Skip to content

Commit 39187f9

Browse files
committed
updating fulcio to address CVE-2025-66506
Signed-off-by: Adam D. Cornett <adc@redhat.com>
1 parent 857f4c2 commit 39187f9

2 files changed

Lines changed: 106 additions & 102 deletions

File tree

go.mod

Lines changed: 32 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,7 @@ require (
6464
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
6565
github.com/beorn7/perks v1.0.1 // indirect
6666
github.com/bshuster-repo/logrus-logstash-hook v1.0.0 // indirect
67-
github.com/cenkalti/backoff/v5 v5.0.2 // indirect
67+
github.com/cenkalti/backoff/v5 v5.0.3 // indirect
6868
github.com/cespare/xxhash/v2 v2.3.0 // indirect
6969
github.com/chai2010/gettext-go v1.0.2 // indirect
7070
github.com/containerd/cgroups/v3 v3.0.5 // indirect
@@ -75,7 +75,7 @@ require (
7575
github.com/containerd/errdefs/pkg v0.3.0 // indirect
7676
github.com/containerd/log v0.1.0 // indirect
7777
github.com/containerd/platforms v0.2.1 // indirect
78-
github.com/containerd/stargz-snapshotter/estargz v0.17.0 // indirect
78+
github.com/containerd/stargz-snapshotter/estargz v0.18.1 // indirect
7979
github.com/containerd/ttrpc v1.2.7 // indirect
8080
github.com/containerd/typeurl/v2 v2.2.3 // indirect
8181
github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect
@@ -90,7 +90,7 @@ require (
9090
github.com/distribution/reference v0.6.0 // indirect
9191
github.com/docker/cli v29.2.0+incompatible // indirect
9292
github.com/docker/distribution v2.8.3+incompatible // indirect
93-
github.com/docker/docker v28.3.3+incompatible // indirect
93+
github.com/docker/docker v28.5.2+incompatible // indirect
9494
github.com/docker/docker-credential-helpers v0.9.3 // indirect
9595
github.com/docker/go-connections v0.6.0 // indirect
9696
github.com/docker/go-events v0.0.0-20250114142523-c867878c5e32 // indirect
@@ -109,12 +109,13 @@ require (
109109
github.com/go-git/go-billy/v5 v5.6.2 // indirect
110110
github.com/go-git/go-git/v5 v5.16.5 // indirect
111111
github.com/go-gorp/gorp/v3 v3.1.0 // indirect
112-
github.com/go-jose/go-jose/v4 v4.1.1 // indirect
112+
github.com/go-jose/go-jose/v4 v4.1.3 // indirect
113113
github.com/go-logr/stdr v1.2.2 // indirect
114114
github.com/go-logr/zapr v1.3.0 // indirect
115115
github.com/go-openapi/jsonpointer v0.21.1 // indirect
116116
github.com/go-openapi/jsonreference v0.21.0 // indirect
117117
github.com/go-openapi/swag v0.23.1 // indirect
118+
github.com/go-sql-driver/mysql v1.9.2 // indirect
118119
github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
119120
github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
120121
github.com/gobuffalo/envy v1.6.5 // indirect
@@ -123,12 +124,13 @@ require (
123124
github.com/gogo/protobuf v1.3.2 // indirect
124125
github.com/golang-migrate/migrate/v4 v4.19.0 // indirect
125126
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
127+
github.com/golang/mock v1.7.0-rc.1 // indirect
126128
github.com/golang/protobuf v1.5.4 // indirect
127129
github.com/google/btree v1.1.3 // indirect
128130
github.com/google/cel-go v0.26.0 // indirect
129131
github.com/google/gnostic-models v0.6.9 // indirect
130132
github.com/google/go-cmp v0.7.0 // indirect
131-
github.com/google/go-containerregistry v0.20.6 // indirect
133+
github.com/google/go-containerregistry v0.20.7 // indirect
132134
github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 // indirect
133135
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
134136
github.com/google/uuid v1.6.0 // indirect
@@ -137,7 +139,7 @@ require (
137139
github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
138140
github.com/gosuri/uitable v0.0.4 // indirect
139141
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
140-
