fix(cve): resolve cve's in slash (#8760)

Similar to #8743 but two changes. - github.com/dgraph-io/graphql-transport-ws did not have any CVE's, see #8624: - Bumping google.golang.org/[email protected] to v1.52.0 caused issues, but this was not a CVE fix. See #8655 We now have parity with main branch (i.e. equal number and same CVE's on main and slash). --------- Co-authored-by: skrdgraph <[email protected]>
hypermodeinc · Mar 17, 2023 · 4a03c14 · 4a03c14
1 parent 19f71a7
commit 4a03c14
Show file tree

Hide file tree

Showing 3 changed files with 167 additions and 58 deletions.
diff --git a/.github/workflows/ci-aqua-security-trivy-tests.yml b/.github/workflows/ci-aqua-security-trivy-tests.yml
@@ -3,7 +3,7 @@ on:
   push:
     branches:
       - main
-#      - release/*
+      - release/*
   pull_request:
     types:
       - opened
@@ -12,7 +12,7 @@ on:
       - ready_for_review
     branches:
       - main
-#      - release/*
+      - release/*
   schedule:
     - cron: "0 * * * *"
 jobs:

diff --git a/go.mod b/go.mod
@@ -11,7 +11,9 @@ require (
 	github.com/Microsoft/go-winio v0.4.15 // indirect
 	github.com/OneOfOne/xxhash v1.2.5 // indirect
 	github.com/Shopify/sarama v1.27.2
+	github.com/apache/thrift v0.13.0 // indirect
 	github.com/blevesearch/bleve v1.0.13
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd
 	github.com/dgraph-io/badger/v3 v3.0.0-20211108050342-6ed45ae41e5a
 	github.com/dgraph-io/dgo/v210 v210.0.0-20210407152819-261d1c2a6987
@@ -31,44 +33,54 @@ require (
 	github.com/go-sql-driver/mysql v0.0.0-20190330032241-c0f6b444ad8f
 	github.com/gogo/protobuf v1.3.2
 	github.com/golang/geo v0.0.0-20170810003146-31fb0106dc4a
-	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
+	github.com/golang/glog v1.0.0
+	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
 	github.com/golang/protobuf v1.5.2
 	github.com/golang/snappy v0.0.3
 	github.com/google/codesearch v1.0.0
-	github.com/google/go-cmp v0.5.5
-	github.com/google/uuid v1.0.0
+	github.com/google/go-cmp v0.5.9
+	github.com/google/uuid v1.3.0
 	github.com/gorilla/websocket v1.4.2
-	github.com/graph-gophers/graphql-go v0.0.0-20200309224638-dae41bde9ef9
+	github.com/graph-gophers/graphql-go v1.3.0
 	github.com/hashicorp/vault/api v1.0.4
+	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/minio/minio-go/v6 v6.0.55
 	github.com/mitchellh/panicwrap v1.0.0
 	github.com/paulmach/go.geojson v0.0.0-20170327170536-40612a87147b
 	github.com/pierrec/lz4 v2.6.0+incompatible // indirect
 	github.com/pkg/errors v0.9.1
 	github.com/pkg/profile v1.2.1
-	github.com/prometheus/client_golang v0.9.3
-	github.com/prometheus/common v0.4.1 // indirect
-	github.com/prometheus/procfs v0.0.0-20190517135640-51af30a78b0e // indirect
+	github.com/prometheus/client_golang v1.11.1
+	github.com/prometheus/client_model v0.3.0 // indirect
+	github.com/prometheus/procfs v0.8.0 // indirect
 	github.com/soheilhy/cmux v0.1.4
+	github.com/spf13/afero v1.6.0 // indirect
 	github.com/spf13/cast v1.3.0
 	github.com/spf13/cobra v0.0.5
 	github.com/spf13/pflag v1.0.3
 	github.com/spf13/viper v1.7.1
-	github.com/stretchr/testify v1.6.1
+	github.com/stretchr/testify v1.8.1
 	github.com/twpayne/go-geom v1.0.5
 	github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c
-	go.etcd.io/etcd v0.0.0-20190228193606-a943ad0ee4c9
+	go.etcd.io/etcd v0.5.0-alpha.5.0.20190108173120-83c051b701d3
 	go.opencensus.io v0.22.5
 	go.uber.org/zap v1.16.0
-	golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a
-	golang.org/x/net v0.0.0-20201021035429-f5854403a974
-	golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9
-	golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c
-	golang.org/x/text v0.3.3
-	golang.org/x/tools v0.0.0-20210106214847-113979e3529a
+	golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b
+	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect
+	golang.org/x/net v0.7.0
+	golang.org/x/sync v0.1.0
+	golang.org/x/sys v0.5.0
+	golang.org/x/text v0.7.0
+	golang.org/x/time v0.1.0 // indirect
+	golang.org/x/tools v0.3.0
+	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
+	google.golang.org/api v0.22.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/grpc v1.27.0
+	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/DataDog/dd-trace-go.v1 v1.13.1 // indirect
 	gopkg.in/square/go-jose.v2 v2.3.1
-	gopkg.in/yaml.v2 v2.2.4
+	gopkg.in/yaml.v2 v2.4.0
+	honnef.co/go/tools v0.0.1-2020.1.4 // indirect
 	src.techknowlogick.com/xgo v1.4.1-0.20210311222705-d25c33fcd864
 )