DockerCLI/vendor.mod

105 lines
4.7 KiB
Modula-2
Raw Normal View History

module github.com/docker/cli
// 'vendor.mod' enables use of 'go mod vendor' to managed 'vendor/' directory.
// There is no 'go.mod' file, as that would imply opting in for all the rules
// around SemVer, which this repo cannot abide by as it uses CalVer.
go 1.21.0
require (
dario.cat/mergo v1.0.1
github.com/containerd/platforms v0.2.1
github.com/creack/pty v1.1.21
github.com/distribution/reference v0.6.0
github.com/docker/cli-docs-tool v0.8.0
github.com/docker/distribution v2.8.3+incompatible
github.com/docker/docker v27.0.2-0.20240912171519-164cae56ed95+incompatible // master (v-next)
github.com/docker/docker-credential-helpers v0.8.2
github.com/docker/go-connections v0.5.0
github.com/docker/go-units v0.5.0
github.com/fvbommel/sortorder v1.1.0
github.com/go-jose/go-jose/v3 v3.0.3
github.com/go-viper/mapstructure/v2 v2.0.0
github.com/gogo/protobuf v1.3.2
github.com/google/go-cmp v0.6.0
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
github.com/mattn/go-runewidth v0.0.15
github.com/moby/patternmatcher v0.6.0
github.com/moby/swarmkit/v2 v2.0.0-20240611172349-ea1a7cec35cb
github.com/moby/sys/sequential v0.6.0
github.com/moby/sys/signal v0.7.1
github.com/moby/term v0.5.0
github.com/morikuni/aec v1.0.0
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.1.0
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c
github.com/pkg/errors v0.9.1
github.com/sirupsen/logrus v1.9.3
github.com/spf13/cobra v1.8.1
github.com/spf13/pflag v1.0.5
github.com/theupdateframework/notary v0.7.1-0.20210315103452-bf96a202a09a
github.com/tonistiigi/go-rosetta v0.0.0-20200727161949-f79598599c5d
github.com/xeipuuv/gojsonschema v1.2.0
go.opentelemetry.io/otel v1.21.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0
go.opentelemetry.io/otel/metric v1.21.0
go.opentelemetry.io/otel/sdk v1.21.0
go.opentelemetry.io/otel/sdk/metric v1.21.0
go.opentelemetry.io/otel/trace v1.21.0
golang.org/x/sync v0.8.0
golang.org/x/sys v0.24.0
golang.org/x/term v0.23.0
golang.org/x/text v0.17.0
gopkg.in/yaml.v2 v2.4.0
gotest.tools/v3 v3.5.1
tags.cncf.io/container-device-interface v0.8.0
)
vendor dependencies with go1.17 Some warnings about go1.16 compatibility, so including them here: + go mod tidy -modfile=vendor.mod github.com/docker/cli/cli/registry/client imports github.com/docker/distribution/registry/api/v2 imports github.com/gorilla/mux loaded from github.com/gorilla/mux@v1.7.0, but go 1.16 would select v1.8.0 github.com/docker/cli/cli/compose/loader imports gopkg.in/yaml.v2 tested by gopkg.in/yaml.v2.test imports gopkg.in/check.v1 loaded from gopkg.in/check.v1@v1.0.0-20200227125254-8fa46927fb4f, but go 1.16 would select v1.0.0-20201130134442-10cb98267c6c github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/Shopify/logrus-bugsnag loaded from github.com/Shopify/logrus-bugsnag@v0.0.0-20170309145241-6dbc35f2c30d, but go 1.16 would select v0.0.0-20171204204709-577dee27f20d github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server/storage imports gopkg.in/rethinkdb/rethinkdb-go.v6 imports github.com/opentracing/opentracing-go loaded from github.com/opentracing/opentracing-go@v1.1.0, but go 1.16 would select v1.2.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server/storage imports gopkg.in/rethinkdb/rethinkdb-go.v6 imports github.com/opentracing/opentracing-go/ext loaded from github.com/opentracing/opentracing-go@v1.1.0, but go 1.16 would select v1.2.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server/storage imports gopkg.in/rethinkdb/rethinkdb-go.v6 imports github.com/opentracing/opentracing-go/log loaded from github.com/opentracing/opentracing-go@v1.1.0, but go 1.16 would select v1.2.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports github.com/spf13/afero loaded from github.com/spf13/afero@v1.1.2, but go 1.16 would select v1.2.2 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports github.com/spf13/cast loaded from github.com/spf13/cast@v1.3.0, but go 1.16 would select v1.3.1 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports github.com/spf13/jwalterweatherman loaded from github.com/spf13/jwalterweatherman@v1.0.0, but go 1.16 would select v1.1.