glog upgrade fix for CVE GO-2025-3372

Signed-off-by: Daniel Dowler <[email protected]>
opendatahub-io · Feb 11, 2025 · 4dc6adb · 4dc6adb
1 parent bc2ec56
commit 4dc6adb
Show file tree

Hide file tree

Showing 9 changed files with 242 additions and 99 deletions.
diff --git a/backend/third_party_licenses/apiserver.csv b/backend/third_party_licenses/apiserver.csv
@@ -42,10 +42,10 @@ github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.22.6/LICEN
 github.com/go-sql-driver/mysql,https://github.com/go-sql-driver/mysql/blob/v1.7.1/LICENSE,MPL-2.0
 github.com/go-stack/stack,https://github.com/go-stack/stack/blob/v1.8.0/LICENSE.md,MIT
 github.com/gogo/protobuf,https://github.com/gogo/protobuf/blob/v1.3.2/LICENSE,BSD-3-Clause
-github.com/golang/glog,https://github.com/golang/glog/blob/v1.2.0/LICENSE,Apache-2.0
+github.com/golang/glog,https://github.com/golang/glog/blob/v1.2.4/LICENSE,Apache-2.0
 github.com/golang/groupcache/lru,https://github.com/golang/groupcache/blob/41bb18bfe9da/LICENSE,Apache-2.0
-github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.3/LICENSE,BSD-3-Clause
-github.com/google/cel-go,https://github.com/google/cel-go/blob/v0.12.6/LICENSE,Apache-2.0
+github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.4/LICENSE,BSD-3-Clause
+github.com/google/cel-go,https://github.com/google/cel-go/blob/v0.12.7/LICENSE,Apache-2.0
 github.com/google/gnostic,https://github.com/google/gnostic/blob/v0.6.9/LICENSE,Apache-2.0
 github.com/google/go-cmp/cmp,https://github.com/google/go-cmp/blob/v0.6.0/LICENSE,BSD-3-Clause
 github.com/google/go-containerregistry/pkg/name,https://github.com/google/go-containerregistry/blob/v0.16.1/LICENSE,Apache-2.0
@@ -59,7 +59,7 @@ github.com/gorilla/mux,https://github.com/gorilla/mux/blob/v1.8.0/LICENSE,BSD-3-
 github.com/gorilla/websocket,https://github.com/gorilla/websocket/blob/v1.5.0/LICENSE,BSD-2-Clause
 github.com/grpc-ecosystem/go-grpc-middleware,https://github.com/grpc-ecosystem/go-grpc-middleware/blob/v1.3.0/LICENSE,Apache-2.0
 github.com/grpc-ecosystem/grpc-gateway,https://github.com/grpc-ecosystem/grpc-gateway/blob/v1.16.0/LICENSE.txt,BSD-3-Clause
-github.com/grpc-ecosystem/grpc-gateway/v2,https://github.com/grpc-ecosystem/grpc-gateway/blob/v2.11.3/LICENSE.txt,BSD-3-Clause
+github.com/grpc-ecosystem/grpc-gateway/v2,https://github.com/grpc-ecosystem/grpc-gateway/blob/v2.16.0/LICENSE.txt,BSD-3-Clause
 github.com/hashicorp/errwrap,https://github.com/hashicorp/errwrap/blob/v1.1.0/LICENSE,MPL-2.0
 github.com/hashicorp/go-multierror,https://github.com/hashicorp/go-multierror/blob/v1.1.1/LICENSE,MPL-2.0
 github.com/hashicorp/go-uuid,https://github.com/hashicorp/go-uuid/blob/v1.0.3/LICENSE,MPL-2.0
@@ -127,7 +127,7 @@ github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-
 github.com/spf13/viper,https://github.com/spf13/viper/blob/v1.15.0/LICENSE,MIT
 github.com/stoewer/go-strcase,https://github.com/stoewer/go-strcase/blob/v1.2.0/LICENSE,MIT
 github.com/subosito/gotenv,https://github.com/subosito/gotenv/blob/v1.4.2/LICENSE,MIT
-github.com/tektoncd/pipeline/pkg,https://github.com/tektoncd/pipeline/blob/v0.53.2/LICENSE,Apache-2.0
+github.com/tektoncd/pipeline/pkg,https://github.com/tektoncd/pipeline/blob/v0.53.6/LICENSE,Apache-2.0
 github.com/valyala/bytebufferpool,https://github.com/valyala/bytebufferpool/blob/v1.0.0/LICENSE,MIT
 github.com/valyala/fasttemplate,https://github.com/valyala/fasttemplate/blob/v1.2.2/LICENSE,MIT
 go.mongodb.org/mongo-driver,https://github.com/mongodb/mongo-go-driver/blob/v1.7.5/LICENSE,Apache-2.0
@@ -141,14 +141,14 @@ go.uber.org/atomic,https://github.com/uber-go/atomic/blob/v1.10.0/LICENSE.txt,MI
 go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.10.0/LICENSE.txt,MIT
 go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT
 gocloud.dev,https://github.com/google/go-cloud/blob/v0.22.0/LICENSE,Apache-2.0
-golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.22.0:LICENSE,BSD-3-Clause
+golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.31.0:LICENSE,BSD-3-Clause
 golang.org/x/exp/maps,https://cs.opensource.google/go/x/exp/+/92128663:LICENSE,BSD-3-Clause
-golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.21.0:LICENSE,BSD-3-Clause
+golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.33.0:LICENSE,BSD-3-Clause
 golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.16.0:LICENSE,BSD-3-Clause
-golang.org/x/sync/semaphore,https://cs.opensource.google/go/x/sync/+/v0.6.0:LICENSE,BSD-3-Clause
-golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.19.0:LICENSE,BSD-3-Clause
-golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.19.0:LICENSE,BSD-3-Clause
-golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause
+golang.org/x/sync/semaphore,https://cs.opensource.google/go/x/sync/+/v0.10.0:LICENSE,BSD-3-Clause
+golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.28.0:LICENSE,BSD-3-Clause
+golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.27.0:LICENSE,BSD-3-Clause
+golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.21.0:LICENSE,BSD-3-Clause
 golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause
 golang.org/x/xerrors,https://cs.opensource.google/go/x/xerrors/+/04be3eba:LICENSE,BSD-3-Clause
 gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0
@@ -158,23 +158,22 @@ google.golang.org/genproto,https://github.com/googleapis/go-genproto/blob/995d67
 google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/995d672761c0/googleapis/api/LICENSE,Apache-2.0
 google.golang.org/genproto/googleapis/rpc,https://github.com/googleapis/go-genproto/blob/50ed04b92917/googleapis/rpc/LICENSE,Apache-2.0
 google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.60.1/LICENSE,Apache-2.0
-google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.32.0/LICENSE,BSD-3-Clause
+google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.33.0/LICENSE,BSD-3-Clause
 gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause
 gopkg.in/ini.v1,https://github.com/go-ini/ini/blob/v1.67.0/LICENSE,Apache-2.0
 gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0
 gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT
 k8s.io/api,https://github.com/kubernetes/api/blob/v0.25.9/LICENSE,Apache-2.0
-k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.26.5/LICENSE,Apache-2.0
-k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.26.5/third_party/forked/golang/LICENSE,BSD-3-Clause
+k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.26.15/LICENSE,Apache-2.0
+k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.26.15/third_party/forked/golang/LICENSE,BSD-3-Clause
 k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.25.9/LICENSE,Apache-2.0
 k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.100.1/LICENSE,Apache-2.0
 k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/54b630e78af5/LICENSE,Apache-2.0
 k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/54b630e78af5/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause
 k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/54b630e78af5/pkg/validation/spec/LICENSE,Apache-2.0
-k8s.io/kubernetes/pkg/apis/core,https://github.com/kubernetes/kubernetes/blob/v1.11.1/LICENSE,Apache-2.0
 k8s.io/utils,https://github.com/kubernetes/utils/blob/9f6742963106/LICENSE,Apache-2.0
 k8s.io/utils/internal/third_party/forked/golang/net,https://github.com/kubernetes/utils/blob/9f6742963106/internal/third_party/forked/golang/LICENSE,BSD-3-Clause
-knative.dev/pkg,https://github.com/knative/pkg/blob/df28feae6d34/LICENSE,Apache-2.0
+knative.dev/pkg,https://github.com/knative/pkg/blob/56bfe0dd9626/LICENSE,Apache-2.0
 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,Apache-2.0
