Skip to content

build(deps): bump the oc-mirror-v2-version-updates group with 13 updates #1382

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
dependabot wants to merge 1 commit into from
Closed

build(deps): bump the oc-mirror-v2-version-updates group with 13 updates #1382

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
231 changes: 119 additions & 112 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,52 +1,53 @@
module github.com/openshift/oc-mirror/v2

go 1.24.3
go 1.25.7
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check repo pins for Go versions in common automation files.
set -euo pipefail

echo "== go directive =="
rg -n --no-heading '^go\s+[0-9]+\.[0-9]+(\.[0-9]+)?$' go.mod

echo
echo "== setup-go / golang image version pins in workflows and docs =="
rg -n --no-heading 'setup-go|go-version|golang:|GO_VERSION|go1\.[0-9]+' .github README.md Makefile Dockerfile* 2>/dev/null || true

Repository: openshift/oc-mirror

Length of output: 351

🏁 Script executed:

#!/bin/bash
# More comprehensive search for all Go version pins

echo "== All Dockerfile variants =="
find . -type f \( -name "Dockerfile*" -o -name "dockerfile*" \) | head -20

echo
echo "== GitHub Actions workflows =="
find .github/workflows -type f -name "*.yml" -o -name "*.yaml" 2>/dev/null | head -20

echo
echo "== Go version references in workflows =="
rg -n 'go-version|uses:.*setup-go' .github 2>/dev/null || echo "No matches in .github"

echo
echo "== Build scripts and other files =="
find . -type f \( -name "*.sh" -o -name "Makefile*" -o -name "*.mk" \) | grep -v node_modules | grep -v ".git" | head -20

Repository: openshift/oc-mirror

Length of output: 1824

🏁 Script executed:

#!/bin/bash
# Check key Dockerfiles and build scripts for Go version pins

echo "== Main Dockerfile =="
grep -n "GO_VERSION\|go1\." ./Dockerfile || echo "No matches"

echo
echo "== Docker CI/test variants =="
for f in ./images/cli/Dockerfile.{art,ci,test}; do
  if [ -f "$f" ]; then
    echo "File: $f"
    grep -n "GO_VERSION\|go1\." "$f" || echo "  No matches"
  fi
done

echo
echo "== Makefile =="
grep -n "GO_VERSION\|go1\." ./Makefile ./v1/Makefile 2>/dev/null || echo "No matches"

echo
echo "== hack/build.sh =="
if [ -f ./hack/build.sh ]; then
  grep -n "GO_VERSION\|go1\." ./hack/build.sh || echo "No matches"
fi

echo
echo "== Check for .github directory =="
ls -la .github 2>/dev/null || echo "No .github directory"

Repository: openshift/oc-mirror

Length of output: 842

Update Dockerfile to use Go 1.25.7

The Dockerfile pins GO_VERSION=go1.23.5 but go.mod specifies go 1.25.7. This mismatch will cause build failures. Update the Dockerfile to match the go.mod version.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 3, The Dockerfile's GO_VERSION variable is pinned to go1.23.5
but go.mod requires Go 1.25.7; update the Dockerfile to set GO_VERSION to
go1.25.7 (or match the exact version string used in go.mod) so the build
toolchain and go.mod are consistent, and ensure any related references to
GO_VERSION (build image tags, download URLs) are updated accordingly to use
go1.25.7.


