Skip to content

Commit c14e64e

Browse files
lhotarilhotari
committed
[fix][sec] Upgrade pulsar-function-go dependencies to address CVE-2025-22870 (#24135)
(cherry picked from commit 371020d)
1 parent ce0f321 commit c14e64e

File tree

9 files changed

+436
-1459
lines changed

9 files changed

+436
-1459
lines changed

Diff for: .github/workflows/ci-go-functions.yaml

+2-2
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,7 @@ jobs:
7575
runs-on: ubuntu-22.04
7676
strategy:
7777
matrix:
78-
go-version: ['1.21']
78+
go-version: ['1.23']
7979

8080
steps:
8181
- name: Check out code into the Go module directory
@@ -93,7 +93,7 @@ jobs:
9393
- name: InstallTool
9494
run: |
9595
cd pulsar-function-go
96-
wget -O - -q https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh| sh -s v1.55.2
96+
wget -O - -q https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh| sh -s v2.0.2
9797
./bin/golangci-lint --version
9898
9999
- name: Build

Diff for: pulsar-function-go/examples/go.mod

+31-34
Original file line numberDiff line numberDiff line change
@@ -1,59 +1,56 @@
11
module github.com/apache/pulsar/pulsar-function-go/examples
22

3-
go 1.21
3+
go 1.23.0
44

55
require (
6-
github.com/apache/pulsar-client-go v0.8.1
6+
github.com/apache/pulsar-client-go v0.14.0
77
github.com/apache/pulsar/pulsar-function-go v0.0.0
88
)
99

1010
require (
11-
github.com/99designs/keyring v1.1.6 // indirect
11+
github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4 // indirect
12+
github.com/99designs/keyring v1.2.1 // indirect
1213
github.com/AthenZ/athenz v1.10.39 // indirect
1314
github.com/DataDog/zstd v1.5.0 // indirect
14-
github.com/apache/pulsar-client-go/oauth2 v0.0.0-20220120090717-25e59572242e // indirect
1515
github.com/ardielle/ardielle-go v1.5.2 // indirect
1616
github.com/beorn7/perks v1.0.1 // indirect
17-
github.com/cespare/xxhash/v2 v2.2.0 // indirect
18-
github.com/danieljoos/wincred v1.0.2 // indirect
19-
github.com/davecgh/go-spew v1.1.1 // indirect
17+
github.com/bits-and-blooms/bitset v1.4.0 // indirect
18+
github.com/cespare/xxhash/v2 v2.3.0 // indirect
19+
github.com/danieljoos/wincred v1.1.2 // indirect
2020
github.com/dvsekhvalnov/jose2go v1.6.0 // indirect
2121
github.com/godbus/dbus v0.0.0-20190726142602-4481cbc300e2 // indirect
22-
github.com/gogo/protobuf v1.3.2 // indirect
23-
github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
24-
github.com/golang/protobuf v1.5.3 // indirect
25-
github.com/golang/snappy v0.0.1 // indirect
22+
github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
23+
github.com/golang/protobuf v1.5.4 // indirect
2624
github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c // indirect
27-
github.com/keybase/go-keychain v0.0.0-20190712205309-48d3d31d256d // indirect
28-
github.com/klauspost/compress v1.10.8 // indirect
29-
github.com/konsorten/go-windows-terminal-sequences v1.0.3 // indirect
30-
github.com/linkedin/goavro/v2 v2.9.8 // indirect
31-
github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
32-
github.com/mitchellh/go-homedir v1.1.0 // indirect
25+
github.com/hamba/avro/v2 v2.22.2-0.20240625062549-66aad10411d9 // indirect
26+
github.com/hashicorp/errwrap v1.1.0 // indirect
27+
github.com/hashicorp/go-multierror v1.1.1 // indirect
28+
github.com/json-iterator/go v1.1.12 // indirect
29+
github.com/klauspost/compress v1.17.9 // indirect
30+
github.com/mitchellh/mapstructure v1.5.0 // indirect
31+
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
32+
github.com/modern-go/reflect2 v1.0.2 // indirect
3333
github.com/mtibben/percent v0.2.1 // indirect
34+
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
3435
github.com/pierrec/lz4 v2.0.5+incompatible // indirect
3536
github.com/pkg/errors v0.9.1 // indirect
36-
github.com/pmezard/go-difflib v1.0.0 // indirect
37-
github.com/prometheus/client_golang v1.15.1 // indirect
38-
github.com/prometheus/client_model v0.4.0 // indirect
39-
github.com/prometheus/common v0.42.0 // indirect
40-
github.com/prometheus/procfs v0.9.0 // indirect
41-
github.com/sirupsen/logrus v1.6.0 // indirect
37+
github.com/prometheus/client_golang v1.20.5 // indirect
38+
github.com/prometheus/client_model v0.6.1 // indirect
39+
github.com/prometheus/common v0.55.0 // indirect
40+
github.com/prometheus/procfs v0.15.1 // indirect
41+
github.com/sirupsen/logrus v1.9.3 // indirect
4242
github.com/spaolacci/murmur3 v1.1.0 // indirect
43-
github.com/stretchr/testify v1.8.4 // indirect
4443
go.uber.org/atomic v1.7.0 // indirect
45-
golang.org/x/crypto v0.31.0 // indirect
46-
golang.org/x/net v0.23.0 // indirect
47-
golang.org/x/oauth2 v0.13.0 // indirect
48-
golang.org/x/sys v0.28.0 // indirect
49-
golang.org/x/term v0.27.0 // indirect
50-
golang.org/x/text v0.21.0 // indirect
51-
google.golang.org/appengine v1.6.8 // indirect
52-
google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97 // indirect
44+
golang.org/x/mod v0.18.0 // indirect
45+
golang.org/x/net v0.38.0 // indirect
46+
golang.org/x/oauth2 v0.21.0 // indirect
47+
golang.org/x/sys v0.31.0 // indirect
48+
golang.org/x/term v0.30.0 // indirect
49+
golang.org/x/text v0.23.0 // indirect
50+
google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect
5351
google.golang.org/grpc v1.60.0 // indirect
54-
google.golang.org/protobuf v1.34.1 // indirect
52+
google.golang.org/protobuf v1.34.2 // indirect
5553
gopkg.in/yaml.v2 v2.4.0 // indirect
56-
gopkg.in/yaml.v3 v3.0.1 // indirect
5754
)
5855

5956
replace github.com/apache/pulsar/pulsar-function-go => ../

0 commit comments

Comments
 (0)