search

turkdevops / sourcegraph

Universal code search (self-hosted)
https://sourcegraph.com
Other
1 stars 0 forks source link

build(deps): bump github.com/containerd/containerd from 1.3.4 to 1.5.18 #410

Open dependabot[bot] opened 1 year ago

dependabot[bot] commented 1 year ago

Bumps github.com/containerd/containerd from 1.3.4 to 1.5.18.

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.5.18

Welcome to the v1.5.18 release of containerd!

The eighteenth patch release for containerd 1.5 includes fixes for CVE-2023-25153 and CVE-2023-25173 along with a security update for Go.

Notable Updates

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Akihiro Suda
  • Derek McGowan
  • Ye Sijun
  • Samuel Karp
  • Phil Estes
  • Swagat Bora
  • Wei Fu

Changes

  • [release/1.5] Prepare release notes for v1.5.18 (#8117)
    • ddf9de6cb Prepare release notes for v1.5.18
  • Github Security Advisory GHSA-hmfx-3pcx-653p
    • a62c38bf2 oci: fix additional GIDs
    • 3b89da580 oci: fix loop iterator aliasing
    • b07ec6b25 oci: skip checking gid for WithAppendAdditionalGroups
    • 356672cb5 refactor: reduce duplicate code
    • 6a7b7617c add WithAdditionalGIDs test
    • 832bcf300 add WithAppendAdditionalGroups helper
  • Github Security Advisory GHSA-259w-8hf6-59c2
    • 19a347e45 importer: stream oci-layout and manifest.json
  • [release/1.5] Go 1.19.6 (#8112)
  • [release/1.5] Fix retry logic within devmapper device deactivation (#8089)
    • 0d16d045d Fix retry logic within devmapper device deactivation
  • [release/1.5] CI: skip some jobs when repo != containerd/containerd (#8084)
    • 34451bc66 CI: skip some jobs when repo != containerd/containerd

... (truncated)

Commits
  • 39bb06f Merge pull request #8117 from dmcgowan/prepare-v1.5.18
  • ddf9de6 Prepare release notes for v1.5.18
  • 28e4618 Merge pull request from GHSA-hmfx-3pcx-653p
  • 959e1cf Merge pull request from GHSA-259w-8hf6-59c2
  • b4538c2 Merge pull request #8112 from AkihiroSuda/cherrypick-8109-1.5
  • 4209dc2 Go 1.19.6
  • 7c3b243 Merge pull request #8089 from swagatbora90/backport-1.5
  • 0d16d04 Fix retry logic within devmapper device deactivation
  • 9e9f4c8 Merge pull request #8084 from AkihiroSuda/ci-skip-on-fork-1.5
  • a62c38b oci: fix additional GIDs
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/turkdevops/sourcegraph/network/alerts).
guardrails[bot] commented 1 year ago

:warning: We detected 104 security issues in this pull request:

