Skip to content

Commit d7493ca

Browse files
jdesouzajdesouza
authored
INS-1692: Fix vulnerability and bump libs for insights-cli (#293)
* INS-1692: Fix vulnerability and bump libs for insights-cli * INS-1692: Fix vulnerability and bump libs for insights-cli * INS-1692: Fix vulnerability and bump libs for insights-cli * INS-1692: Fix vulnerability and bump libs for insights-cli * INS-1692: Fix vulnerability and bump libs for insights-cli
1 parent c398a27 commit d7493ca

4 files changed

Lines changed: 263 additions & 205 deletions

File tree

.circleci/config.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
version: 2.1
22
orbs:
3-
rok8s: fairwinds/rok8s-scripts@12.1.1
3+
rok8s: fairwinds/rok8s-scripts@14
44

55
references:
66
install_vault: &install_vault
@@ -19,7 +19,7 @@ jobs:
1919
resource_class: large
2020
docker:
2121
# Note the goreleaser version is also referenced in the release and snapshot jobs.
22-
- image: goreleaser/goreleaser:v2.11.2
22+
- image: goreleaser/goreleaser:v2.13.1
2323
steps:
2424
- checkout
2525
- run:
@@ -31,7 +31,7 @@ jobs:
3131
echo "$output"
3232
exit 1
3333
fi
34-
wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/HEAD/install.sh | sh -s -- -b /usr/local/bin v2.3.1
34+
wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/HEAD/install.sh | sh -s -- -b /usr/local/bin v2.7.2
3535
golangci-lint run -v --timeout 2m0s
3636
- run: ./.circleci/scripts/e2e-env.sh
3737
- *install_vault
@@ -47,7 +47,7 @@ jobs:
4747
resource_class: large
4848
docker:
4949
# Note the goreleaser version is also referenced in the release and test jobs.
50-
- image: goreleaser/goreleaser:v2.11.2
50+
- image: goreleaser/goreleaser:v2.13.1
5151
steps:
5252
- checkout
5353
- setup_remote_docker:
@@ -63,7 +63,7 @@ jobs:
6363
shell: /bin/bash
6464
docker:
6565
# Note the goreleaser version is also referenced in the snapshot and test jobs.
66-
- image: goreleaser/goreleaser:v2.11.2
66+
- image: goreleaser/goreleaser:v2.13.1
6767
steps:
6868
- checkout
6969
- run: ./.circleci/scripts/e2e-env.sh
@@ -73,7 +73,7 @@ jobs:
7373
- rok8s/get_vault_env:
7474
vault_path: repo/insights-cli/env
7575
- run: |
76-
wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/HEAD/install.sh | sh -s -- -b /usr/local/bin v2.3.1
76+
wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/HEAD/install.sh | sh -s -- -b /usr/local/bin v2.7.2
7777
golangci-lint run -v --timeout 2m0s
7878
go test -tags e2e ./pkg/...
7979
- setup_remote_docker:

go.mod

Lines changed: 72 additions & 62 deletions
Original file line numberDiff line numberDiff line change
@@ -1,26 +1,26 @@
11
module github.com/fairwindsops/insights-cli
22

3-
go 1.24.4
4-
5-
toolchain go1.24.5
3+
go 1.25.5
64

75
require (
8-
github.com/fairwindsops/insights-plugins/plugins/opa v0.0.0-20250731170703-4746d9c4a102
6+
github.com/fairwindsops/insights-plugins/plugins/opa v0.0.0-20251208205843-4e21ca530528
97
github.com/fatih/color v1.18.0
108
github.com/google/go-cmp v0.7.0
119
github.com/hashicorp/go-multierror v1.1.1
12-
github.com/imroc/req/v3 v3.54.2
13-
github.com/open-policy-agent/opa v1.7.1
10+
github.com/imroc/req/v3 v3.56.0
11+
github.com/open-policy-agent/opa v1.11.0
1412
github.com/rogpeppe/go-internal v1.14.1
15-
github.com/samber/lo v1.51.0
16-
github.com/sirupsen/logrus v1.9.3
17-
github.com/spf13/cobra v1.10.1
13+
github.com/samber/lo v1.52.0
14+
github.com/sirupsen/logrus v1.9.4-0.20230606125235-dd1b4c2e81af
15+
github.com/spf13/cobra v1.10.2
1816
github.com/stretchr/testify v1.11.1
1917
github.com/xlab/treeprint v1.2.0
20-
golang.org/x/net v0.43.0
18+
go.yaml.in/yaml/v2 v2.4.3
19+
go.yaml.in/yaml/v3 v3.0.4
20+
golang.org/x/net v0.48.0
2121
gopkg.in/yaml.v2 v2.4.0
2222
gopkg.in/yaml.v3 v3.0.1
23-
k8s.io/apimachinery v0.33.3
23+
k8s.io/apimachinery v0.34.2
2424
sigs.k8s.io/yaml v1.6.0
2525
)
2626