require (
github.com/Masterminds/semver/v3 v3.4.0
github.com/blang/semver/v4 v4.0.0
github.com/distribution/distribution/v3 v3.0.0
github.com/distribution/reference v0.6.0
github.com/go-jose/go-jose/v4 v4.1.0 // indirect; OCPBUGS-51217 - CVE-2025-27144
github.com/google/go-containerregistry v0.20.8-0.20260114192324-795787c558e1
github.com/go-jose/go-jose/v4 v4.1.3 // indirect; OCPBUGS-51217 - CVE-2025-27144
github.com/google/go-containerregistry v0.21.3
github.com/google/uuid v1.6.0
github.com/microlib/simple v1.0.2
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.1.1
github.com/openshift/api v0.0.0-20240529192326-16d44e6d3e7d
github.com/operator-framework/operator-registry v1.50.0
github.com/operator-framework/operator-registry v1.65.0
github.com/otiai10/copy v1.14.1
github.com/sherine-k/catalog-filter v0.0.5
github.com/sirupsen/logrus v1.9.3
github.com/spf13/cobra v1.10.1
github.com/spf13/pflag v1.0.9
github.com/sirupsen/logrus v1.9.4
github.com/spf13/cobra v1.10.2
github.com/spf13/pflag v1.0.10
github.com/stretchr/testify v1.11.1
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
github.com/vbauerster/mpb/v8 v8.10.2
go.podman.io/common v0.65.0
go.podman.io/image/v5 v5.37.0
go.podman.io/storage v1.60.0
golang.org/x/crypto v0.41.0
golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect
golang.org/x/sync v0.18.0 // indirect
golang.org/x/term v0.34.0
helm.sh/helm/v3 v3.18.6
k8s.io/api v0.33.4
k8s.io/apimachinery v0.33.4
k8s.io/client-go v0.33.4
k8s.io/kubectl v0.33.4
github.com/vbauerster/mpb/v8 v8.11.3
go.podman.io/common v0.67.0
go.podman.io/image/v5 v5.39.1
go.podman.io/storage v1.62.0
golang.org/x/crypto v0.49.0
golang.org/x/exp v0.0.0-20260112195511-716be5621a96 // indirect
golang.org/x/sync v0.20.0 // indirect
golang.org/x/term v0.41.0
helm.sh/helm/v3 v3.20.1
k8s.io/api v0.35.3
k8s.io/apimachinery v0.35.3
k8s.io/client-go v0.35.3
k8s.io/kubectl v0.35.1
sigs.k8s.io/yaml v1.6.0
)

require (
github.com/docker/cli v29.0.3+incompatible
github.com/docker/cli v29.3.1+incompatible
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify vulnerable module is still present and whether any replace mitigates it.
set -euo pipefail

echo "== docker/docker entries in go.mod/go.sum =="
rg -n --no-heading 'github\.com/docker/docker|github\.com/docker/cli' go.mod go.sum || true

echo
echo "== replace directives referencing docker modules (if any) =="
rg -n --no-heading '^\s*replace\s+github\.com/docker/(docker|cli)' go.mod || true

Repository: openshift/oc-mirror

Length of output: 1015

🌐 Web query:

GHSA-pxq6-2prw-chj9 docker/docker CVE vulnerability

💡 Result:

GHSA-pxq6-2prw-chj9 is a moderate severity (CVSS 6.8) vulnerability in Moby (the open-source project behind Docker Engine), also tracked as CVE-2026-33997. It involves an off-by-one error (CWE-193) in the Docker daemon's plugin privilege validation logic during docker plugin install. Key details: - Affected versions: Moby/Docker Engine < 29.3.1 (github.com/moby/moby < 29.3.1, github.com/moby/moby/v2 vulnerable at 2.0.0-beta.7) - Fixed in: 29.3.1 (github.com/moby/moby/v2 >= 2.0.0-beta.8) - Impact: Malicious plugins can bypass privilege checks, gaining unintended permissions (e.g., broad device access). No impact if plugins are not used. Exploitation requires user approval of a malicious plugin install; Docker Desktop does not support plugins. - CVSS v3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N - Patch: moby/moby@f4d6f25 - Workarounds: Avoid untrusted plugins, review privileges carefully, restrict daemon access. - Reported by: Cody (c@wormhole.guru) Note: Docker plugins are legacy and uncommon; official docs: https://docs.docker.com/engine/extend/legacy_plugins/. NVD entry pending as of 2026-03-30.

