Skip to content

Commit 331aa41

Browse files
aaronhurtaaronhurt
committed
address GO-2025-3528
govulncheck reported the following vulnerability. Vulnerability #1: GO-2025-3528 containerd has an integer overflow in User ID handling in github.com/containerd/containerd More info: https://pkg.go.dev/vuln/GO-2025-3528 Module: github.com/containerd/containerd Found in: github.com/containerd/[email protected] Fixed in: github.com/containerd/[email protected] Updated to github.com/containerd/[email protected] and ran tests. Ran 9 of 9 Specs in 0.002 seconds SUCCESS! -- 9 Passed | 0 Failed | 0 Pending | 0 Skipped --- PASS: TestCommon (0.00s) PASS ok github.com/helm/helm-mapkubeapis/pkg/common (cached) ? github.com/helm/helm-mapkubeapis/pkg/mapping [no test files] ? github.com/helm/helm-mapkubeapis/pkg/v3 [no test files] Signed-off-by: Aaron Hurt <[email protected]>
1 parent 134ed57 commit 331aa41

File tree

2 files changed

+127
-19
lines changed

2 files changed

+127
-19
lines changed

go.mod

Lines changed: 40 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -17,28 +17,39 @@ require (
1717

1818
require (
1919
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
20+
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
2021
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
2122
github.com/BurntSushi/toml v1.3.2 // indirect
2223
github.com/MakeNowJust/heredoc v1.0.0 // indirect
2324
github.com/Masterminds/goutils v1.1.1 // indirect
2425
github.com/Masterminds/semver/v3 v3.2.1 // indirect
2526
github.com/Masterminds/sprig/v3 v3.2.3 // indirect
2627
github.com/Masterminds/squirrel v1.5.4 // indirect
27-
github.com/Microsoft/hcsshim v0.11.4 // indirect
28+
github.com/Microsoft/go-winio v0.6.2 // indirect
29+
github.com/Microsoft/hcsshim v0.11.7 // indirect
2830
github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect
2931
github.com/beorn7/perks v1.0.1 // indirect
3032
github.com/cespare/xxhash/v2 v2.2.0 // indirect
3133
github.com/chai2010/gettext-go v1.0.2 // indirect
32-
github.com/containerd/containerd v1.7.12 // indirect
34+
github.com/containerd/cgroups v1.1.0 // indirect
35+
github.com/containerd/containerd v1.7.27 // indirect
36+
github.com/containerd/containerd/api v1.8.0 // indirect
37+
github.com/containerd/continuity v0.4.4 // indirect
38+
github.com/containerd/errdefs v0.3.0 // indirect
39+
github.com/containerd/fifo v1.1.0 // indirect
3340
github.com/containerd/log v0.1.0 // indirect
41+
github.com/containerd/platforms v0.2.1 // indirect
42+
github.com/containerd/ttrpc v1.2.7 // indirect
43+
github.com/containerd/typeurl/v2 v2.1.1 // indirect
3444
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
3545
github.com/davecgh/go-spew v1.1.1 // indirect
36-
github.com/distribution/reference v0.5.0 // indirect
46+
github.com/distribution/reference v0.6.0 // indirect
3747
github.com/docker/cli v25.0.1+incompatible // indirect
3848
github.com/docker/distribution v2.8.3+incompatible // indirect
3949
github.com/docker/docker v25.0.6+incompatible // indirect
4050
github.com/docker/docker-credential-helpers v0.7.0 // indirect
4151
github.com/docker/go-connections v0.5.0 // indirect
52+
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
4253
github.com/docker/go-metrics v0.0.1 // indirect
4354
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
4455
github.com/evanphx/json-patch v5.7.0+incompatible // indirect
@@ -55,14 +66,15 @@ require (
5566
github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
5667
github.com/gobwas/glob v0.2.3 // indirect
5768
github.com/gogo/protobuf v1.3.2 // indirect
69+
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
5870
github.com/golang/protobuf v1.5.4 // indirect
5971
github.com/google/btree v1.0.1 // indirect
6072
github.com/google/gnostic-models v0.6.8 // indirect
6173
github.com/google/go-cmp v0.6.0 // indirect
6274
github.com/google/gofuzz v1.2.0 // indirect
6375
github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 // indirect
6476
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
65-
github.com/google/uuid v1.3.0 // indirect