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports gopkg.in/ini.v1 loaded from gopkg.in/ini.v1@v1.51.0, but go 1.16 would select v1.56.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports github.com/spf13/afero imports github.com/spf13/afero/mem loaded from github.com/spf13/afero@v1.1.2, but go 1.16 would select v1.2.2 To upgrade to the versions selected by go 1.16: go mod tidy -go=1.16 && go mod tidy -go=1.17 If reproducibility with go 1.16 is not needed: go mod tidy -compat=1.17 For other options, see: https://golang.org/doc/modules/pruning Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-26 13:41:29 -04:00
require (
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
vendor dependencies with go1.17 Some warnings about go1.16 compatibility, so including them here: + go mod tidy -modfile=vendor.mod github.com/docker/cli/cli/registry/client imports github.com/docker/distribution/registry/api/v2 imports github.com/gorilla/mux loaded from github.com/gorilla/mux@v1.7.0, but go 1.16 would select v1.8.0 github.com/docker/cli/cli/compose/loader imports gopkg.in/yaml.v2 tested by gopkg.in/yaml.v2.test imports gopkg.in/check.v1 loaded from gopkg.in/check.v1@v1.0.0-20200227125254-8fa46927fb4f, but go 1.16 would select v1.0.0-20201130134442-10cb98267c6c github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/Shopify/logrus-bugsnag loaded from github.com/Shopify/logrus-bugsnag@v0.0.0-20170309145241-6dbc35f2c30d, but go 1.16 would select v0.0.0-20171204204709-577dee27f20d github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server/storage imports gopkg.in/rethinkdb/rethinkdb-go.v6 imports github.com/opentracing/opentracing-go loaded from github.com/opentracing/opentracing-go@v1.1.0, but go 1.16 would select v1.2.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server/storage imports gopkg.in/rethinkdb/rethinkdb-go.v6 imports github.com/opentracing/opentracing-go/ext loaded from github.com/opentracing/opentracing-go@v1.1.0, but go 1.16 would select v1.2.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server/storage imports gopkg.in/rethinkdb/rethinkdb-go.v6 imports github.com/opentracing/opentracing-go/log loaded from github.com/opentracing/opentracing-go@v1.1.0, but go 1.16 would select v1.2.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports github.com/spf13/afero loaded from github.com/spf13/afero@v1.1.2, but go 1.16 would select v1.2.2 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports github.com/spf13/cast loaded from github.com/spf13/cast@v1.3.0, but go 1.16 would select v1.3.1 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports github.com/spf13/jwalterweatherman loaded from github.com/spf13/jwalterweatherman@v1.0.0, but go 1.16 would select v1.1.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports gopkg.in/ini.v1 loaded from gopkg.in/ini.v1@v1.51.0, but go 1.16 would select v1.56.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports github.com/spf13/afero imports github.com/spf13/afero/mem loaded from github.com/spf13/afero@v1.1.2, but go 1.16 would select v1.2.2 To upgrade to the versions selected by go 1.16: go mod tidy -go=1.16 && go mod tidy -go=1.17 If reproducibility with go 1.16 is not needed: go mod tidy -compat=1.17 For other options, see: https://golang.org/doc/modules/pruning Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-26 13:41:29 -04:00
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
github.com/Microsoft/go-winio v0.6.2 // indirect