Mode: paranoid | Total findings: 104 | Considered vulnerability: 104

Vulnerable Libraries (104)
Severity | Details ----- | -------- N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20200728102440-3e129f6d46b1@v0.0.0-20200728102440-3e129f6d46b1](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1698) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* High | [pkg:golang/github.com/containerd/containerd@v1.5.0-rc.0@v1.5.0-rc.0](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L241) - **no patch available** Medium | [pkg:golang/github.com/containerd/containerd@v1.2.10@v1.2.10](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L228) upgrade to: *1.2.14* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20191115151921-52ab43148777@v0.0.0-20191115151921-52ab43148777](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1675) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/crypto@v0.0.0-20210322153248-0c34fe9e7dc2 @v0.0.0-20210322153248-0c34fe9e7dc2 ](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1527) upgrade to: *0.0.0-20220314234659-1baeb1ce4c0b* High | [pkg:golang/github.com/prometheus/client_golang@v1.1.0@v1.1.0](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1167) upgrade to: *1.11.1* High | [pkg:golang/github.com/aws/aws-sdk-go@v1.15.11@v1.15.11](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L141) - **no patch available** N/A | [pkg:golang/golang.org/x/crypto@0.0.0-20210322153248-0c34fe9e7dc2@0.0.0-20210322153248-0c34fe9e7dc2](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.mod#L158) upgrade to: *0.0.0-20220314234659-1baeb1ce4c0b* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20190602015325-4c4f7f33c9ed@v0.0.0-20190602015325-4c4f7f33c9ed](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1656) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* High | [pkg:golang/github.com/opencontainers/runc@v1.0.0-rc93@v1.0.0-rc93](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1106) upgrade to: *1.0.0-rc95* High | [pkg:golang/golang.org/x/text@v0.3.4@v0.3.4](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1724) - **no patch available** N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20210330210617-4fbd30eecc44@v0.0.0-20210330210617-4fbd30eecc44](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1711) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* High | [pkg:golang/github.com/containernetworking/cni@v0.8.0@v0.8.0](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L288) upgrade to: *0.8.1* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20200817155316-9781c653f443@v0.0.0-20200817155316-9781c653f443](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1699) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* High | [pkg:golang/github.com/containerd/containerd@v1.5.0-beta.1@v1.5.0-beta.1](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L238) - **no patch available** Medium | [pkg:golang/golang.org/x/crypto@v0.0.0-20201002170205-7f63de1d35b0@v0.0.0-20201002170205-7f63de1d35b0](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1526) - **no patch available** N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20201117170446-d9b008d0a637@v0.0.0-20201117170446-d9b008d0a637](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1705) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20210510120138-977fb7262007@v0.0.0-20210510120138-977fb7262007](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1713) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* Critical | [pkg:golang/github.com/emicklei/go-restful@v2.9.5+incompatible@v2.9.5+incompatible](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L392) upgrade to: *2.16.0,3.8.0* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20200916030750-2334cc1a136f@v0.0.0-20200916030750-2334cc1a136f](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1701) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20190812073006-9eafafc0a87e@v0.0.0-20190812073006-9eafafc0a87e](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1663) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20190801041406-cbf593c0f2f3@v0.0.0-20190801041406-cbf593c0f2f3](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1662) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* Medium | [pkg:golang/github.com/containerd/containerd@v1.3.0-beta.2.0.20190828155532-0293cbd26c69@v1.3.0-beta.2.0.20190828155532-0293cbd26c69](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L229) upgrade to: *1.3.9,1.4.3,1.2.0,1.3.9,1.4.3* Medium | [pkg:golang/github.com/containerd/containerd@v1.4.9@v1.4.9](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L237) upgrade to: *1.4.11,1.5.7* Medium | [pkg:golang/github.com/opencontainers/image-spec@v1.0.0@v1.0.0](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1098) - **no patch available** Low | [pkg:golang/k8s.io/kubernetes@v1.13.0@v1.13.0](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1990) - **no patch