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.0 // indirect
142+
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.4 // indirect
141143
github.com/h2non/filetype v1.1.3 // indirect
142144
github.com/h2non/go-is-svg v0.0.0-20160927212452-35e8c4b0612c // indirect
143145
github.com/hashicorp/errwrap v1.1.0 // indirect
@@ -152,18 +154,18 @@ require (
152154
github.com/joho/godotenv v1.3.0 // indirect
153155
github.com/josharian/intern v1.0.0 // indirect
154156
github.com/json-iterator/go v1.1.12 // indirect
155-
github.com/klauspost/compress v1.18.0 // indirect
157+
github.com/klauspost/compress v1.18.1 // indirect
156158
github.com/klauspost/pgzip v1.2.6 // indirect
157159
github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
158160
github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
159-
github.com/letsencrypt/boulder v0.0.0-20250624003606-5ddd5acf990d // indirect
160161
github.com/lib/pq v1.10.9 // indirect
161162
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
162163
github.com/mailru/easyjson v0.9.0 // indirect
163-
github.com/mattn/go-colorable v0.1.13 // indirect
164+
github.com/mattn/go-colorable v0.1.14 // indirect
164165
github.com/mattn/go-isatty v0.0.20 // indirect
165166
github.com/mattn/go-runewidth v0.0.16 // indirect
166167
github.com/mattn/go-sqlite3 v1.14.32 // indirect
168+
github.com/miekg/dns v1.1.61 // indirect
167169
github.com/miekg/pkcs11 v1.1.1 // indirect
168170
github.com/mitchellh/copystructure v1.2.0 // indirect
169171
github.com/mitchellh/go-homedir v1.1.0 // indirect
@@ -182,6 +184,7 @@ require (
182184
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
183185
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
184186
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
187+
github.com/nxadm/tail v1.4.11 // indirect
185188
github.com/opencontainers/go-digest v1.0.0 // indirect
186189
github.com/opencontainers/image-spec v1.1.1 // indirect
187190
github.com/opencontainers/runtime-spec v1.2.1 // indirect
@@ -194,7 +197,7 @@ require (
194197
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
195198
github.com/proglottis/gpgme v0.1.5 // indirect
196199
github.com/prometheus/client_model v0.6.2 // indirect
197-
github.com/prometheus/common v0.66.1 // indirect
200+
github.com/prometheus/common v0.67.5 // indirect
198201
github.com/prometheus/procfs v0.16.1 // indirect
199202
github.com/redis/go-redis/extra/rediscmd/v9 v9.10.0 // indirect
200203
github.com/redis/go-redis/extra/redisotel/v9 v9.10.0 // indirect
@@ -206,34 +209,35 @@ require (
206209
github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 // indirect
207210
github.com/secure-systems-lab/go-securesystemslib v0.9.1 // indirect
208211
github.com/shopspring/decimal v1.4.0 // indirect
209-
github.com/sigstore/fulcio v1.7.1 // indirect
210-
github.com/sigstore/protobuf-specs v0.4.3 // indirect
211-
github.com/sigstore/sigstore v1.9.5 // indirect
212+
github.com/sigstore/fulcio v1.8.5 // indirect
213+
github.com/sigstore/protobuf-specs v0.5.0 // indirect
214+
github.com/sigstore/sigstore v1.10.3 // indirect
212215
github.com/smallstep/pkcs7 v0.2.1 // indirect
213216
github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 // indirect
214217
github.com/spf13/cast v1.10.0 // indirect
215218
github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 // indirect
216219
github.com/stoewer/go-strcase v1.3.1 // indirect
217220
github.com/subosito/gotenv v1.6.0 // indirect
218-
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
219221
github.com/ulikunitz/xz v0.5.15 // indirect
220-
github.com/vbatts/tar-split v0.12.1 // indirect
222+
github.com/vbatts/tar-split v0.12.2 // indirect
221223
github.com/vbauerster/mpb/v8 v8.10.2 // indirect
222224