 sigs.k8s.io/structured-merge-diff/v4,https://github.com/kubernetes-sigs/structured-merge-diff/blob/v4.2.3/LICENSE,Apache-2.0
 sigs.k8s.io/yaml,https://github.com/kubernetes-sigs/yaml/blob/v1.3.0/LICENSE,MIT
diff --git a/backend/third_party_licenses/cache_server.csv b/backend/third_party_licenses/cache_server.csv
@@ -31,18 +31,18 @@ github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.22.6/LICEN
 github.com/go-sql-driver/mysql,https://github.com/go-sql-driver/mysql/blob/v1.7.1/LICENSE,MPL-2.0
 github.com/go-stack/stack,https://github.com/go-stack/stack/blob/v1.8.0/LICENSE.md,MIT
 github.com/gogo/protobuf,https://github.com/gogo/protobuf/blob/v1.3.2/LICENSE,BSD-3-Clause
-github.com/golang/glog,https://github.com/golang/glog/blob/v1.2.0/LICENSE,Apache-2.0
+github.com/golang/glog,https://github.com/golang/glog/blob/v1.2.4/LICENSE,Apache-2.0
 github.com/golang/groupcache/lru,https://github.com/golang/groupcache/blob/41bb18bfe9da/LICENSE,Apache-2.0
-github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.3/LICENSE,BSD-3-Clause
-github.com/google/cel-go,https://github.com/google/cel-go/blob/v0.12.6/LICENSE,Apache-2.0
+github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.4/LICENSE,BSD-3-Clause
+github.com/google/cel-go,https://github.com/google/cel-go/blob/v0.12.7/LICENSE,Apache-2.0
 github.com/google/gnostic,https://github.com/google/gnostic/blob/v0.6.9/LICENSE,Apache-2.0
 github.com/google/go-cmp/cmp,https://github.com/google/go-cmp/blob/v0.6.0/LICENSE,BSD-3-Clause
 github.com/google/go-containerregistry/pkg/name,https://github.com/google/go-containerregistry/blob/v0.16.1/LICENSE,Apache-2.0
 github.com/google/gofuzz,https://github.com/google/gofuzz/blob/v1.2.0/LICENSE,Apache-2.0
 github.com/google/uuid,https://github.com/google/uuid/blob/v1.5.0/LICENSE,BSD-3-Clause
 github.com/gorilla/websocket,https://github.com/gorilla/websocket/blob/v1.5.0/LICENSE,BSD-2-Clause
 github.com/grpc-ecosystem/grpc-gateway,https://github.com/grpc-ecosystem/grpc-gateway/blob/v1.16.0/LICENSE.txt,BSD-3-Clause
-github.com/grpc-ecosystem/grpc-gateway/v2,https://github.com/grpc-ecosystem/grpc-gateway/blob/v2.11.3/LICENSE.txt,BSD-3-Clause
+github.com/grpc-ecosystem/grpc-gateway/v2,https://github.com/grpc-ecosystem/grpc-gateway/blob/v2.16.0/LICENSE.txt,BSD-3-Clause
 github.com/hashicorp/errwrap,https://github.com/hashicorp/errwrap/blob/v1.1.0/LICENSE,MPL-2.0
 github.com/hashicorp/go-multierror,https://github.com/hashicorp/go-multierror/blob/v1.1.1/LICENSE,MPL-2.0
 github.com/hashicorp/go-uuid,https://github.com/hashicorp/go-uuid/blob/v1.0.3/LICENSE,MPL-2.0
@@ -89,45 +89,44 @@ github.com/sirupsen/logrus,https://github.com/sirupsen/logrus/blob/v1.9.3/LICENS
 github.com/spf13/cast,https://github.com/spf13/cast/blob/v1.5.0/LICENSE,MIT
 github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause
 github.com/stoewer/go-strcase,https://github.com/stoewer/go-strcase/blob/v1.2.0/LICENSE,MIT
-github.com/tektoncd/pipeline/pkg,https://github.com/tektoncd/pipeline/blob/v0.53.2/LICENSE,Apache-2.0
+github.com/tektoncd/pipeline/pkg,https://github.com/tektoncd/pipeline/blob/v0.53.6/LICENSE,Apache-2.0
 github.com/valyala/bytebufferpool,https://github.com/valyala/bytebufferpool/blob/v1.0.0/LICENSE,MIT
 github.com/valyala/fasttemplate,https://github.com/valyala/fasttemplate/blob/v1.2.2/LICENSE,MIT
 go.mongodb.org/mongo-driver,https://github.com/mongodb/mongo-go-driver/blob/v1.7.5/LICENSE,Apache-2.0
 go.opencensus.io,https://github.com/census-instrumentation/opencensus-go/blob/v0.24.0/LICENSE,Apache-2.0
 go.uber.org/atomic,https://github.com/uber-go/atomic/blob/v1.10.0/LICENSE.txt,MIT
 go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.10.0/LICENSE.txt,MIT
 go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT
-golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.22.0:LICENSE,BSD-3-Clause
+golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.31.0:LICENSE,BSD-3-Clause