Citations:

🌐 Web query:

GHSA-x744-4wpc-v9h2 docker/docker CVE vulnerability

💡 Result:

GHSA-x744-4wpc-v9h2 is a high-severity vulnerability (CVSS 8.8) in Moby (Docker Engine), also known as CVE-2026-34040. It allows attackers to bypass authorization plugins (AuthZ) using oversized request bodies in specially-crafted API requests. The Docker daemon forwards the request to the plugin without the body, potentially allowing requests that would otherwise be denied if the body was inspected. This is an incomplete fix for the prior CVE-2024-41110 (GHSA-v23v-6jw2-98fq). Affected: Moby/Docker Engine versions < 29.3.1 (Go package github.com/moby/moby). Patched: Version 29.3.1. Impact: Only affects users of AuthZ plugins that inspect request bodies for access control. Low base exploit likelihood. CWE-863 (Incorrect Authorization). Workarounds: Avoid AuthZ plugins relying on body inspection; restrict Docker API access to trusted parties. Published: 2026-03-27. Official advisory: GHSA-x744-4wpc-v9h2

Citations:

🌐 Web query:

docker/cli v29.3.1 dependencies docker/docker version

💡 Result:

docker/cli v29.3.1 is the CLI component of Docker Engine v29.3.1. It is a Go project without a standard go.mod file (marked as +incompatible in pkg.go.dev), built with Go runtime 1.25.8. Key updates in this release include packaging updates like containerd to v2.2.2 (in engine) and Go SDK fixes for build tags. No complete dependency list is explicitly stated in sources, but it depends on moby/moby components for API compatibility. Docker Engine (docker/docker) version corresponding is v29.3.1, released 2026-03-25.

Citations:

🌐 Web query:

github.com/docker/cli v29.3.1 go.mod moby/moby version dependencies

💡 Result:

The github.com/docker/cli repository at version v29.3.1 does not appear to have a standard go.mod file defining module dependencies in the conventional sense, as indicated by the "+incompatible" suffix on pkg.go.dev (https://pkg.go.dev/github.com/docker/cli@v29.3.1+incompatible). This means it is treated as a legacy GOPATH-style package without full Go modules support. The docker/cli project vendors its dependencies, including the Docker Engine client code previously from github.com/docker/docker (now deprecated), which has transitioned to github.com/moby/moby modules (client and api) starting with Docker v29. Vendor updates are done via PRs like docker/cli#6193, which bumped github.com/docker/docker to master (v29.0-dev). No explicit require for github.com/moby/moby is stated in sources for v29.3.1, but the CLI depends on the vendored Docker client code from moby/moby at the version aligned with Docker Engine v29.3.1 (tagged docker-v29.3.1 in moby/moby). Official docs reference parallel milestones for docker/cli 29.3.1 and moby/moby 29.3.1.

Citations:

Docker dependency update incomplete: github.com/docker/docker v28.5.2 remains vulnerable

Updating github.com/docker/cli to v29.3.1 does not automatically resolve the indirect github.com/docker/docker v28.5.2+incompatible dependency, which has known vulnerabilities:

Both are fixed in v29.3.1+. Add an explicit require/replace for github.com/docker/docker to v29.3.1 or later, or document why this dependency is not reachable in your threat model.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 42, The go.mod still pulls the vulnerable indirect module
github.com/docker/docker v28.5.2+incompatible; update go.mod to explicitly
require or replace github.com/docker/docker to v29.3.1 or later (matching the
upgraded github.com/docker/cli v29.3.1) so the vulnerable transitive version is
resolved, or add a clear justification in the repository docs explaining why
github.com/docker/docker is unreachable in your threat model; locate and change
the go.mod entry for github.com/docker/docker and run go mod tidy to ensure the
new version is used.

k8s.io/klog v1.0.0
)

