kubernetes-csi/csi-driver-nfs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,650 Commits 1 Branch 0 Tags
Commit Graph

223 Commits

Author SHA1 Message Date
Pierre Prinetti
7ebdcee7a0
go.mod: Fix unresolvable indirect dependency 
Fix `go list -mod=readonly -m all` by adding a replace for
`k8s.io/dynamic-resource-allocation` that points to the
Kubernetes version currently in use.

The packages is not used here, but making the dependency resolvable
makes the go toolchain happy.

cf.: 4b48ab1fdb/go.mod (L265)
 2023-10-23 15:06:31 +02:00
Pierre Prinetti
8b12110b0a
Update k8s.io/apimachinery and k8s.io/apiserver 
This change brings no changes in the current code, but asserts that
potential future additions use updated versions of the dependencies.
 2023-10-20 10:33:48 +02:00
Pierre Prinetti
93be2ff7ac
Bump Go and golang.org/x/... to recent versions 
Mitigations to CVE-2023-44487 were added to golang.org/x/net v0.17
(c4e9120dde92bc2cce99f853d4f1c5afe1cbaa23) and in Go v1.20.10[1]. This PR
bumps Go to v1.20 to benefit from the patches to the standard library.

Aside, this patch also bump the pseudo-standard golang.org/x/...
libraries to their latest available version for good measure.

[1]: https://pkg.go.dev/vuln/GO-2023-2102
 2023-10-19 17:05:04 +02:00
dependabot[bot]
c70d7b6163
chore(deps): bump google.golang.org/grpc from 1.58.3 to 1.59.0 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.58.3 to 1.59.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.58.3...v1.59.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-17 22:52:33 +00:00
dependabot[bot]
e2589d7508
chore(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.58.2 to 1.58.3.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.58.2...v1.58.3)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-13 22:52:11 +00:00
dependabot[bot]
d6a65ac55a
chore(deps): bump golang.org/x/net from 0.16.0 to 0.17.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-10 23:04:37 +00:00
dependabot[bot]
aaf13147be
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.12.1 to 2.13.0 
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.12.1 to 2.13.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.12.1...v2.13.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-09 22:23:05 +00:00
dependabot[bot]
8fc7c4a66f
chore(deps): bump golang.org/x/net from 0.15.0 to 0.16.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.15.0 to 0.16.0.
- [Commits](https://github.com/golang/net/compare/v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-06 22:13:49 +00:00
dependabot[bot]
5754a25383
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.12.0 to 2.12.1 
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.12.0 to 2.12.1.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.12.0...v2.12.1)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-04 22:53:20 +00:00
dependabot[bot]
3e3108e2f7
chore(deps): bump github.com/onsi/gomega from 1.27.10 to 1.28.0 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.10 to 1.28.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.27.10...v1.28.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-04 01:18:13 +00:00
andyzhangx
938abb306f test: use ginko/v2 lib in e2e test 2023-10-03 06:41:42 +00:00
andyzhangx
3196a6d209 chore: upgrade k8s lib to 1.26 2023-10-03 03:31:38 +00:00
dependabot[bot]
29330cf27e
chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.58.2 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.57.0 to 1.58.2.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.57.0...v1.58.2)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-22 22:21:00 +00:00
dependabot[bot]
637cdf6649
chore(deps): bump golang.org/x/net from 0.14.0 to 0.15.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.14.0 to 0.15.0.
- [Commits](https://github.com/golang/net/compare/v0.14.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-05 23:03:50 +00:00
dependabot[bot]
76d66e2d5c
chore(deps): bump golang.org/x/net from 0.13.0 to 0.14.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.13.0 to 0.14.0.
- [Commits](https://github.com/golang/net/compare/v0.13.0...v0.14.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-07 22:53:22 +00:00
dependabot[bot]
e74cb0505e
chore(deps): bump golang.org/x/net from 0.12.0 to 0.13.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.12.0 to 0.13.0.
- [Commits](https://github.com/golang/net/compare/v0.12.0...v0.13.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-03 23:00:03 +00:00
dependabot[bot]
39b1f25c16
chore(deps): bump google.golang.org/grpc from 1.56.2 to 1.57.0 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.56.2 to 1.57.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.56.2...v1.57.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-27 22:22:19 +00:00
dependabot[bot]
b47890fb39
chore(deps): bump github.com/onsi/gomega from 1.27.8 to 1.27.10 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.8 to 1.27.10.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.27.8...v1.27.10)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-24 22:59:14 +00:00
dependabot[bot]
70301a2719
chore(deps): bump github.com/pborman/uuid from 1.2.0 to 1.2.1 
Bumps [github.com/pborman/uuid](https://github.com/pborman/uuid) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/pborman/uuid/releases)
- [Commits](https://github.com/pborman/uuid/compare/v1.2...v1.2.1)

---
updated-dependencies:
- dependency-name: github.com/pborman/uuid
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-19 22:49:32 +00:00
dependabot[bot]
6d41f01685
chore(deps): bump google.golang.org/grpc from 1.40.0 to 1.56.2 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.40.0 to 1.56.2.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.40.0...v1.56.2)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-18 22:16:59 +00:00
dependabot[bot]
8aa54d1eaf
chore(deps): bump github.com/container-storage-interface/spec 
Bumps [github.com/container-storage-interface/spec](https://github.com/container-storage-interface/spec) from 1.5.0 to 1.8.0.
- [Release notes](https://github.com/container-storage-interface/spec/releases)
- [Commits](https://github.com/container-storage-interface/spec/compare/v1.5.0...v1.8.0)