 golang.org/x/exp/maps,https://cs.opensource.google/go/x/exp/+/92128663:LICENSE,BSD-3-Clause
-golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.21.0:LICENSE,BSD-3-Clause
+golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.33.0:LICENSE,BSD-3-Clause
 golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.16.0:LICENSE,BSD-3-Clause
-golang.org/x/sync/semaphore,https://cs.opensource.google/go/x/sync/+/v0.6.0:LICENSE,BSD-3-Clause
-golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.19.0:LICENSE,BSD-3-Clause
-golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.19.0:LICENSE,BSD-3-Clause
-golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause
+golang.org/x/sync/semaphore,https://cs.opensource.google/go/x/sync/+/v0.10.0:LICENSE,BSD-3-Clause
+golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.28.0:LICENSE,BSD-3-Clause
+golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.27.0:LICENSE,BSD-3-Clause
+golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.21.0:LICENSE,BSD-3-Clause
 golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause
 gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0
 google.golang.org/api/support/bundler,https://github.com/googleapis/google-api-go-client/blob/v0.156.0/LICENSE,BSD-3-Clause
 google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/995d672761c0/googleapis/api/LICENSE,Apache-2.0
 google.golang.org/genproto/googleapis/rpc/status,https://github.com/googleapis/go-genproto/blob/50ed04b92917/googleapis/rpc/LICENSE,Apache-2.0
 google.golang.org/genproto/protobuf/field_mask,https://github.com/googleapis/go-genproto/blob/995d672761c0/LICENSE,Apache-2.0
 google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.60.1/LICENSE,Apache-2.0
-google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.32.0/LICENSE,BSD-3-Clause
+google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.33.0/LICENSE,BSD-3-Clause
 gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause
 gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0
 gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT
 k8s.io/api,https://github.com/kubernetes/api/blob/v0.25.9/LICENSE,Apache-2.0
-k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.26.5/LICENSE,Apache-2.0
-k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.26.5/third_party/forked/golang/LICENSE,BSD-3-Clause
+k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.26.15/LICENSE,Apache-2.0
+k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.26.15/third_party/forked/golang/LICENSE,BSD-3-Clause
 k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.25.9/LICENSE,Apache-2.0
 k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.100.1/LICENSE,Apache-2.0
 k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/54b630e78af5/LICENSE,Apache-2.0
 k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/54b630e78af5/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause
 k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/54b630e78af5/pkg/validation/spec/LICENSE,Apache-2.0
-k8s.io/kubernetes/pkg/apis/core,https://github.com/kubernetes/kubernetes/blob/v1.11.1/LICENSE,Apache-2.0
 k8s.io/utils,https://github.com/kubernetes/utils/blob/9f6742963106/LICENSE,Apache-2.0
 k8s.io/utils/internal/third_party/forked/golang/net,https://github.com/kubernetes/utils/blob/9f6742963106/internal/third_party/forked/golang/LICENSE,BSD-3-Clause
-knative.dev/pkg,https://github.com/knative/pkg/blob/df28feae6d34/LICENSE,Apache-2.0
+knative.dev/pkg,https://github.com/knative/pkg/blob/56bfe0dd9626/LICENSE,Apache-2.0
 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,Apache-2.0
 sigs.k8s.io/structured-merge-diff/v4,https://github.com/kubernetes-sigs/structured-merge-diff/blob/v4.2.3/LICENSE,Apache-2.0
 sigs.k8s.io/yaml,https://github.com/kubernetes-sigs/yaml/blob/v1.3.0/LICENSE,MIT