vendor dependencies with go1.17 Some warnings about go1.16 compatibility, so including them here: + go mod tidy -modfile=vendor.mod github.com/docker/cli/cli/registry/client imports github.com/docker/distribution/registry/api/v2 imports github.com/gorilla/mux loaded from github.com/gorilla/mux@v1.7.0, but go 1.16 would select v1.8.0 github.com/docker/cli/cli/compose/loader imports gopkg.in/yaml.v2 tested by gopkg.in/yaml.v2.test imports gopkg.in/check.v1 loaded from gopkg.in/check.v1@v1.0.0-20200227125254-8fa46927fb4f, but go 1.16 would select v1.0.0-20201130134442-10cb98267c6c github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/Shopify/logrus-bugsnag loaded from github.com/Shopify/logrus-bugsnag@v0.0.0-20170309145241-6dbc35f2c30d, but go 1.16 would select v0.0.0-20171204204709-577dee27f20d github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server/storage imports gopkg.in/rethinkdb/rethinkdb-go.v6 imports github.com/opentracing/opentracing-go loaded from github.com/opentracing/opentracing-go@v1.1.0, but go 1.16 would select v1.2.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server/storage imports gopkg.in/rethinkdb/rethinkdb-go.v6 imports github.com/opentracing/opentracing-go/ext loaded from github.com/opentracing/opentracing-go@v1.1.0, but go 1.16 would select v1.2.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server/storage imports gopkg.in/rethinkdb/rethinkdb-go.v6 imports github.com/opentracing/opentracing-go/log loaded from github.com/opentracing/opentracing-go@v1.1.0, but go 1.16 would select v1.2.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports github.com/spf13/afero loaded from github.com/spf13/afero@v1.1.2, but go 1.16 would select v1.2.2 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports github.com/spf13/cast loaded from github.com/spf13/cast@v1.3.0, but go 1.16 would select v1.3.1 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports github.com/spf13/jwalterweatherman loaded from github.com/spf13/jwalterweatherman@v1.0.0, but go 1.16 would select v1.1.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports gopkg.in/ini.v1 loaded from gopkg.in/ini.v1@v1.51.0, but go 1.16 would select v1.56.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports github.com/spf13/afero imports github.com/spf13/afero/mem loaded from github.com/spf13/afero@v1.1.2, but go 1.16 would select v1.2.2 To upgrade to the versions selected by go 1.16: go mod tidy -go=1.16 && go mod tidy -go=1.17 If reproducibility with go 1.16 is not needed: go mod tidy -compat=1.17 For other options, see: https://golang.org/doc/modules/pruning Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-26 13:41:29 -04:00
github.com/beorn7/perks v1.0.1 // indirect
github.com/cenkalti/backoff/v4 v4.2.1 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/containerd/log v0.1.0 // indirect
vendor dependencies with go1.17 Some warnings about go1.16 compatibility, so including them here: + go mod tidy -modfile=vendor.mod github.com/docker/cli/cli/registry/client imports github.com/docker/distribution/registry/api/v2 imports github.com/gorilla/mux loaded from github.com/gorilla/mux@v1.7.0, but go 1.16 would select v1.8.0 github.com/docker/cli/cli/compose/loader imports gopkg.in/yaml.v2 tested by gopkg.in/yaml.v2.test imports gopkg.in/check.v1 loaded from gopkg.in/check.v1@v1.0.0-20200227125254-8fa46927fb4f, but go 1.16 would select v1.0.0-20201130134442-10cb98267c6c github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/Shopify/logrus-bugsnag loaded from github.com/Shopify/logrus-bugsnag@v0.0.0-20170309145241-6dbc35f2c30d, but go 1.16 would select v0.0.0-20171204204709-577dee27f20d github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server/storage imports gopkg.in/rethinkdb/rethinkdb-go.v6 imports github.com/opentracing/opentracing-go loaded from github.com/opentracing/opentracing-go@v1.1.0, but go 1.16 would select v1.2.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server/storage imports gopkg.in/rethinkdb/rethinkdb-go.v6 imports github.com/opentracing/opentracing-go/ext loaded from github.com/opentracing/opentracing-go@v1.1.0, but go 1.16 would select v1.2.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server/storage imports gopkg.in/rethinkdb/rethinkdb-go.v6 imports github.com/opentracing/opentracing-go/log loaded from github.com/opentracing/opentracing-go@v1.1.0, but go 1.16 would select v1.2.