Bump docker/distribution to 2.8.2

k/k doesn't use much code from docker/distribution so this doesn't change anything that's actually relevant, but 2.8.1 is identified as affected by CVE-2022-28391 and CVE-2023-2253; bumping to 2.8.2 avoids k/k triggering scanners on those CVEs. Signed-off-by: Stephen Kitt <skitt@redhat.com> Kubernetes-commit: 3680a5230c386602ebc82700fe3031960d0479fd
2023-05-16 09:17:51 +02:00 · 2023-05-16 09:17:51 +02:00 · 6c612c392e
parent 718239a52a
commit 6c612c392e
2 changed files with 22 additions and 35 deletions
--- a/go.mod
+++ b/go.mod
@ -8,7 +8,7 @@ require (
 	github.com/MakeNowJust/heredoc v1.0.0
 	github.com/chai2010/gettext-go v1.0.2
 	github.com/daviddengcn/go-colortext v1.0.0
-	github.com/docker/distribution v2.8.1+incompatible
+	github.com/docker/distribution v2.8.2+incompatible
 	github.com/evanphx/json-patch v4.12.0+incompatible
 	github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d
 	github.com/fatih/camelcase v1.0.0
@ -19,7 +19,7 @@ require (
 	github.com/jonboulle/clockwork v0.2.2
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de
 	github.com/lithammer/dedent v1.1.0
-	github.com/mitchellh/go-wordwrap v1.0.1
+	github.com/mitchellh/go-wordwrap v1.0.0
 	github.com/moby/term v0.0.0-20221205130635-1aeaba878587
 	github.com/onsi/ginkgo/v2 v2.9.4
 	github.com/onsi/gomega v1.27.6
@ -30,15 +30,15 @@ require (
 	github.com/stretchr/testify v1.8.2
 	golang.org/x/sys v0.7.0
 	gopkg.in/yaml.v2 v2.4.0
-	k8s.io/api v0.0.0-20230515170019-2f9553831ec2
-	k8s.io/apimachinery v0.0.0-20230516005413-9d33220bdac3
-	k8s.io/cli-runtime v0.0.0-20230516015243-f38e29aced76
-	k8s.io/client-go v0.0.0-20230516011209-c2105c181594
-	k8s.io/component-base v0.0.0-20230516012726-18782b4b48a0
-	k8s.io/component-helpers v0.0.0-20230516012840-d17b6f1e8450
+	k8s.io/api v0.0.0
+	k8s.io/apimachinery v0.0.0
+	k8s.io/cli-runtime v0.0.0
+	k8s.io/client-go v0.0.0
+	k8s.io/component-base v0.0.0
+	k8s.io/component-helpers v0.0.0
 	k8s.io/klog/v2 v2.100.1
 	k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5
-	k8s.io/metrics v0.0.0-20230516014900-0923edd7c939
+	k8s.io/metrics v0.0.0
 	k8s.io/utils v0.0.0-20230406110748-d93618cff8a2
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd
 	sigs.k8s.io/kustomize/kustomize/v5 v5.0.1
@ -94,12 +94,13 @@ require (
 )

 replace (
-	k8s.io/api => k8s.io/api v0.0.0-20230515170019-2f9553831ec2
-	k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20230516005413-9d33220bdac3
-	k8s.io/cli-runtime => k8s.io/cli-runtime v0.0.0-20230516015243-f38e29aced76
-	k8s.io/client-go => k8s.io/client-go v0.0.0-20230516011209-c2105c181594
-	k8s.io/code-generator => k8s.io/code-generator v0.0.0-20230516005052-932443cff55e
-	k8s.io/component-base => k8s.io/component-base v0.0.0-20230516012726-18782b4b48a0
-	k8s.io/component-helpers => k8s.io/component-helpers v0.0.0-20230516012840-d17b6f1e8450
-	k8s.io/metrics => k8s.io/metrics v0.0.0-20230516014900-0923edd7c939
+	k8s.io/api => ../api
+	k8s.io/apimachinery => ../apimachinery
+	k8s.io/cli-runtime => ../cli-runtime
+	k8s.io/client-go => ../client-go
+	k8s.io/code-generator => ../code-generator
+	k8s.io/component-base => ../component-base