available** N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20190514135907-3a4b5fb9f71f@v0.0.0-20190514135907-3a4b5fb9f71f](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1653) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20210324051608-47abb6519492@v0.0.0-20210324051608-47abb6519492](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1710) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20200909081042-eff7692f9009@v0.0.0-20200909081042-eff7692f9009](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1700) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20190916202348-b4ddaad3f8a3@v0.0.0-20190916202348-b4ddaad3f8a3](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1667) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/text@v0.3.4 @v0.3.4 ](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1724) upgrade to: *0.3.7* N/A | [pkg:golang/github.com/prometheus/client_golang@v1.7.1 @v1.7.1 ](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1171) upgrade to: *1.11.1* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20200217220822-9197077df867@v0.0.0-20200217220822-9197077df867](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1689) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* High | [pkg:golang/golang.org/x/net@v0.0.0-20201021035429-f5854403a974@v0.0.0-20201021035429-f5854403a974](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1603) - **no patch available** N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20200120151820-655fe14d7479@v0.0.0-20200120151820-655fe14d7479](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1684) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20190522044717-8097e1b27ff5@v0.0.0-20190522044717-8097e1b27ff5](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1654) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* Critical | [pkg:golang/github.com/gogo/protobuf@v1.3.2@v1.3.2](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L623) - **no patch available** N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20210124154548-22da62e12c0c@v0.0.0-20210124154548-22da62e12c0c](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1709) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20201201145000-ef89a241ccb3@v0.0.0-20201201145000-ef89a241ccb3](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1707) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* Medium | [pkg:golang/github.com/containerd/containerd@v1.3.2@v1.3.2](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L232) upgrade to: *1.3.9,1.4.3,1.2.0,1.3.9,1.4.3* N/A | [pkg:golang/github.com/containerd/containerd@v1.4.3@v1.4.3](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L236) - **no patch available** N/A | [pkg:golang/golang.org/x/net@v0.0.0-20190619014844-b5b0513f8c1b@v0.0.0-20190619014844-b5b0513f8c1b](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1586) upgrade to: *1.11.13,1.12.8,0.0.0-20190813141303-74dc4d7220e7* Medium | [pkg:golang/go.etcd.io/etcd@v0.5.0-alpha.5.0.20200910180754-dd1b699fc489@v0.5.0-alpha.5.0.20200910180754-dd1b699fc489](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1470) upgrade to: *3.4.0* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20190606203320-7fc4e5ec1444@v0.0.0-20190606203320-7fc4e5ec1444](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1658) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/github.com/containerd/imgcrypt@v1.1.1@v1.1.1](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L267) - **no patch available** N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20201119102817-f84b799fce68@v0.0.0-20201119102817-f84b799fce68](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1706) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/github.com/opencontainers/runc@v0.1.1@v0.1.1](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1103) upgrade to: *1.0.0-rc91* Critical | [pkg:golang/github.com/emicklei/go-restful@v0.0.0-20170410110728-ff4f55a20633@v0.0.0-20170410110728-ff4f55a20633](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L391) upgrade to: *3.8.0,3.8.0,3.8.0* N/A | [pkg:golang/golang.org/x/net@v0.0.0-20201006153459-a7d1128ccaa0@v0.0.0-20201006153459-a7d1128ccaa0](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1602) upgrade to: *1.18.9,1.19.4,0.4.0* High | [pkg:golang/golang.org/x/net@v0.0.0-20201224014010-6772e930b67b@v0.0.0-20201224014010-6772e930b67b](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1605) - **no patch available** High | [pkg:golang/golang.org/x/crypto@v0.0.0-20181009213950-7c1a557ab941@v0.0.0-20181009213950-7c1a557ab941](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1502) upgrade to: *0.0.0-20200220183623-bac4c82f6975* High | [pkg:golang/gopkg.in/yaml.v2@v2.4.0@v2.4.0](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.mod#L168) - **no patch available** High | [pkg:golang/gopkg.in/yaml.v2@v2.4.0@v2.4.0](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1948) - **no patch available** High | [pkg:golang/github.com/containerd/imgcrypt@v1.0.1@v1.0.1](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L265) upgrade to: *1.1.4* Medium | [pkg:golang/github.com/containerd/containerd@v1.3.0@v1.3.0](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L229) upgrade to: *1.3.9,1.4.3,1.2.0,1.3.9,1.4.3* High | [pkg:golang/github.com/opencontainers/runc@v1.0.2@v1.0.2](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1107) - **no patch available** High | [pkg:golang/golang.org/x/net@v0.0.0-20210405180319-a5a99cb37ef4@v0.0.0-20210405180319-a5a99cb37ef4](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.mod#L159) - **no patch available** High | [pkg:golang/golang.org/x/net@v0.0.0-20210405180319-a5a99cb37ef4@v0.0.0-20210405180319-a5a99cb37ef4](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1607) - **no patch available** N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20210426230700-d19ff857e887@v0.0.0-20210426230700-d19ff857e887](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1712) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/net@v0.0.0-20181011144130-49bb7cea24b1@v0.0.0-20181011144130-49bb7cea24b1](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1568) upgrade to: *1.11.13,1.12.8,0.0.0-20190813141303-74dc4d7220e7* N/A | [pkg:golang/github.com/prometheus/client_golang@v0.0.0-20180209125602-c332b6f63c06@v0.0.0-20180209125602-c332b6f63c06](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1162) upgrade to: *1.11.1* Critical | [pkg:golang/github.com/gogo/protobuf@v1.2.2-0.20190723190241-65acae22fc9d@v1.2.2-0.20190723190241-65acae22fc9d](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L620) - **no patch available** Low | [pkg:golang/github.com/containerd/containerd@v1.4.0-beta.2.0.20200729163537-40b22ef07410@v1.4.0-beta.2.0.20200729163537-40b22ef07410](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L234) upgrade to: *1.4.12,1.5.8* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20191022100944-742c48ecaeb7@v0.0.0-20191022100944-742c48ecaeb7](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1673) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* Critical | [pkg:golang/github.com/gogo/protobuf@v1.3.0@v1.3.0](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L621) - **no patch available** High | [pkg:golang/golang.org/x/net@v0.0.0-20210226172049-e18ecbb05110@v0.0.0-20210226172049-e18ecbb05110](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1606) - **no patch available** N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20200922070232-aee5d888a860@v0.0.0-20200922070232-aee5d888a860](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1702) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* High | [pkg:golang/k8s.io/apiserver@v0.20.4@v0.20.4](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1974) - **no patch available** N/A | [pkg:golang/github.com/opencontainers/runc@v1.0.0-rc8.0.20190926000215-3e425f80a8c9@v1.0.0-rc8.0.20190926000215-3e425f80a8c9](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1104) upgrade to: *1.0.0-rc9.0.20200122160610-2fc03cc11c77* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20200622214017-ed371f2e16b4@v0.0.0-20200622214017-ed371f2e16b4](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1697) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* High | [pkg:golang/github.com/containerd/imgcrypt@v1.1.1-0.20210312161619-7ed62a527887@v1.1.1-0.20210312161619-7ed62a527887](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L267) upgrade to: *1.1.4* Medium | [pkg:golang/golang.org/x/crypto@v0.0.0-20171113213409-9f005a07e0d3@v0.0.0-20171113213409-9f005a07e0d3](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1500) - **no patch available** N/A | [pkg:golang/golang.org/x/crypto@v0.0.0-20200728195943-123391ffb6de@v0.0.0-20200728195943-123391ffb6de](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1525) upgrade to: *0.0.0-20220314234659-1baeb1ce4c0b* N/A | [pkg:golang/github.com/prometheus/client_golang@1.7.1@1.7.1](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.mod#L113) upgrade to: *1.11.1* High | [pkg:golang/github.com/containerd/containerd@v1.5.0-beta.4@v1.5.0-beta.4](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L240) - **no patch available** N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20191210023423-ac6580df4449@v0.0.0-20191210023423-ac6580df4449](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1678) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* High | [pkg:golang/k8s.io/apiserver@v0.20.6@v0.20.6](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1975) - **no patch available** High | [pkg:golang/github.com/containerd/containerd@v1.5.0-beta.3@v1.5.0-beta.3](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L239) - **no patch available** N/A | [pkg:golang/github.com/opencontainers/runc@v1.0.0-rc9@v1.0.0-rc9](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1105) upgrade to: *1.0.0-rc91* N/A | [pkg:golang/golang.org/x/net@v0.0.0-20200707034311-ab3426394381@v0.0.0-20200707034311-ab3426394381](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1601) upgrade