require (
cyphar.com/go-pathrs v0.2.1 // indirect
dario.cat/mergo v1.0.2 // indirect
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
github.com/BurntSushi/toml v1.5.0 // indirect
github.com/BurntSushi/toml v1.6.0 // indirect
github.com/MakeNowJust/heredoc v1.0.0 // indirect
github.com/Masterminds/goutils v1.1.1 // indirect
github.com/Masterminds/sprig/v3 v3.3.0 // indirect
Expand All @@ -55,57 +56,66 @@ require (
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/bshuster-repo/logrus-logstash-hook v1.0.2 // indirect
github.com/cenkalti/backoff/v5 v5.0.2 // indirect
github.com/cenkalti/backoff/v5 v5.0.3 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/chai2010/gettext-go v1.0.2 // indirect
github.com/containerd/containerd v1.7.29 // indirect
github.com/clipperhouse/stringish v0.1.1 // indirect
github.com/clipperhouse/uax29/v2 v2.5.0 // indirect
github.com/containerd/containerd v1.7.30 // indirect
github.com/containerd/errdefs v1.0.0 // indirect
github.com/containerd/errdefs/pkg v0.3.0 // indirect
github.com/containerd/log v0.1.0 // indirect
github.com/containerd/platforms v0.2.1 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.18.1 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.18.2 // indirect
github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect
github.com/containers/ocicrypt v1.2.1 // indirect
github.com/coreos/go-systemd/v22 v22.6.0 // indirect
github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467 // indirect
github.com/cyphar/filepath-securejoin v0.4.1 // indirect
github.com/cyphar/filepath-securejoin v0.6.1 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
github.com/docker/distribution v2.8.3+incompatible // indirect
github.com/docker/docker v28.5.2+incompatible // indirect
github.com/docker/docker-credential-helpers v0.9.3 // indirect
github.com/docker/docker-credential-helpers v0.9.5 // indirect
github.com/docker/go-connections v0.6.0 // indirect
github.com/docker/go-events v0.0.0-20250114142523-c867878c5e32 // indirect
github.com/docker/go-events v0.0.0-20250808211157-605354379745 // indirect
github.com/docker/go-metrics v0.0.1 // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/emicklei/go-restful/v3 v3.12.2 // indirect
github.com/emicklei/go-restful/v3 v3.13.0 // indirect
github.com/evanphx/json-patch v5.9.11+incompatible // indirect
github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/fxamacker/cbor/v2 v2.8.0 // indirect
github.com/fxamacker/cbor/v2 v2.9.0 // indirect
github.com/go-errors/errors v1.4.2 // indirect
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
github.com/go-git/go-billy/v5 v5.6.2 // indirect
github.com/go-git/go-git/v5 v5.16.2 // indirect
github.com/go-git/go-billy/v5 v5.7.0 // indirect
github.com/go-git/go-git/v5 v5.16.4 // indirect
github.com/go-logr/logr v1.4.3 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/jsonpointer v0.21.1 // indirect
github.com/go-openapi/jsonreference v0.21.0 // indirect
github.com/go-openapi/swag v0.23.1 // indirect
github.com/go-openapi/jsonpointer v0.22.4 // indirect
github.com/go-openapi/jsonreference v0.21.4 // indirect
github.com/go-openapi/swag v0.25.4 // indirect
github.com/go-openapi/swag/cmdutils v0.25.4 // indirect
github.com/go-openapi/swag/conv v0.25.4 // indirect
github.com/go-openapi/swag/fileutils v0.25.4 // indirect
github.com/go-openapi/swag/jsonname v0.25.4 // indirect
github.com/go-openapi/swag/jsonutils v0.25.4 // indirect
github.com/go-openapi/swag/loading v0.25.4 // indirect
github.com/go-openapi/swag/mangling v0.25.4 // indirect
github.com/go-openapi/swag/netutils v0.25.4 // indirect
github.com/go-openapi/swag/stringutils v0.25.4 // indirect
github.com/go-openapi/swag/typeutils v0.25.4 // indirect
github.com/go-openapi/swag/yamlutils v0.25.4 // indirect
github.com/gobwas/glob v0.2.3 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/mock v1.7.0-rc.1 // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/btree v1.1.3 // indirect
github.com/google/gnostic-models v0.6.9 // indirect
github.com/google/gnostic-models v0.7.1 // indirect
github.com/google/go-cmp v0.7.0 // indirect
github.com/google/go-intervals v0.0.2 // indirect
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
github.com/gorilla/handlers v1.5.2 // indirect
github.com/gorilla/mux v1.8.1 // indirect
github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.0 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.7 // indirect
github.com/h2non/filetype v1.1.3 // indirect
