migtools / mig-controller

OpenShift Migration Controller
Apache License 2.0
22 stars 42 forks source link

Update go.mod deps #1292

Closed jmontleon closed 2 years ago

jmontleon commented 2 years ago

I had to delete Gopkg* to get snyk to run. If we need these for something I'll add them back.

Before:

$ snyk test

Testing /home/jason/Documents/go/src/github.com/konveyor/mig-controller...

✗ Medium severity vulnerability found in github.com/prometheus/client_golang/prometheus/promhttp
  Description: Denial of Service (DoS)
  Info: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPROMETHEUSCLIENTGOLANGPROMETHEUSPROMHTTP-2401819
  Introduced through: github.com/prometheus/client_golang/prometheus/promhttp@1.11.0, sigs.k8s.io/controller-runtime/pkg/manager@#096b2e07c091, sigs.k8s.io/controller-runtime@#096b2e07c091, sigs.k8s.io/controller-runtime/pkg/controller@#096b2e07c091, github.com/konveyor/openshift-velero-plugin/velero-plugins/imagecopy@#876132e34f3d
  From: github.com/prometheus/client_golang/prometheus/promhttp@1.11.0
  From: sigs.k8s.io/controller-runtime/pkg/manager@#096b2e07c091 > github.com/prometheus/client_golang/prometheus/promhttp@1.11.0
  From: sigs.k8s.io/controller-runtime@#096b2e07c091 > sigs.k8s.io/controller-runtime/pkg/manager@#096b2e07c091 > github.com/prometheus/client_golang/prometheus/promhttp@1.11.0
  and 5 more...
  Fixed in: 1.11.1

✗ High severity vulnerability found in github.com/gin-gonic/gin
  Description: HTTP Response Splitting
  Info: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736
  Introduced through: github.com/gin-gonic/gin@1.7.2, github.com/gin-contrib/cors@1.3.1
  From: github.com/gin-gonic/gin@1.7.2
  From: github.com/gin-contrib/cors@1.3.1 > github.com/gin-gonic/gin@1.7.2
  Fixed in: 1.7.7

Organization:      jmontleon
Package manager:   gomodules
Target file:       go.mod
Project name:      github.com/konveyor/mig-controller
Open source:       no
Project path:      /home/jason/Documents/go/src/github.com/konveyor/mig-controller
Licenses:          enabled

Tested 797 dependencies for known issues, found 2 issues, 10 vulnerable paths.

After:

$ snyk test

Testing /home/jason/Documents/go/src/github.com/konveyor/mig-controller...

Organization:      jmontleon
Package manager:   gomodules
Target file:       go.mod
Project name:      github.com/konveyor/mig-controller
Open source:       no
Project path:      /home/jason/Documents/go/src/github.com/konveyor/mig-controller
Licenses:          enabled

✔ Tested 797 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.