From a6b197204ee4ffaa5caa38ea8d79590eff7634ca Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Tue, 24 Oct 2023 15:46:29 -0400 Subject: [PATCH] blake3: update go mod deps addresses CVE-2022-29526, even though we do not use `Faccessat()` Signed-off-by: Vincent Batts --- blake3/go.mod | 9 ++++++--- blake3/go.sum | 8 ++++++++ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/blake3/go.mod b/blake3/go.mod index 82bc6dc..45d35c9 100644 --- a/blake3/go.mod +++ b/blake3/go.mod @@ -3,10 +3,13 @@ module github.com/opencontainers/go-digest/blake3 go 1.18 require ( - github.com/opencontainers/go-digest v0.0.0 - github.com/zeebo/blake3 v0.2.2 + github.com/opencontainers/go-digest v1.0.0 + github.com/zeebo/blake3 v0.2.3 ) replace github.com/opencontainers/go-digest => ../ -require golang.org/x/sys v0.0.0-20201014080544-cc95f250f6bc // indirect +require ( + github.com/klauspost/cpuid/v2 v2.2.5 // indirect + golang.org/x/sys v0.13.0 // indirect +) diff --git a/blake3/go.sum b/blake3/go.sum index 72ac43f..125dc80 100644 --- a/blake3/go.sum +++ b/blake3/go.sum @@ -1,8 +1,16 @@ +github.com/klauspost/cpuid/v2 v2.0.12/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c= +github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg= +github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= github.com/zeebo/assert v1.1.0 h1:hU1L1vLTHsnO8x8c9KAR5GmM5QscxHg5RNU5z5qbUWY= github.com/zeebo/assert v1.1.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0= github.com/zeebo/blake3 v0.2.2 h1:ddH9fUIlef5r+pqvJShGgSXFd6c7k54eQXZ48hNjotQ= github.com/zeebo/blake3 v0.2.2/go.mod h1:TSQ0KjMH+pht+bRyvVooJ1rBpvvngSGaPISafq9MxJk= +github.com/zeebo/blake3 v0.2.3 h1:TFoLXsjeXqRNFxSbk35Dk4YtszE/MQQGK10BH4ptoTg= +github.com/zeebo/blake3 v0.2.3/go.mod h1:mjJjZpnsyIVtVgTOSpJ9vmRE4wgDeyt2HU3qXvvKCaQ= github.com/zeebo/pcg v1.0.1 h1:lyqfGeWiv4ahac6ttHs+I5hwtH/+1mrhlCtVNQM2kHo= github.com/zeebo/pcg v1.0.1/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l4= golang.org/x/sys v0.0.0-20201014080544-cc95f250f6bc h1:HVFDs9bKvTxP6bh1Rj9MCSo+UmafQtI8ZWDPVwVk9g4= golang.org/x/sys v0.0.0-20201014080544-cc95f250f6bc/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=