github.com/h2non/go-is-svg v0.0.0-20160927212452-35e8c4b0612c // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
Expand All @@ -116,118 +126,115 @@ require (
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/joelanford/ignore v0.1.1 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/klauspost/compress v1.18.1 // indirect
github.com/klauspost/compress v1.18.4 // indirect
github.com/klauspost/pgzip v1.2.6 // indirect
github.com/letsencrypt/boulder v0.0.0-20250624003606-5ddd5acf990d // indirect
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
github.com/mailru/easyjson v0.9.0 // indirect
github.com/mattn/go-runewidth v0.0.16 // indirect
github.com/mattn/go-sqlite3 v1.14.32 // indirect
github.com/miekg/pkcs11 v1.1.1 // indirect
github.com/mistifyio/go-zfs/v3 v3.0.1 // indirect
github.com/mattn/go-runewidth v0.0.19 // indirect
github.com/mattn/go-sqlite3 v1.14.37 // indirect
github.com/miekg/dns v1.1.61 // indirect
github.com/miekg/pkcs11 v1.1.2 // indirect
github.com/mistifyio/go-zfs/v3 v3.1.0 // indirect
github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/mitchellh/go-wordwrap v1.0.1 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/moby/docker-image-spec v1.3.1 // indirect
github.com/moby/spdystream v0.5.0 // indirect
github.com/moby/sys/atomicwriter v0.1.0 // indirect
github.com/moby/sys/capability v0.4.0 // indirect
github.com/moby/sys/mountinfo v0.7.2 // indirect
github.com/moby/sys/user v0.4.0 // indirect
github.com/moby/term v0.5.2 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
github.com/morikuni/aec v1.1.0 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
github.com/opencontainers/runtime-spec v1.2.1 // indirect
github.com/opencontainers/selinux v1.12.0 // indirect
github.com/opencontainers/runtime-spec v1.3.0 // indirect
github.com/opencontainers/selinux v1.13.1 // indirect
github.com/openshift/build-machinery-go v0.0.0-20250414185254-3ce8e800ceda // indirect
github.com/operator-framework/api v0.32.0 // indirect
github.com/operator-framework/api v0.42.0 // indirect
github.com/otiai10/mint v1.6.3 // indirect
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/proglottis/gpgme v0.1.5 // indirect
github.com/prometheus/client_golang v1.22.0 // indirect
github.com/proglottis/gpgme v0.1.6 // indirect
github.com/prometheus/client_golang v1.23.2 // indirect
github.com/prometheus/client_model v0.6.2 // indirect
github.com/prometheus/common v0.65.0 // indirect
github.com/prometheus/procfs v0.16.1 // indirect
github.com/redis/go-redis/extra/rediscmd/v9 v9.10.0 // indirect
github.com/redis/go-redis/extra/redisotel/v9 v9.10.0 // indirect
github.com/redis/go-redis/v9 v9.10.0 // indirect
github.com/rivo/uniseg v0.4.7 // indirect
github.com/prometheus/common v0.67.5 // indirect
github.com/prometheus/otlptranslator v1.0.0 // indirect
github.com/prometheus/procfs v0.19.2 // indirect
github.com/redis/go-redis/extra/rediscmd/v9 v9.17.3 // indirect
github.com/redis/go-redis/extra/redisotel/v9 v9.17.3 // indirect
github.com/redis/go-redis/v9 v9.17.3 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 // indirect
github.com/secure-systems-lab/go-securesystemslib v0.9.1 // indirect
github.com/secure-systems-lab/go-securesystemslib v0.10.0 // indirect
github.com/shopspring/decimal v1.4.0 // indirect
github.com/sigstore/fulcio v1.6.6 // indirect
github.com/sigstore/protobuf-specs v0.4.3 // indirect
github.com/sigstore/sigstore v1.9.5 // indirect
github.com/sigstore/fulcio v1.8.5 // indirect
github.com/sigstore/protobuf-specs v0.5.0 // indirect
github.com/sigstore/sigstore v1.10.4 // indirect
github.com/smallstep/pkcs7 v0.2.1 // indirect
github.com/spf13/cast v1.7.1 // indirect
github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 // indirect
github.com/stretchr/objx v0.5.2 // indirect
github.com/sylabs/sif/v2 v2.21.1 // indirect
github.com/sylabs/sif/v2 v2.22.0 // indirect
github.com/tchap/go-patricia/v2 v2.3.3 // indirect
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
github.com/ulikunitz/xz v0.5.15 // indirect
github.com/vbatts/tar-split v0.12.2 // indirect
github.com/x448/float16 v0.8.4 // indirect
github.com/xlab/treeprint v1.2.0 // indirect
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
go.opentelemetry.io/contrib/bridges/prometheus v0.61.0 // indirect
go.opentelemetry.io/contrib/exporters/autoexport v0.61.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