+	k8s.io/component-helpers => ../component-helpers
+	k8s.io/kubectl => ../kubectl
+	k8s.io/metrics => ../metrics
 )
--- a/go.sum
+++ b/go.sum
@ -54,8 +54,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/daviddengcn/go-colortext v1.0.0 h1:ANqDyC0ys6qCSvuEK7l3g5RaehL/Xck9EX8ATG8oKsE=
 github.com/daviddengcn/go-colortext v1.0.0/go.mod h1:zDqEI5NVUop5QPpVJUxE9UO10hRnmkD5G4Pmri9+m4c=
-github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
-github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
+github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
 github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE=
 github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
@ -194,8 +194,8 @@ github.com/lithammer/dedent v1.1.0 h1:VNzHMVCBNG1j0fh3OrsFRkVUwStdDArbgBWoPAffkt
 github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
-github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
+github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4=
+github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
 github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=
 github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
 github.com/moby/term v0.0.0-20221205130635-1aeaba878587 h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA=
@ -541,24 +541,10 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.0.0-20230515170019-2f9553831ec2 h1:ZHyoWIXElhnLI03GkOsebYT1uqYowGjuVCbxBqcjjGw=
-k8s.io/api v0.0.0-20230515170019-2f9553831ec2/go.mod h1:qZNz3vKcyZb5wFaBlHqUjHk7D5XhIaXu/d/df6PjNKk=
-k8s.io/apimachinery v0.0.0-20230516005413-9d33220bdac3 h1:y8ZaORaq511hX1RbGJS8AFR5UdxeW+/nJYZVqTWG8TY=
-k8s.io/apimachinery v0.0.0-20230516005413-9d33220bdac3/go.mod h1:duqOQ9WfGiD/x7zVH/k6rR0s2h9fq5UwPoY53R7iLQ4=
-k8s.io/cli-runtime v0.0.0-20230516015243-f38e29aced76 h1:t5yJPXwlW333I7Zqm7+lGkggCAJk+ZvxDor/Q3LP60A=
-k8s.io/cli-runtime v0.0.0-20230516015243-f38e29aced76/go.mod h1:tPW8jZfHb57JNbu3+ObHFv9PBr0edMvL+yDUTNMOicE=
-k8s.io/client-go v0.0.0-20230516011209-c2105c181594 h1:jLC3LaqJFz9sqcj+Dx5fyzYhVucZSsCHvqGnFzf5jkk=
-k8s.io/client-go v0.0.0-20230516011209-c2105c181594/go.mod h1:ReQGPEgsIQVSIWjDq5Bx5/PiwYURMeAWHpqWeeMM4ck=
-k8s.io/component-base v0.0.0-20230516012726-18782b4b48a0 h1:vfl3DlJYl4j3X/naJv7zGmLNoqRjoq+Ll4UyovTumjk=
-k8s.io/component-base v0.0.0-20230516012726-18782b4b48a0/go.mod h1:iqdRj+rbQGbWk3G4Ivk0LBLaa6wlzESfW4zCY27YH0o=
-k8s.io/component-helpers v0.0.0-20230516012840-d17b6f1e8450 h1:DyovwvsM2754OfmI9L56DuFS4vHN8BMTUxPWVCpzt2U=
-k8s.io/component-helpers v0.0.0-20230516012840-d17b6f1e8450/go.mod h1:5vs3p1HLw+OLrzoiXwwq/VUYvnTrp7Ooh6DBRtg0xVA=
 k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
 k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5 h1:azYPdzztXxPSa8wb+hksEKayiz0o+PPisO/d+QhWnoo=
 k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5/go.mod h1:kzo02I3kQ4BTtEfVLaPbjvCkX97YqGve33wzlb3fofQ=
-k8s.io/metrics v0.0.0-20230516014900-0923edd7c939 h1:8pd8cAeub+tr6rP+Jbp57i4GmyBuCrM921Aw8M0+j3A=
-k8s.io/metrics v0.0.0-20230516014900-0923edd7c939/go.mod h1:jh82u/5Ze3tg5liN2v6oB8YoXT4qKSXJ/TgINLZAq4c=
 k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk=
 k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=