Skip to content

Commit 8aeeec1

Browse files
pskrbasupskrbasu
authored
Merge branch 'v2.2.x' into develop (#650)
2 parents 07dfe04 + 2cca84f commit 8aeeec1

4 files changed

Lines changed: 115 additions & 110 deletions

File tree

CHANGELOG.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,9 @@
1+
## v2.2.2 [2026-03-31]
2+
_Dependencies_
3+
- Upgrade `google.golang.org/grpc` to `v1.79.3` to address `CVE-2026-33186`.
4+
- Upgrade `go.opentelemetry.io/otel/sdk` to `v1.40.0` to address `CVE-2026-24051`.
5+
- Upgrade `github.com/go-git/go-git/v5` to `v5.17.1` to address `CVE-2026-34165` and `CVE-2026-33762`.
6+
17
## v2.2.1 [2026-03-30]
28
_Dependencies_
39
- Update Go version to `1.26.1` to address vulnerability in `1.26`.

go.mod

Lines changed: 34 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -9,28 +9,28 @@ require (
99
github.com/hashicorp/go-version v1.7.0 // indirect
1010
github.com/turbot/go-kit v1.3.0
1111
github.com/turbot/steampipe-plugin-sdk/v5 v5.14.0
12-
go.opentelemetry.io/otel v1.35.0
13-
google.golang.org/protobuf v1.36.6
12+
go.opentelemetry.io/otel v1.40.0
13+
google.golang.org/protobuf v1.36.10
1414
)
1515

1616
require (
1717
github.com/Masterminds/semver/v3 v3.4.0
1818
github.com/turbot/pipe-fittings/v2 v2.7.0
1919
github.com/turbot/steampipe/v2 v2.2.0-rc.0
20-
go.opentelemetry.io/otel/metric v1.35.0
20+
go.opentelemetry.io/otel/metric v1.40.0
2121
)
2222