@@ -29,86 +29,96 @@ require (
2929
github.com/andybalholm/brotli v1.2.0 // indirect
3030
github.com/beorn7/perks v1.0.1 // indirect
3131
github.com/cespare/xxhash/v2 v2.3.0 // indirect
32-
github.com/cloudflare/circl v1.6.1 // indirect
3332
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
34-
github.com/emicklei/go-restful/v3 v3.12.2 // indirect
33+
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect
34+
github.com/emicklei/go-restful/v3 v3.13.0 // indirect
3535
github.com/evanphx/json-patch/v5 v5.9.11 // indirect
3636
github.com/fsnotify/fsnotify v1.9.0 // indirect
37-
github.com/fxamacker/cbor/v2 v2.8.0 // indirect
37+
github.com/fxamacker/cbor/v2 v2.9.0 // indirect
3838
github.com/go-ini/ini v1.67.0 // indirect
3939
github.com/go-logr/logr v1.4.3 // indirect
4040
github.com/go-logr/stdr v1.2.2 // indirect
41-
github.com/go-openapi/jsonpointer v0.21.1 // indirect
42-
github.com/go-openapi/jsonreference v0.21.0 // indirect
43-
github.com/go-openapi/swag v0.23.1 // indirect
41+
github.com/go-openapi/jsonpointer v0.22.4 // indirect
42+
github.com/go-openapi/jsonreference v0.21.4 // indirect
43+
github.com/go-openapi/swag v0.25.4 // indirect
44+
github.com/go-openapi/swag/cmdutils v0.25.4 // indirect
45+
github.com/go-openapi/swag/conv v0.25.4 // indirect
46+
github.com/go-openapi/swag/fileutils v0.25.4 // indirect
47+
github.com/go-openapi/swag/jsonname v0.25.4 // indirect
48+
github.com/go-openapi/swag/jsonutils v0.25.4 // indirect
49+
github.com/go-openapi/swag/loading v0.25.4 // indirect
50+
github.com/go-openapi/swag/mangling v0.25.4 // indirect
51+
github.com/go-openapi/swag/netutils v0.25.4 // indirect
52+
github.com/go-openapi/swag/stringutils v0.25.4 // indirect
53+
github.com/go-openapi/swag/typeutils v0.25.4 // indirect
54+
github.com/go-openapi/swag/yamlutils v0.25.4 // indirect
4455
github.com/gobwas/glob v0.2.3 // indirect
56+
github.com/goccy/go-json v0.10.5 // indirect
4557
github.com/gogo/protobuf v1.3.2 // indirect
4658
github.com/google/btree v1.1.3 // indirect
47-
github.com/google/gnostic-models v0.7.0 // indirect
48-
github.com/google/pprof v0.0.0-20250125003558-7fdb3d7e6fa0 // indirect
59+
github.com/google/gnostic-models v0.7.1 // indirect
60+
github.com/google/go-querystring v1.1.0 // indirect
4961
github.com/google/uuid v1.6.0 // indirect
5062
github.com/hashicorp/errwrap v1.1.0 // indirect
5163
github.com/icholy/digest v1.1.0 // indirect
5264
github.com/inconshreveable/mousetrap v1.1.0 // indirect
53-
github.com/josharian/intern v1.0.0 // indirect
5465
github.com/json-iterator/go v1.1.12 // indirect
55-
github.com/klauspost/compress v1.18.0 // indirect
56-
github.com/mailru/easyjson v0.9.0 // indirect
66+
github.com/klauspost/compress v1.18.2 // indirect
67+
github.com/lestrrat-go/blackmagic v1.0.4 // indirect
68+
github.com/lestrrat-go/dsig v1.0.0 // indirect
69+
github.com/lestrrat-go/dsig-secp256k1 v1.0.0 // indirect
70+
github.com/lestrrat-go/httpcc v1.0.1 // indirect
71+
github.com/lestrrat-go/httprc/v3 v3.0.2 // indirect
72+
github.com/lestrrat-go/jwx/v3 v3.0.12 // indirect
73+
github.com/lestrrat-go/option/v2 v2.0.0 // indirect
5774
github.com/mattn/go-colorable v0.1.14 // indirect
5875
github.com/mattn/go-isatty v0.0.20 // indirect
5976
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
60-
github.com/modern-go/reflect2 v1.0.2 // indirect
77+
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
6178
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
62-
github.com/onsi/ginkgo/v2 v2.22.2 // indirect
63-
github.com/onsi/gomega v1.36.2 // indirect
64-
github.com/pkg/errors v0.9.1 // indirect
6579
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
66-
github.com/prometheus/client_golang v1.22.0 // indirect
80+
github.com/prometheus/client_golang v1.23.2 // indirect
6781
github.com/prometheus/client_model v0.6.2 // indirect
68-
github.com/prometheus/common v0.65.0 // indirect
69-
github.com/prometheus/procfs v0.17.0 // indirect
82+
