github.com/xlab/treeprint v1.2.0 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect
go.opentelemetry.io/otel v1.19.0 // indirect
go.opentelemetry.io/otel/metric v1.19.0 // indirect
go.opentelemetry.io/otel/trace v1.19.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect
go.opentelemetry.io/otel v1.21.0 // indirect
go.opentelemetry.io/otel/metric v1.21.0 // indirect
go.opentelemetry.io/otel/trace v1.21.0 // indirect
go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
golang.org/x/sync v0.4.0 // indirect
golang.org/x/sys v0.15.0 // indirect
golang.org/x/term v0.15.0 // indirect
golang.org/x/text v0.14.0 // indirect
golang.org/x/sync v0.7.0 // indirect
golang.org/x/sys v0.22.0 // indirect
golang.org/x/term v0.22.0 // indirect
golang.org/x/text v0.16.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20231012201019-e917dd12ba7a // indirect
google.golang.org/protobuf v1.31.0 // indirect
google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20231120223509-83a465c0220f // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 // indirect
google.golang.org/protobuf v1.33.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
@ -203,9 +202,9 @@ require (
k8s.io/component-base v0.28.3 // indirect
k8s.io/klog/v2 v2.100.1 // indirect
k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect
k8s.io/kubectl v0.28.3 // indirect
k8s.io/kubectl v0.28.2 // indirect
k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect
oras.land/oras-go v1.2.4 // indirect
oras.land/oras-go v1.2.5 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect
sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect

729
go.sum
View File

File diff suppressed because it is too large Load Diff

2
pkg/auth/auth.go
View File

@ -6,7 +6,7 @@ import (
"math/rand"
"time"
jwt "github.com/dgrijalva/jwt-go"
jwt "github.com/golang-jwt/jwt/v4"
log "github.com/sirupsen/logrus"
)

2
pkg/http/auth.go
View File

@ -5,7 +5,7 @@ import (
"fmt"
"net/http"
request "github.com/dgrijalva/jwt-go/request"
request "github.com/golang-jwt/jwt/v4/request"
"github.com/keel-hq/keel/pkg/auth"
log "github.com/sirupsen/logrus"
)