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports github.com/spf13/afero loaded from github.com/spf13/afero@v1.1.2, but go 1.16 would select v1.2.2 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports github.com/spf13/cast loaded from github.com/spf13/cast@v1.3.0, but go 1.16 would select v1.3.1 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports github.com/spf13/jwalterweatherman loaded from github.com/spf13/jwalterweatherman@v1.0.0, but go 1.16 would select v1.1.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports gopkg.in/ini.v1 loaded from gopkg.in/ini.v1@v1.51.0, but go 1.16 would select v1.56.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports github.com/spf13/afero imports github.com/spf13/afero/mem loaded from github.com/spf13/afero@v1.1.2, but go 1.16 would select v1.2.2 To upgrade to the versions selected by go 1.16: go mod tidy -go=1.16 && go mod tidy -go=1.17 If reproducibility with go 1.16 is not needed: go mod tidy -compat=1.17 For other options, see: https://golang.org/doc/modules/pruning Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-26 13:41:29 -04:00
github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c // indirect
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
github.com/docker/go-metrics v0.0.1 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/go-logr/logr v1.4.1 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
vendor: google.golang.org/protobuf v1.33.0, github.com/golang/protobuf v1.5.4 full diffs: - https://github.com/protocolbuffers/protobuf-go/compare/v1.31.0...v1.33.0 - https://github.com/golang/protobuf/compare/v1.5.3...v1.5.4 From the Go security announcement list; > Version v1.33.0 of the google.golang.org/protobuf module fixes a bug in > the google.golang.org/protobuf/encoding/protojson package which could cause > the Unmarshal function to enter an infinite loop when handling some invalid > inputs. > > This condition could only occur when unmarshaling into a message which contains > a google.protobuf.Any value, or when the UnmarshalOptions.UnmarshalUnknown > option is set. Unmarshal now correctly returns an error when handling these > inputs. > > This is CVE-2024-24786. In a follow-up post; > A small correction: This vulnerability applies when the UnmarshalOptions.DiscardUnknown > option is set (as well as when unmarshaling into any message which contains a > google.protobuf.Any). There is no UnmarshalUnknown option. > > In addition, version 1.33.0 of google.golang.org/protobuf inadvertently > introduced an incompatibility with the older github.com/golang/protobuf > module. (https://github.com/golang/protobuf/issues/1596) Users of the older > module should update to github.com/golang/protobuf@v1.5.4. govulncheck results in our code shows that this does not affect the CLI: govulncheck ./... Scanning your code and 448 packages across 72 dependent modules for known vulnerabilities... === Symbol Results === No vulnerabilities found. Your code is affected by 0 vulnerabilities. This scan also found 1 vulnerability in packages you import and 0 vulnerabilities in modules you require, but your code doesn't appear to call these vulnerabilities. Use '-show verbose' for more details. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-16 11:34:55 -04:00
github.com/golang/protobuf v1.5.4 // indirect
github.com/gorilla/mux v1.8.1 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/klauspost/compress v1.17.9 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
github.com/miekg/pkcs11 v1.1.1 // indirect
github.com/moby/docker-image-spec v1.3.1 // indirect
github.com/moby/sys/symlink v0.3.0 // indirect
github.com/moby/sys/user v0.3.0 // indirect
github.com/moby/sys/userns v0.1.0 // indirect
github.com/prometheus/client_golang v1.17.0 // indirect
github.com/prometheus/client_model v0.5.0 // indirect
github.com/prometheus/common v0.44.0 // indirect
github.com/prometheus/procfs v0.15.1 // indirect