to: *1.18.6,1.19.1,0.0.0-20220906165146-f3363e06e74c* Medium | [pkg:golang/golang.org/x/crypto@v0.0.0-20210322153248-0c34fe9e7dc2@v0.0.0-20210322153248-0c34fe9e7dc2](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1527) - **no patch available** Medium | [pkg:golang/golang.org/x/crypto@v0.0.0-20210322153248-0c34fe9e7dc2@v0.0.0-20210322153248-0c34fe9e7dc2](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.mod#L158) - **no patch available** Medium | [pkg:golang/github.com/containerd/containerd@v1.3.1-0.20191213020239-082f7e3aed57@v1.3.1-0.20191213020239-082f7e3aed57](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L231) upgrade to: *1.3.9,1.4.3,1.2.0,1.3.9,1.4.3* High | [pkg:golang/golang.org/x/net@v0.0.0-20201110031124-69a78807bb2b@v0.0.0-20201110031124-69a78807bb2b](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1604) - **no patch available** High | [pkg:golang/github.com/containerd/imgcrypt@v1.0.4-0.20210301171431-0ae5c75f59ba@v1.0.4-0.20210301171431-0ae5c75f59ba](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L266) upgrade to: *1.1.4* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20220405210540-1e041c57c461@v0.0.0-20220405210540-1e041c57c461](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1714) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20200930185726-fdedc70b468f@v0.0.0-20200930185726-fdedc70b468f](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1703) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* High | [pkg:golang/github.com/prometheus/client_golang@v1.7.1@v1.7.1](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.mod#L113) upgrade to: *1.11.1* High | [pkg:golang/github.com/prometheus/client_golang@v1.7.1@v1.7.1](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1171) upgrade to: *1.11.1* High | [pkg:golang/github.com/containernetworking/cni@v0.7.1@v0.7.1](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L287) upgrade to: *0.8.1,0.8.1* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20201202213521-69691e467435@v0.0.0-20201202213521-69691e467435](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1708) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/github.com/docker/distribution@v0.0.0-20190905152932-14b96e55d84c@v0.0.0-20190905152932-14b96e55d84c](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L354) upgrade to: *2.7.0-rc.0* High | [pkg:golang/github.com/gorilla/websocket@v1.4.2@v1.4.2](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L750) - **no patch available** Medium | [pkg:golang/github.com/containerd/containerd@v1.4.1@v1.4.1](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L235) upgrade to: *1.4.11,1.5.7* N/A | [pkg:golang/github.com/gorilla/handlers@v0.0.0-20150720190736-60c7bfde3e33@v0.0.0-20150720190736-60c7bfde3e33](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L733) upgrade to: *1.3.0* N/A | [pkg:golang/github.com/buger/jsonparser@v0.0.0-20180808090653-f4dd9f5a6b44@v0.0.0-20180808090653-f4dd9f5a6b44](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L172) upgrade to: *0.0.0-20200321185410-91ac96899e49* N/A | [pkg:golang/github.com/docker/distribution@v2.7.1-0.20190205005809-0d3efadf0154+incompatible@v2.7.1-0.20190205005809-0d3efadf0154+incompatible](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L356) upgrade to: *2.8.0* High | [pkg:golang/github.com/dgrijalva/jwt-go@v0.0.0-20170104182250-a601269ab70c@v0.0.0-20170104182250-a601269ab70c](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L341) - **no patch available** High | [pkg:golang/golang.org/x/net@v0.0.0-20191004110552-13f9640d40b9@v0.0.0-20191004110552-13f9640d40b9](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1592) - **no patch available** N/A | [pkg:golang/golang.org/x/net@0.0.0-20210405180319-a5a99cb37ef4@0.0.0-20210405180319-a5a99cb37ef4](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.mod#L159) upgrade to: *1.18.6,1.19.1,0.0.0-20220906165146-f3363e06e74c* High | [pkg:golang/github.com/opencontainers/runc@v0.0.0-20190115041553-12f6a991201f@v0.0.0-20190115041553-12f6a991201f](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1102) upgrade to: *0.1.0* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20201112073958-5cba982894dd@v0.0.0-20201112073958-5cba982894dd](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1704) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/net@v0.0.0-20210405180319-a5a99cb37ef4 @v0.0.0-20210405180319-a5a99cb37ef4 ](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1607) upgrade to: *0.0.0-20210520170846-37e1c6afe023* High | [pkg:golang/k8s.io/apiserver@v0.20.1@v0.20.1](https://github.com/turkdevops/sourcegraph/blob/9984b934ec865e2420818c78af20c9ebd6775f9c/go.sum#L1973) - **no patch available** More info on how to fix Vulnerable Libraries in [Go](https://docs.guardrails.io/docs/en/vulnerabilities/go/using_vulnerable_libraries.html?utm_source=ghpr#).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.