---
updated-dependencies:
- dependency-name: github.com/container-storage-interface/spec
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-17 22:27:46 +00:00
dependabot[bot]
36281fa581
chore(deps): bump golang.org/x/net from 0.10.0 to 0.12.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.12.0.
- [Commits](https://github.com/golang/net/compare/v0.10.0...v0.12.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-15 07:08:54 +00:00
andyzhangx
e4d0acedaa fix: CVE-2022-1996, CVE-2023-2431 2023-07-15 03:04:16 +00:00
dependabot[bot]
c236c9b344
chore(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0 
Bumps google.golang.org/protobuf from 1.30.0 to 1.31.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-06-30 22:46:46 +00:00
dependabot[bot]
cbd1689e09
chore(deps): bump github.com/onsi/gomega from 1.27.6 to 1.27.8 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.6 to 1.27.8.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.27.6...v1.27.8)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-06-29 22:33:35 +00:00
dependabot[bot]
53245449fd
chore(deps): bump github.com/onsi/ginkgo from 1.14.0 to 1.16.5 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.14.0 to 1.16.5.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.14.0...v1.16.5)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-06-27 23:07:37 +00:00
dependabot[bot]
9f6bf579c6
chore(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.4 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.0 to 1.8.4.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.0...v1.8.4)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-06-26 23:16:17 +00:00
dependabot[bot]
5995a84ea5
chore(deps): bump k8s.io/klog/v2 from 2.80.1 to 2.100.1 
Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.80.1 to 2.100.1.
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes/klog/compare/v2.80.1...v2.100.1)

---
updated-dependencies:
- dependency-name: k8s.io/klog/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-29 23:09:14 +00:00
dependabot[bot]
b555128e70
chore(deps): bump github.com/onsi/gomega from 1.10.1 to 1.27.6 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.10.1 to 1.27.6.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.10.1...v1.27.6)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-09 23:04:18 +00:00
dependabot[bot]
078e12a96f
chore(deps): bump google.golang.org/protobuf from 1.27.1 to 1.30.0 
Bumps google.golang.org/protobuf from 1.27.1 to 1.30.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-08 23:08:24 +00:00
dependabot[bot]
eb5b685f9f
chore(deps): bump golang.org/x/net from 0.7.0 to 0.9.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.7.0 to 0.9.0.
- [Commits](https://github.com/golang/net/compare/v0.7.0...v0.9.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-05 23:02:56 +00:00
dependabot[bot]
f70acd44d5
chore(deps): bump sigs.k8s.io/yaml from 1.2.0 to 1.3.0 
Bumps [sigs.k8s.io/yaml](https://github.com/kubernetes-sigs/yaml) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/kubernetes-sigs/yaml/releases)
- [Changelog](https://github.com/kubernetes-sigs/yaml/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/yaml/compare/v1.2.0...v1.3.0)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/yaml
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-05 11:59:08 +00:00
andyzhangx
8e71777a30 fix: CVE-2022-3294 2023-04-02 14:32:01 +00:00
andyzhangx
90f207afdd fix: CVE-2022-41723 2023-02-17 13:56:44 +00:00
andyzhangx
f8ff3228f4 cleanup: vendor dependencies 2023-02-13 14:23:59 +00:00
andyzhangx
7bec83a83e cleanup: remove golang.org/x/text version dependency 2023-02-13 14:20:50 +00:00
fsl
40d7d5bca5 fix: upgrade package dependencies 2023-01-15 16:57:04 +08:00
fsl
1ddab947bc fix: upgrade package dependencies 2023-01-15 16:55:29 +08:00
andyzhangx
9058c86fd8 chore: vendor latest mount-utils lib 
chore: vendor latest mount-utils lib
 2023-01-08 02:44:33 +00:00
andyzhangx
42bcb959a2 fix: CVE-2022-41717 2022-12-12 09:24:07 +00:00
andyzhangx
f5b5838ea1 fix: CVE-2022-32149 2022-10-12 02:49:43 +00:00
andyzhangx
0585d5e329 fix: CVE-2022-27664 2022-09-15 12:46:39 +00:00
andyzhangx
40e3d56201 fix: CVE-2022-29526 2022-08-04 12:32:20 +00:00
andyzhangx
dcd24e51e6 feat: support IPv6 server address 2022-05-15 06:54:04 +00:00
andyzhangx
4ed0c5d644 chore: Update golang.org/x/crypto for CVE-2022-27191 2022-04-13 08:31:45 +00:00
Pierre Prinetti
b8cf9c528f
fix: Address CVE-2022-21698 
Upgrade the Prometheus client to v1.11.1.

This commit is the result of running:

```
go get github.com/prometheus/client_golang@v1.11.1 \
	&& go mod tidy && go mod vendor
```

See https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p

**What this PR does / why we need it**:
Upgrades `github.com/prometheus/client_golang` to v1.11.1, where the vulnerability has been fixed.
 2022-03-24 17:01:33 +01:00
andyzhangx
0768b140af cleanup: remove snapshot dependency 2022-02-06 13:51:39 +00:00
andyzhangx
fa463459a5 chore: upgrade to k8s v1.23.3 lib 2022-02-06 13:43:30 +00:00
andyzhangx
9cf4719a97 chore: upgrade to k8s 1.23 lib 2021-12-31 07:40:41 +00:00
andyzhangx
e34d2b0af0 fix: CVE-2021-38561 with golang lib 2021-12-21 08:31:04 +00:00