go.opentelemetry.io/otel v1.36.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.12.2 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.12.2 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.36.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.36.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.36.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.36.0 // indirect
go.opentelemetry.io/otel/exporters/prometheus v0.58.0 // indirect
go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.12.2 // indirect
go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.36.0 // indirect
go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.36.0 // indirect
go.opentelemetry.io/otel/log v0.12.2 // indirect
go.opentelemetry.io/otel/metric v1.36.0 // indirect
go.opentelemetry.io/otel/sdk v1.36.0 // indirect
go.opentelemetry.io/otel/sdk/log v0.12.2 // indirect
go.opentelemetry.io/otel/sdk/metric v1.36.0 // indirect
go.opentelemetry.io/otel/trace v1.36.0 // indirect
go.opentelemetry.io/proto/otlp v1.7.0 // indirect
go.yaml.in/yaml/v2 v2.4.2 // indirect
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
go.opentelemetry.io/contrib/bridges/prometheus v0.65.0 // indirect
go.opentelemetry.io/contrib/exporters/autoexport v0.65.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 // indirect
go.opentelemetry.io/otel v1.40.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.16.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.16.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.40.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.40.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.40.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.40.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.40.0 // indirect
go.opentelemetry.io/otel/exporters/prometheus v0.62.0 // indirect
go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.16.0 // indirect
go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.40.0 // indirect
go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.40.0 // indirect
go.opentelemetry.io/otel/log v0.16.0 // indirect
go.opentelemetry.io/otel/metric v1.40.0 // indirect
go.opentelemetry.io/otel/sdk v1.40.0 // indirect
go.opentelemetry.io/otel/sdk/log v0.16.0 // indirect
go.opentelemetry.io/otel/sdk/metric v1.40.0 // indirect
go.opentelemetry.io/otel/trace v1.40.0 // indirect
go.opentelemetry.io/proto/otlp v1.9.0 // indirect
go.yaml.in/yaml/v2 v2.4.3 // indirect
go.yaml.in/yaml/v3 v3.0.4 // indirect
golang.org/x/net v0.43.0 // indirect
golang.org/x/oauth2 v0.33.0 // indirect
golang.org/x/sys v0.38.0 // indirect
golang.org/x/text v0.28.0 // indirect
golang.org/x/time v0.12.0 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 // indirect
google.golang.org/grpc v1.73.0 // indirect
google.golang.org/protobuf v1.36.8 // indirect
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
golang.org/x/net v0.52.0 // indirect
golang.org/x/oauth2 v0.36.0 // indirect
golang.org/x/sys v0.42.0 // indirect
golang.org/x/text v0.35.0 // indirect
golang.org/x/time v0.14.0 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20260202165425-ce8ad4cf556b // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20260202165425-ce8ad4cf556b // indirect
google.golang.org/grpc v1.79.3 // indirect
google.golang.org/protobuf v1.36.11 // indirect
gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/apiextensions-apiserver v0.33.3 // indirect
k8s.io/cli-runtime v0.33.4 // indirect
k8s.io/component-base v0.33.4 // indirect
k8s.io/apiextensions-apiserver v0.35.3 // indirect
k8s.io/cli-runtime v0.35.1 // indirect
k8s.io/component-base v0.35.3 // indirect
k8s.io/klog/v2 v2.130.1 // indirect
k8s.io/kube-openapi v0.0.0-20250610211856-8b98d1ed966a // indirect
k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect
k8s.io/kube-openapi v0.0.0-20260127142750-a19766b6e2d4 // indirect
k8s.io/utils v0.0.0-20260108192941-914a6e750570 // indirect
oras.land/oras-go/v2 v2.6.0 // indirect
sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
sigs.k8s.io/kustomize/api v0.19.0 // indirect
sigs.k8s.io/kustomize/kyaml v0.19.0 // indirect
sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect
sigs.k8s.io/kustomize/api v0.20.1 // indirect
sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect
sigs.k8s.io/randfill v1.0.0 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.7.0 // indirect
sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482 // indirect
)

tool github.com/openshift/build-machinery-go
Loading