77+
github.com/google/uuid v1.4.0 // indirect
6678
github.com/gorilla/mux v1.8.0 // indirect
6779
github.com/gorilla/websocket v1.5.0 // indirect
6880
github.com/gosuri/uitable v0.0.4 // indirect
@@ -75,7 +87,7 @@ require (
7587
github.com/jmoiron/sqlx v1.3.5 // indirect
7688
github.com/josharian/intern v1.0.0 // indirect
7789
github.com/json-iterator/go v1.1.12 // indirect
78-
github.com/klauspost/compress v1.16.0 // indirect
90+
github.com/klauspost/compress v1.16.7 // indirect
7991
github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
8092
github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
8193
github.com/lib/pq v1.10.9 // indirect
@@ -90,14 +102,21 @@ require (
90102
github.com/mitchellh/reflectwalk v1.0.2 // indirect
91103
github.com/moby/locker v1.0.1 // indirect
92104
github.com/moby/spdystream v0.2.0 // indirect
105+
github.com/moby/sys/mountinfo v0.6.2 // indirect
106+
github.com/moby/sys/sequential v0.5.0 // indirect
107+
github.com/moby/sys/signal v0.7.0 // indirect
108+
github.com/moby/sys/user v0.3.0 // indirect
109+
github.com/moby/sys/userns v0.1.0 // indirect
93110
github.com/moby/term v0.5.0 // indirect
94111
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
95112
github.com/modern-go/reflect2 v1.0.2 // indirect
96113
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
97114
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
98115
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
99116
github.com/opencontainers/go-digest v1.0.0 // indirect
100-
github.com/opencontainers/image-spec v1.1.0-rc6 // indirect
117+
github.com/opencontainers/image-spec v1.1.0 // indirect
118+
github.com/opencontainers/runtime-spec v1.1.0 // indirect
119+
github.com/opencontainers/selinux v1.11.0 // indirect
101120
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
102121
github.com/prometheus/client_golang v1.16.0 // indirect
103122
github.com/prometheus/client_model v0.4.0 // indirect
@@ -112,25 +131,27 @@ require (
112131
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
113132
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
114133
github.com/xlab/treeprint v1.2.0 // indirect
134+
go.opencensus.io v0.24.0 // indirect
115135
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect
116-
go.opentelemetry.io/otel v1.19.0 // indirect
117-
go.opentelemetry.io/otel/metric v1.19.0 // indirect
118-
go.opentelemetry.io/otel/trace v1.19.0 // indirect
136+
go.opentelemetry.io/otel v1.21.0 // indirect
137+
go.opentelemetry.io/otel/metric v1.21.0 // indirect
138+
go.opentelemetry.io/otel/trace v1.21.0 // indirect
119139
go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
120-
golang.org/x/crypto v0.26.0 // indirect
140+
golang.org/x/crypto v0.31.0 // indirect
121141
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
122-
golang.org/x/net v0.28.0 // indirect
123-
golang.org/x/oauth2 v0.10.0 // indirect
124-
golang.org/x/sync v0.8.0 // indirect
125-
golang.org/x/sys v0.23.0 // indirect
126-
golang.org/x/term v0.23.0 // indirect
127-
golang.org/x/text v0.17.0 // indirect
142+
golang.org/x/net v0.33.0 // indirect
143+
golang.org/x/oauth2 v0.11.0 // indirect
144+
golang.org/x/sync v0.10.0 // indirect
145+
golang.org/x/sys v0.28.0 // indirect
146+
golang.org/x/term v0.27.0 // indirect
147+
golang.org/x/text v0.21.0 // indirect
128148
golang.org/x/time v0.3.0 // indirect
129149
golang.org/x/tools v0.24.0 // indirect
130150
google.golang.org/appengine v1.6.7 // indirect
131-
google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect
132-
google.golang.org/grpc v1.58.3 // indirect
133-
google.golang.org/protobuf v1.34.1 // indirect
151+
google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 // indirect
152+
google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda // indirect
153+
google.golang.org/grpc v1.59.0 // indirect
154+
google.golang.org/protobuf v1.35.2 // indirect
134155
gopkg.in/inf.v0 v0.9.1 // indirect
135156
gopkg.in/yaml.v2 v2.4.0 // indirect
136157
k8s.io/api v0.30.3 // indirect

0 commit comments

Comments
 (0)