(yunikorn-k8shim) branch master updated: [YUNIKORN-3161] Update Go depenedencies for CVE fixes (#994)

pbacsko Mon, 08 Dec 2025 06:34:35 -0800

This is an automated email from the ASF dual-hosted git repository.

pbacsko pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/yunikorn-k8shim.git



The following commit(s) were added to refs/heads/master by this push:
     new 849c8034 [YUNIKORN-3161] Update Go depenedencies for CVE fixes (#994)
849c8034 is described below

commit 849c8034bcdc33a64a517f17c853d8121c679491
Author: Peter Bacsko <[email protected]>
AuthorDate: Mon Dec 8 15:33:22 2025 +0100

    [YUNIKORN-3161] Update Go depenedencies for CVE fixes (#994)
    
    Closes: #994
    
    Signed-off-by: Peter Bacsko <[email protected]>
---
 go.mod | 23 +++++++++++++----------
 go.sum | 37 ++++++++++++++++++-------------------
 2 files changed, 31 insertions(+), 29 deletions(-)

diff --git a/go.mod b/go.mod
index 7b565fd0..e5530217 100644
--- a/go.mod
+++ b/go.mod
@@ -20,7 +20,7 @@ module github.com/apache/yunikorn-k8shim
 
 go 1.24.0
 
-toolchain go1.24.4
+toolchain go1.24.11
 
 require (
        github.com/apache/yunikorn-core v0.0.0-20251201043909-11c0a7a644a1
@@ -39,7 +39,7 @@ require (
        k8s.io/apimachinery v0.34.2
        k8s.io/apiserver v0.34.2
        k8s.io/cli-runtime v0.34.2
-       k8s.io/client-go v1.5.2
+       k8s.io/client-go v0.34.2
        k8s.io/component-base v0.34.2
        k8s.io/component-helpers v0.34.2
        k8s.io/klog/v2 v2.130.1
@@ -128,14 +128,14 @@ require (
        go.opentelemetry.io/proto/otlp v1.5.0 // indirect
        go.uber.org/multierr v1.11.0 // indirect
        go.yaml.in/yaml/v2 v2.4.2 // indirect
-       golang.org/x/crypto v0.41.0 // indirect
+       golang.org/x/crypto v0.44.0 // indirect
        golang.org/x/exp v0.0.0-20250228200357-dead58393ab7 // indirect
        golang.org/x/mod v0.30.0 // indirect
        golang.org/x/net v0.47.0 // indirect
        golang.org/x/oauth2 v0.30.0 // indirect
        golang.org/x/sync v0.18.0 // indirect
        golang.org/x/sys v0.38.0 // indirect
-       golang.org/x/term v0.34.0 // indirect
+       golang.org/x/term v0.37.0 // indirect
        golang.org/x/text v0.31.0 // indirect
        golang.org/x/time v0.10.0 // indirect
        golang.org/x/tools v0.39.0 // indirect
@@ -166,13 +166,16 @@ require (
 )
 
 replace (
-       golang.org/x/crypto => golang.org/x/crypto v0.41.0
+       golang.org/x/crypto => golang.org/x/crypto v0.45.0
        golang.org/x/lint => golang.org/x/lint 
v0.0.0-20210508222113-6edffad5e616
-       golang.org/x/net => golang.org/x/net v0.43.0
-       golang.org/x/oauth2 => golang.org/x/oauth2 v0.28.0
-       golang.org/x/sys => golang.org/x/sys v0.35.0
-       golang.org/x/text => golang.org/x/text v0.28.0
-       golang.org/x/tools => golang.org/x/tools v0.35.0
+       golang.org/x/net => golang.org/x/net v0.47.0
+       golang.org/x/oauth2 => golang.org/x/oauth2 v0.33.0
+       golang.org/x/sync => golang.org/x/sync v0.18.0
+       golang.org/x/sys => golang.org/x/sys v0.39.0
+       golang.org/x/term => golang.org/x/term v0.37.0
+       golang.org/x/text => golang.org/x/text v0.31.0
+       golang.org/x/time => golang.org/x/time v0.14.0
+       golang.org/x/tools => golang.org/x/tools v0.39.0
        k8s.io/api => k8s.io/api v0.34.2
        k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.34.2
        k8s.io/apimachinery => k8s.io/apimachinery v0.34.2
diff --git a/go.sum b/go.sum
index 860374c8..a9168f9a 100644
--- a/go.sum
+++ b/go.sum
@@ -294,31 +294,30 @@ go.yaml.in/yaml/v2 v2.4.2 
h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI=
 go.yaml.in/yaml/v2 v2.4.2/go.mod 
h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU=
 go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
 go.yaml.in/yaml/v3 v3.0.4/go.mod 
h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
-golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
-golang.org/x/crypto v0.41.0/go.mod 
h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
+golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
+golang.org/x/crypto v0.45.0/go.mod 
h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
 golang.org/x/exp v0.0.0-20250228200357-dead58393ab7 
h1:aWwlzYV971S4BXRS9AmqwDLAD85ouC6X+pocatKY58c=
 golang.org/x/exp v0.0.0-20250228200357-dead58393ab7/go.mod 
h1:BHOTPb3L19zxehTsLoJXVaTktb06DFgmdW6Wb9s8jqk=
-golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ=
+golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w=
 golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk=
 golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=
-golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
-golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
-golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc=
-golang.org/x/oauth2 v0.28.0/go.mod 
h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
-golang.org/x/sync v0.16.0/go.mod 
h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
+golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
+golang.org/x/oauth2 v0.33.0 h1:4Q+qn+E5z8gPRJfmRy7C2gGG3T4jIprK6aSYgTXGRpo=
+golang.org/x/oauth2 v0.33.0/go.mod 
h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
 golang.org/x/sync v0.18.0/go.mod 
h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
-golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
-golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/telemetry v0.0.0-20250710130107-8d8967aff50b/go.mod 
h1:4ZwOYna0/zsOKwuR5X/m0QFOJpSZvAxFfkQT+Erd9D4=
-golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4=
-golang.org/x/term v0.34.0/go.mod 
h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw=
-golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng=
-golang.org/x/text v0.28.0/go.mod 
h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
-golang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4=
-golang.org/x/time v0.10.0/go.mod 
h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
-golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0=
-golang.org/x/tools v0.35.0/go.mod 
h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
+golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
+golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54/go.mod 
h1:hKdjCMrbv9skySur+Nek8Hd0uJ0GuxJIoIX2payrIdQ=
+golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
+golang.org/x/term v0.37.0/go.mod 
h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=
+golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
+golang.org/x/text v0.31.0/go.mod 
h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
+golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
+golang.org/x/time v0.14.0/go.mod 
h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
+golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
+golang.org/x/tools v0.39.0/go.mod 
h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
 google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb 
h1:p31xT4yrYrSM/G4Sn2+TNUkVhFCbG9y8itM2S6Th950=
 google.golang.org/genproto/googleapis/api 
v0.0.0-20250303144028-a0af3efb3deb/go.mod 
h1:jbe3Bkdp+Dh2IrslsFCklNhweNTBgSYanP1UXhJDhKg=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb 
h1:TLPQVbx1GJ8VKZxz52VAxl1EBgKXXbTiU9Fc5fZeLn4=


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

(yunikorn-k8shim) branch master updated: [YUNIKORN-3161] Update Go depenedencies for CVE fixes (#994)

Reply via email to