github.com/rivo/uniseg v0.2.0 // indirect
github.com/stretchr/testify v1.9.0 // indirect
vendor dependencies with go1.17 Some warnings about go1.16 compatibility, so including them here: + go mod tidy -modfile=vendor.mod github.com/docker/cli/cli/registry/client imports github.com/docker/distribution/registry/api/v2 imports github.com/gorilla/mux loaded from github.com/gorilla/mux@v1.7.0, but go 1.16 would select v1.8.0 github.com/docker/cli/cli/compose/loader imports gopkg.in/yaml.v2 tested by gopkg.in/yaml.v2.test imports gopkg.in/check.v1 loaded from gopkg.in/check.v1@v1.0.0-20200227125254-8fa46927fb4f, but go 1.16 would select v1.0.0-20201130134442-10cb98267c6c github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/Shopify/logrus-bugsnag loaded from github.com/Shopify/logrus-bugsnag@v0.0.0-20170309145241-6dbc35f2c30d, but go 1.16 would select v0.0.0-20171204204709-577dee27f20d github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server/storage imports gopkg.in/rethinkdb/rethinkdb-go.v6 imports github.com/opentracing/opentracing-go loaded from github.com/opentracing/opentracing-go@v1.1.0, but go 1.16 would select v1.2.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server/storage imports gopkg.in/rethinkdb/rethinkdb-go.v6 imports github.com/opentracing/opentracing-go/ext loaded from github.com/opentracing/opentracing-go@v1.1.0, but go 1.16 would select v1.2.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server/storage imports gopkg.in/rethinkdb/rethinkdb-go.v6 imports github.com/opentracing/opentracing-go/log loaded from github.com/opentracing/opentracing-go@v1.1.0, but go 1.16 would select v1.2.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports github.com/spf13/afero loaded from github.com/spf13/afero@v1.1.2, but go 1.16 would select v1.2.2 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports github.com/spf13/cast loaded from github.com/spf13/cast@v1.3.0, but go 1.16 would select v1.3.1 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports github.com/spf13/jwalterweatherman loaded from github.com/spf13/jwalterweatherman@v1.0.0, but go 1.16 would select v1.1.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports gopkg.in/ini.v1 loaded from gopkg.in/ini.v1@v1.51.0, but go 1.16 would select v1.56.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports github.com/spf13/afero imports github.com/spf13/afero/mem loaded from github.com/spf13/afero@v1.1.2, but go 1.16 would select v1.2.2 To upgrade to the versions selected by go 1.16: go mod tidy -go=1.16 && go mod tidy -go=1.17 If reproducibility with go 1.16 is not needed: go mod tidy -compat=1.17 For other options, see: https://golang.org/doc/modules/pruning Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-26 13:41:29 -04:00
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
go.etcd.io/etcd/raft/v3 v3.5.6 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 // indirect
go.opentelemetry.io/proto/otlp v1.0.0 // indirect
golang.org/x/crypto v0.26.0 // indirect
golang.org/x/net v0.28.0 // indirect
golang.org/x/time v0.6.0 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect
google.golang.org/grpc v1.62.0 // indirect
vendor: google.golang.org/protobuf v1.33.0, github.com/golang/protobuf v1.5.4 full diffs: - https://github.com/protocolbuffers/protobuf-go/compare/v1.31.0...v1.33.0 - https://github.com/golang/protobuf/compare/v1.5.3...v1.5.4 From the Go security announcement list; > Version v1.33.0 of the google.golang.org/protobuf module fixes a bug in > the google.golang.org/protobuf/encoding/protojson package which could cause > the Unmarshal function to enter an infinite loop when handling some invalid > inputs. > > This condition could only occur when unmarshaling into a message which contains > a google.protobuf.Any value, or when the UnmarshalOptions.UnmarshalUnknown > option is set. Unmarshal now correctly returns an error when handling these > inputs. > > This is CVE-2024-24786. In a follow-up post; > A small correction: This vulnerability applies when the UnmarshalOptions.DiscardUnknown > option is set (as well as when unmarshaling into any message which contains a > google.protobuf.Any). There is no UnmarshalUnknown option. > > In addition, version 1.33.0 of google.golang.org/protobuf inadvertently > introduced an incompatibility with the older github.com/golang/protobuf > module. (https://github.com/golang/protobuf/issues/1596) Users of the older > module should update to github.com/golang/protobuf@v1.5.4. govulncheck results in our code shows that this does not affect the CLI: govulncheck ./... Scanning your code and 448 packages across 72 dependent modules for known vulnerabilities... === Symbol Results === No vulnerabilities found. Your code is affected by 0 vulnerabilities. This scan also found 1 vulnerability in packages you import and 0 vulnerabilities in modules you require, but your code doesn't appear to call these vulnerabilities. Use '-show verbose' for more details. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-16 11:34:55 -04:00
google.golang.org/protobuf v1.33.0 // indirect
vendor dependencies with go1.17 Some warnings about go1.16 compatibility, so including them here: + go mod tidy -modfile=vendor.mod github.com/docker/cli/cli/registry/client imports github.com/docker/distribution/registry/api/v2 imports github.com/gorilla/mux loaded from github.com/gorilla/mux@v1.7.0, but go 1.16 would select v1.8.0 github.com/docker/cli/cli/compose/loader imports gopkg.in/yaml.v2 tested by gopkg.in/yaml.v2.test imports gopkg.in/check.v1 loaded from gopkg.in/check.v1@v1.0.0-20200227125254-8fa46927fb4f, but go 1.16 would select v1.0.0-20201130134442-10cb98267c6c github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/Shopify/logrus-bugsnag loaded from github.com/Shopify/logrus-bugsnag@v0.0.0-20170309145241-6dbc35f2c30d, but go 1.16 would select v0.0.0-20171204204709-577dee27f20d github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server/storage imports gopkg.in/rethinkdb/rethinkdb-go.v6 imports github.com/opentracing/opentracing-go loaded from github.com/opentracing/opentracing-go@v1.1.0, but go 1.16 would select v1.2.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server/storage imports gopkg.in/rethinkdb/rethinkdb-go.v6 imports github.com/opentracing/opentracing-go/ext loaded from github.com/opentracing/opentracing-go@v1.1.0, but go 1.16 would select v1.2.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server/storage imports gopkg.in/rethinkdb/rethinkdb-go.v6 imports github.com/opentracing/opentracing-go/log loaded from github.com/opentracing/opentracing-go@v1.1.0, but go 1.16 would select v1.2.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports github.com/spf13/afero loaded from github.com/spf13/afero@v1.1.2, but go 1.16 would select v1.2.2 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports github.com/spf13/cast loaded from github.com/spf13/cast@v1.3.0, but go 1.16 would select v1.3.1 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports github.com/spf13/jwalterweatherman loaded from github.com/spf13/jwalterweatherman@v1.0.0, but go 1.16 would select v1.1.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports gopkg.in/ini.v1 loaded from gopkg.in/ini.v1@v1.51.0, but go 1.16 would select v1.56.0 github.com/docker/cli/cli/command imports github.com/theupdateframework/notary/client tested by github.com/theupdateframework/notary/client.test imports github.com/theupdateframework/notary/server imports github.com/theupdateframework/notary/utils imports github.com/spf13/viper imports github.com/spf13/afero imports github.com/spf13/afero/mem loaded from github.com/spf13/afero@v1.1.2, but go 1.16 would select v1.2.2 To upgrade to the versions selected by go 1.16: go mod tidy -go=1.16 && go mod tidy -go=1.17 If reproducibility with go 1.16 is not needed: go mod tidy -compat=1.17 For other options, see: https://golang.org/doc/modules/pruning Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-26 13:41:29 -04:00
)