mirror of
https://github.com/tailscale/tailscale.git
synced 2026-07-15 01:53:08 -04:00
This change updates vulnerable dependencies with a direct fix path. Updated: * github.com/prometheus/prometheus@v0.311.3 - Direct dependency addressing https://pkg.go.dev/vuln/GO-2026-5710 and https://pkg.go.dev/vuln/GO-2026-5662 * github.com/go-openapi/swag@v0.27.0 - Needed to fix mutual dependency on github.com/go-openapi/testify after prometheus update * github.com/go-git/go-git/v5@v5.19.1 - Addresses https://pkg.go.dev/vuln/GO-2026-5496 * helm.sh/helm/v3@v3.21.1 - Root update to address most containerd CVEs * github.com/containerd/containerd@v1.7.33 - Addresses remaining container CVEs, in total: https://pkg.go.dev/vuln/GO-2026-5758 https://pkg.go.dev/vuln/GO-2026-5475 https://pkg.go.dev/vuln/GO-2026-5378 * sigs.k8s.io/controller-runtime updated to v0.23.3 - This is needed to accommodate the k8s.io/api v0.35.3 update (test change needed for update) Vulnerabilities were discovered from govulncheck, which includes reachability in the analysis. Updates #cleanup Change-Id: I8345745d22a7e6ee106b58c410889e0aef748be4 Signed-off-by: Mike Jensen <mikej@tailscale.com>
11 lines
300 B
JSON
11 lines
300 B
JSON
{
|
|
"toolchain": {
|
|
"rev": "63ae404c8203317fd3c82d972e5dc8f0fcb425cb",
|
|
"sri": "sha256-TwIaPmGVHO9ZwdaO/jDStgWGQtKa4smS3er1i5aTNTw="
|
|
},
|
|
"vendor": {
|
|
"goModSum": "sha256-ubFvidc3iwLcn0+c9HXkIIWAJ6+Cb7Nn6/eaBSl3G6Q=",
|
|
"sri": "sha256-D49BnEgSzzACwU1N6Uksl/wo5YdQGIGTKQ2f1NMdo2A="
|
|
}
|
|
}
|