github.com/prometheus/common v0.67.4 // indirect
83+
github.com/prometheus/procfs v0.19.2 // indirect
7084
github.com/quic-go/qpack v0.5.1 // indirect
71-
github.com/quic-go/quic-go v0.53.0 // indirect
85+
github.com/quic-go/quic-go v0.56.0 // indirect
7286
github.com/rcrowley/go-metrics v0.0.0-20250401214520-65e299d6c5c9 // indirect
73-
github.com/refraction-networking/utls v1.7.3 // indirect
74-
github.com/spf13/pflag v1.0.9 // indirect
87+
github.com/refraction-networking/utls v1.8.1 // indirect
88+
github.com/segmentio/asm v1.2.1 // indirect
89+
github.com/spf13/pflag v1.0.10 // indirect
7590
github.com/tchap/go-patricia/v2 v2.3.3 // indirect
76-
github.com/vektah/gqlparser/v2 v2.5.30 // indirect
91+
github.com/valyala/fastjson v1.6.4 // indirect
92+
github.com/vektah/gqlparser/v2 v2.5.31 // indirect
7793
github.com/x448/float16 v0.8.4 // indirect
7894
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
7995
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
8096
github.com/yashtewari/glob-intersection v0.2.0 // indirect
81-
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
82-
go.opentelemetry.io/otel v1.37.0 // indirect
83-
go.opentelemetry.io/otel/metric v1.37.0 // indirect
84-
go.opentelemetry.io/otel/sdk v1.37.0 // indirect
85-
go.opentelemetry.io/otel/trace v1.37.0 // indirect
86-
go.uber.org/mock v0.5.2 // indirect
87-
go.yaml.in/yaml/v2 v2.4.2 // indirect
88-
go.yaml.in/yaml/v3 v3.0.4 // indirect
89-
golang.org/x/crypto v0.41.0 // indirect
90-
golang.org/x/mod v0.26.0 // indirect
91-
golang.org/x/oauth2 v0.30.0 // indirect
92-
golang.org/x/sync v0.16.0 // indirect
93-
golang.org/x/sys v0.35.0 // indirect
94-
golang.org/x/term v0.34.0 // indirect
95-
golang.org/x/text v0.28.0 // indirect
96-
golang.org/x/time v0.12.0 // indirect
97-
golang.org/x/tools v0.35.0 // indirect
97+
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
98+
go.opentelemetry.io/otel v1.39.0 // indirect
99+
go.opentelemetry.io/otel/metric v1.39.0 // indirect
100+
go.opentelemetry.io/otel/sdk v1.39.0 // indirect
101+
go.opentelemetry.io/otel/trace v1.39.0 // indirect
102+
golang.org/x/crypto v0.46.0 // indirect
103+
golang.org/x/oauth2 v0.34.0 // indirect
104+
golang.org/x/sync v0.19.0 // indirect
105+
golang.org/x/sys v0.39.0 // indirect
106+
golang.org/x/term v0.38.0 // indirect
107+
golang.org/x/text v0.32.0 // indirect
108+
golang.org/x/time v0.14.0 // indirect
109+
golang.org/x/tools v0.40.0 // indirect
98110
gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
99-
google.golang.org/genproto/googleapis/api v0.0.0-20250715232539-7130f93afb79 // indirect
100-
google.golang.org/genproto/googleapis/rpc v0.0.0-20250715232539-7130f93afb79 // indirect
101-
google.golang.org/protobuf v1.36.6 // indirect
102-
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
111+
google.golang.org/protobuf v1.36.10 // indirect
112+
gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
103113
gopkg.in/inf.v0 v0.9.1 // indirect
104-
k8s.io/api v0.33.2 // indirect
105-
k8s.io/apiextensions-apiserver v0.33.2 // indirect
106-
k8s.io/client-go v0.33.2 // indirect
114+
k8s.io/api v0.34.2 // indirect
115+
k8s.io/apiextensions-apiserver v0.34.2 // indirect
116+
k8s.io/client-go v0.34.2 // indirect
107117
k8s.io/klog/v2 v2.130.1 // indirect
108-
k8s.io/kube-openapi v0.0.0-20250701173324-9bd5c66d9911 // indirect
109-
k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect
110-
sigs.k8s.io/controller-runtime v0.21.0 // indirect
111-
sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
118+
k8s.io/kube-openapi v0.0.0-20251125145642-4e65d59e963e // indirect
119+
k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect
120+
sigs.k8s.io/controller-runtime v0.22.4 // indirect
121+
sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect
112122
sigs.k8s.io/randfill v1.0.0 // indirect
113-
sigs.k8s.io/structured-merge-diff/v4 v4.7.0 // indirect
123+
sigs.k8s.io/structured-merge-diff/v6 v6.3.1 // indirect
114124
)

0 commit comments

Comments
 (0)