2323
require (
24-
cel.dev/expr v0.23.0 // indirect
24+
cel.dev/expr v0.25.1 // indirect
2525
cloud.google.com/go v0.120.0 // indirect
2626
cloud.google.com/go/auth v0.15.0 // indirect
2727
cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect
28-
cloud.google.com/go/compute/metadata v0.6.0 // indirect
28+
cloud.google.com/go/compute/metadata v0.9.0 // indirect
2929
cloud.google.com/go/iam v1.4.2 // indirect
3030
cloud.google.com/go/monitoring v1.24.0 // indirect
3131
cloud.google.com/go/storage v1.51.0 // indirect
3232
github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect
33-
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.27.0 // indirect
33+
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.30.0 // indirect
3434
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.51.0 // indirect
3535
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.51.0 // indirect
3636
github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
@@ -50,22 +50,22 @@ require (
5050
github.com/aws/smithy-go v1.22.3 // indirect
5151
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
5252
github.com/briandowns/spinner v1.23.2 // indirect
53-
github.com/cncf/xds/go v0.0.0-20250326154945-ae57f3c0d45f // indirect
53+
github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 // indirect
5454
github.com/containerd/errdefs v1.0.0 // indirect
5555
github.com/containerd/log v0.1.0 // indirect
5656
github.com/containerd/platforms v0.2.1 // indirect
5757
github.com/cyphar/filepath-securejoin v0.4.1 // indirect
5858
github.com/eko/gocache/lib/v4 v4.2.0 // indirect
5959
github.com/eko/gocache/store/bigcache/v4 v4.2.2 // indirect
6060
github.com/eko/gocache/store/ristretto/v4 v4.2.2 // indirect
61-
github.com/envoyproxy/go-control-plane/envoy v1.32.4 // indirect
62-
github.com/envoyproxy/protoc-gen-validate v1.2.1 // indirect
61+
github.com/envoyproxy/go-control-plane/envoy v1.36.0 // indirect
62+
github.com/envoyproxy/protoc-gen-validate v1.3.0 // indirect
6363
github.com/felixge/httpsnoop v1.0.4 // indirect
6464
github.com/gabriel-vasile/mimetype v1.4.8 // indirect
6565
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
66-
github.com/go-git/go-billy/v5 v5.6.2 // indirect
67-
github.com/go-git/go-git/v5 v5.16.5 // indirect
68-
github.com/go-jose/go-jose/v4 v4.0.5 // indirect
66+
github.com/go-git/go-billy/v5 v5.8.0 // indirect
67+
github.com/go-git/go-git/v5 v5.17.1 // indirect
68+
github.com/go-jose/go-jose/v4 v4.1.3 // indirect
6969
github.com/go-playground/locales v0.14.1 // indirect
7070
github.com/go-playground/universal-translator v0.18.1 // indirect
7171
github.com/go-playground/validator/v10 v10.25.0 // indirect
@@ -97,25 +97,24 @@ require (
9797
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
9898
github.com/sourcegraph/conc v0.3.0 // indirect
9999
github.com/spf13/cobra v1.9.1 // indirect
100-
github.com/spiffe/go-spiffe/v2 v2.5.0 // indirect
100+
github.com/spiffe/go-spiffe/v2 v2.6.0 // indirect
101101
github.com/thediveo/enumflag/v2 v2.0.7 // indirect
102102
github.com/turbot/pipes-sdk-go v0.12.1 // indirect
103103
github.com/turbot/terraform-components v0.0.0-20250114051614-04b806a9cbed // indirect
104104
github.com/ulikunitz/xz v0.5.15 // indirect
105-
github.com/zeebo/errs v1.4.0 // indirect
106-
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
107-
go.opentelemetry.io/contrib/detectors/gcp v1.35.0 // indirect
105+
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
106+
go.opentelemetry.io/contrib/detectors/gcp v1.39.0 // indirect
108107
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 // indirect
109108
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect
110109
go.uber.org/mock v0.4.0 // indirect
111110
go.uber.org/multierr v1.11.0 // indirect
112-
golang.org/x/mod v0.29.0 // indirect
113-
golang.org/x/term v0.37.0 // indirect
111+
golang.org/x/mod v0.30.0 // indirect
112+
golang.org/x/term v0.38.0 // indirect
114113
golang.org/x/time v0.12.0 // indirect
115-
golang.org/x/tools v0.38.0 // indirect
114+
golang.org/x/tools v0.39.0 // indirect
116115
google.golang.org/api v0.227.0 // indirect
117-
google.golang.org/genproto/googleapis/api v0.0.0-20250324211829-b45e905df463 // indirect
118-
google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463 // indirect
116+
google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 // indirect
117+
google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect
119118
gopkg.in/warnings.v0 v0.1.2 // indirect
120119
oras.land/oras-go/v2 v2.5.0 // indirect
121120
sigs.k8s.io/yaml v1.4.0 // indirect
@@ -139,13 +138,13 @@ require (
139138
github.com/fsnotify/fsnotify v1.9.0 // indirect
140139
github.com/gertd/go-pluralize v0.2.1
141140
github.com/ghodss/yaml v1.0.0 // indirect
142-
github.com/go-logr/logr v1.4.2 // indirect
141+
github.com/go-logr/logr v1.4.3 // indirect
143142
github.com/go-logr/stdr v1.2.2 // indirect
144143
github.com/go-ole/go-ole v1.3.0 // indirect
145144
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
146145
github.com/google/go-cmp v0.7.0 // indirect
147146
github.com/google/uuid v1.6.0 // indirect
148-
github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 // indirect
147+
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.1 // indirect
149148
github.com/hashicorp/errwrap v1.1.0 // indirect
150149
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
151150
github.com/hashicorp/go-multierror v1.1.1 // indirect
@@ -176,7 +175,7 @@ require (
176175
github.com/pelletier/go-toml/v2 v2.2.3 // indirect
177176
github.com/pkg/errors v0.9.1 // indirect
178177
github.com/prometheus/client_golang v1.21.1 // indirect
179-
github.com/prometheus/client_model v0.6.1 // indirect
178+
github.com/prometheus/client_model v0.6.2 // indirect
180179
github.com/prometheus/common v0.63.0 // indirect
181180
github.com/prometheus/procfs v0.16.0 // indirect
182181
github.com/rivo/uniseg v0.4.7 // indirect
@@ -200,19 +199,19 @@ require (
200199
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.35.0 // indirect
201200
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 // indirect
202201
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0 // indirect
203-
go.opentelemetry.io/otel/sdk v1.35.0
204-
go.opentelemetry.io/otel/sdk/metric v1.35.0 // indirect
205-
go.opentelemetry.io/otel/trace v1.35.0
206-
go.opentelemetry.io/proto/otlp v1.5.0 // indirect
207-
golang.org/x/crypto v0.45.0 // indirect
202+
go.opentelemetry.io/otel/sdk v1.40.0
203+
go.opentelemetry.io/otel/sdk/metric v1.40.0 // indirect
204+
go.opentelemetry.io/otel/trace v1.40.0
205+
go.opentelemetry.io/proto/otlp v1.7.1 // indirect
206+
golang.org/x/crypto v0.46.0 // indirect
208207
golang.org/x/exp v0.0.0-20250305212735-054e65f0b394
209-
golang.org/x/net v0.47.0 // indirect
210-
golang.org/x/oauth2 v0.30.0 // indirect
211-
golang.org/x/sync v0.18.0 // indirect
212-
golang.org/x/sys v0.38.0 // indirect
213-
golang.org/x/text v0.31.0 // indirect
208+
golang.org/x/net v0.48.0 // indirect
209+
golang.org/x/oauth2 v0.34.0 // indirect
210+
golang.org/x/sync v0.19.0 // indirect
211+
golang.org/x/sys v0.40.0 // indirect
212+
golang.org/x/text v0.32.0 // indirect
214213
google.golang.org/genproto v0.0.0-20250313205543-e70fdf4c4cb4 // indirect
215-
google.golang.org/grpc v1.73.0 // indirect
214+
google.golang.org/grpc v1.79.3 // indirect
216215
gopkg.in/yaml.v2 v2.4.0 // indirect
217216
gopkg.in/yaml.v3 v3.0.1 // indirect
218217
)

0 commit comments

Comments
 (0)