github/sample-controller
3
0
Fork 0
mirror of https://github.com/kubernetes/sample-controller.git synced 2026-06-07 00:05:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update security and stability dependencies

Browse Source 
This PR updates several dependencies addressing security vulnerabilities,
stability fixes, and authentication improvements.

- golang.org/x/crypto: v0.46.0 -> v0.47.0
  - Includes latest X509 root certificate bundle updates
  - Security hardening for cryptographic operations
  - Foundation dependency for TLS and authentication

- github.com/golang-jwt/jwt/v5: v5.2.2 -> v5.3.0
  - IMPORTANT: v5.2.2 patched vulnerability GHSA-mh63-6h87-95cp (token
    validation security issue) - this update ensures we have the fix
  - Adds multiple audience validation support for JWT tokens
  - Go 1.21 minimum requirement (code modernization)
  - Replaced legacy interface{} with modern any keyword

- golang.org/x/net: v0.48.0 -> v0.49.0
  - HTTP/2 priority scheduler improvements (RFC 9218)
  - WebSocket security enhancements
  - Network layer stability fixes

- go.uber.org/zap: v1.27.0 -> v1.27.1
  - Fix: Prevent Object from panicking on nils (PR #1501)
  - Fix: Race condition in WithLazy (PR #1511)
  - Both fixes improve logging stability in concurrent scenarios

- github.com/godbus/dbus/v5: v5.2.0 -> v5.2.2
  - Security: Disabled SHA1 authentication by default on non-Windows
    platforms (v5.2.0 change now inherited)
  - Performance: Multiple optimizations reducing memory allocations
  - Fix: Alignment issues in decoder operations
  - Fix: Allow more than 32 containers/struct fields in a signature

Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 5b478645cdb3be5ed92a21d2f7b417b6328cfa6e
This commit is contained in:
Davanum Srinivas
2026-01-13 23:08:03 -05:00
committed by Kubernetes Publisher
parent 16cd5dbcd7
commit 5594bf5680
2 changed files with 27 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
go.mod
+12 -5
View File
@@ -8,10 +8,10 @@ godebug default=go1.25
require (
golang.org/x/time v0.14.0
k8s.io/api v0.0.0-20260114012703-c51ea733cfc5
k8s.io/apimachinery v0.0.0-20260114012332-8931c298fc6d
k8s.io/client-go v0.0.0-20260114013155-d8ad3ab106f8
k8s.io/code-generator v0.0.0-20260114014133-fc4f68490f35
k8s.io/api v0.0.0
k8s.io/apimachinery v0.0.0
k8s.io/client-go v0.0.0
k8s.io/code-generator v0.0.0
k8s.io/klog/v2 v2.130.1
k8s.io/utils v0.0.0-20251219084037-98d557b7f1e7
)
@@ -38,7 +38,7 @@ require (
go.yaml.in/yaml/v2 v2.4.3 // indirect
go.yaml.in/yaml/v3 v3.0.4 // indirect
golang.org/x/mod v0.32.0 // indirect
golang.org/x/net v0.48.0 // indirect
golang.org/x/net v0.49.0 // indirect
golang.org/x/oauth2 v0.34.0 // indirect
golang.org/x/sync v0.19.0 // indirect
golang.org/x/sys v0.40.0 // indirect
@@ -56,3 +56,10 @@ require (
sigs.k8s.io/structured-merge-diff/v6 v6.3.1 // indirect
sigs.k8s.io/yaml v1.6.0 // indirect
)
replace (
k8s.io/api => ../api
k8s.io/apimachinery => ../apimachinery
k8s.io/client-go => ../client-go
k8s.io/code-generator => ../code-generator
)