github.com/x448/float16 v0.8.4 // indirect
223225
github.com/xlab/treeprint v1.2.0 // indirect
224226
go.etcd.io/bbolt v1.4.3 // indirect
227+
go.etcd.io/etcd/client/pkg/v3 v3.6.0 // indirect
228+
go.etcd.io/etcd/client/v3 v3.6.0 // indirect
225229
go.opencensus.io v0.24.0 // indirect
226230
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
227231
go.opentelemetry.io/contrib/bridges/prometheus v0.61.0 // indirect
228232
go.opentelemetry.io/contrib/exporters/autoexport v0.61.0 // indirect
229-
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
233+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 // indirect
230234
go.opentelemetry.io/otel v1.40.0 // indirect
231235
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.12.2 // indirect
232236
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.12.2 // indirect
233237
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.36.0 // indirect
234238
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.36.0 // indirect
235-
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.36.0 // indirect
236-
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0 // indirect
239+
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 // indirect
240+
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0 // indirect
237241
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.36.0 // indirect
238242
go.opentelemetry.io/otel/exporters/prometheus v0.58.0 // indirect
239243
go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.12.2 // indirect
@@ -245,30 +249,30 @@ require (
245249
go.opentelemetry.io/otel/sdk/log v0.12.2 // indirect
246250
go.opentelemetry.io/otel/sdk/metric v1.40.0 // indirect
247251
go.opentelemetry.io/otel/trace v1.40.0 // indirect
248-
go.opentelemetry.io/proto/otlp v1.7.0 // indirect
252+
go.opentelemetry.io/proto/otlp v1.7.1 // indirect
249253
go.podman.io/common v0.65.0 // indirect
250254
go.podman.io/image/v5 v5.37.0 // indirect
251255
go.podman.io/storage v1.60.0 // indirect
252256
go.uber.org/multierr v1.11.0 // indirect
253-
go.uber.org/zap v1.27.0 // indirect
254-
go.yaml.in/yaml/v2 v2.4.2 // indirect
257+
go.uber.org/zap v1.27.1 // indirect
258+
go.yaml.in/yaml/v2 v2.4.3 // indirect
255259
go.yaml.in/yaml/v3 v3.0.4 // indirect
256260
golang.org/x/crypto v0.47.0 // indirect
257261
golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect
258262
golang.org/x/net v0.49.0 // indirect
259-
golang.org/x/oauth2 v0.30.0 // indirect
263+
golang.org/x/oauth2 v0.34.0 // indirect
260264
golang.org/x/sync v0.19.0 // indirect
261265
golang.org/x/sys v0.40.0 // indirect
262266
golang.org/x/term v0.39.0 // indirect
263-
golang.org/x/time v0.12.0 // indirect
267+
golang.org/x/time v0.14.0 // indirect
264268
golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated // indirect
265269
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
266270
gomodules.xyz/orderedmap v0.1.0 // indirect
267-
google.golang.org/genproto v0.0.0-20250603155806-513f23925822 // indirect
268-
google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7 // indirect
269-
google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 // indirect
270-
google.golang.org/grpc v1.75.1 // indirect
271-
google.golang.org/protobuf v1.36.9 // indirect
271+
google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217 // indirect
272+
google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b // indirect
273+
google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b // indirect
274+
google.golang.org/grpc v1.78.0 // indirect
275+
google.golang.org/protobuf v1.36.11 // indirect
272276
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
273277
gopkg.in/inf.v0 v0.9.1 // indirect
274278
gopkg.in/warnings.v0 v0.1.2 // indirect

0 commit comments

Comments
 (0)