Skip to content

Commit 66be1db

Browse files
andyzhangxandyzhangx
authored
Merge pull request #1570 from kubernetes-sigs/CVE-2023-5528-1.29
[release-1.29] fix: CVE-2023-5528
2 parents 812ff1b + 4c6da1e commit 66be1db

File tree

25 files changed

+498
-223
lines changed

25 files changed

+498
-223
lines changed

go.mod

Lines changed: 26 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -23,14 +23,14 @@ require (
2323
golang.org/x/net v0.17.0
2424
google.golang.org/grpc v1.59.0
2525
google.golang.org/protobuf v1.31.0
26-
k8s.io/api v0.28.1
27-
k8s.io/apimachinery v0.28.1
28-
k8s.io/client-go v0.28.1
29-
k8s.io/cloud-provider v0.28.1
30-
k8s.io/component-base v0.28.1
26+
k8s.io/api v0.28.4
27+
k8s.io/apimachinery v0.28.4
28+
k8s.io/client-go v0.28.4
29+
k8s.io/cloud-provider v0.28.4
30+
k8s.io/component-base v0.28.4
3131
k8s.io/klog/v2 v2.100.1
32-
k8s.io/kubernetes v1.28.1
33-
k8s.io/mount-utils v0.0.0
32+
k8s.io/kubernetes v1.28.4
33+
k8s.io/mount-utils v0.28.4
3434
k8s.io/utils v0.0.0-20230406110748-d93618cff8a2
3535
sigs.k8s.io/cloud-provider-azure v1.27.1-0.20230907063607-e9994a5f9c7a
3636
sigs.k8s.io/yaml v1.3.0
@@ -81,7 +81,7 @@ require (
8181
github.com/gogo/protobuf v1.3.2 // indirect
8282
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
8383
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
84-
github.com/google/cel-go v0.16.0 // indirect
84+
github.com/google/cel-go v0.16.1 // indirect
8585
github.com/google/gnostic-models v0.6.8 // indirect
8686
github.com/google/go-cmp v0.5.9 // indirect
8787
github.com/google/gofuzz v1.2.0 // indirect
@@ -148,31 +148,30 @@ require (
148148
gopkg.in/yaml.v2 v2.4.0 // indirect
149149
gopkg.in/yaml.v3 v3.0.1 // indirect
150150
k8s.io/apiextensions-apiserver v0.0.0 // indirect
151-
k8s.io/apiserver v0.28.1 // indirect
152-
k8s.io/component-helpers v0.28.1 // indirect
153-
k8s.io/controller-manager v0.28.1 // indirect
154-
k8s.io/kms v0.28.1 // indirect
151+
k8s.io/apiserver v0.28.4 // indirect
152+
k8s.io/component-helpers v0.28.4 // indirect
153+
k8s.io/controller-manager v0.28.4 // indirect
154+
k8s.io/kms v0.28.4 // indirect
155155
k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect
156156
k8s.io/kubectl v0.0.0 // indirect
157-
k8s.io/kubelet v0.28.1 // indirect
157+
k8s.io/kubelet v0.28.4 // indirect
158158
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2 // indirect
159159
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
160160
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
161161
)
162162

163163
replace (
164-
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.28.1
165-
k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.28.1
166-
k8s.io/cri-api => k8s.io/cri-api v0.28.1
167-
k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.28.1
168-
k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.28.1
169-
k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.28.1
170-
k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.28.1
171-
k8s.io/kube-proxy => k8s.io/kube-proxy v0.28.1
172-
k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.28.1
173-
k8s.io/kubectl => k8s.io/kubectl v0.28.1
174-
k8s.io/kubelet => k8s.io/kubelet v0.28.1
175-
k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.28.1
176-
k8s.io/mount-utils => k8s.io/mount-utils v0.0.0-20230103133730-1df1a57439e2
177-
k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.28.1
164+
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.28.4
165+
k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.28.4
166+
k8s.io/cri-api => k8s.io/cri-api v0.28.4
167+
k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.28.4
168+
k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.28.4
169+
k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.28.4
170+
k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.28.4
171+
k8s.io/kube-proxy => k8s.io/kube-proxy v0.28.4
172+
k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.28.4
173+
k8s.io/kubectl => k8s.io/kubectl v0.28.4
174+
k8s.io/kubelet => k8s.io/kubelet v0.28.4
175+
k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.28.4
176+
k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.28.4
178177
)

go.sum

Lines changed: 31 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -247,8 +247,8 @@ github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiu
247247
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
248248
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
249249
github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
250-
github.com/google/cel-go v0.16.0 h1:DG9YQ8nFCFXAs/FDDwBxmL1tpKNrdlGUM9U3537bX/Y=
251-
github.com/google/cel-go v0.16.0/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY=
250+
github.com/google/cel-go v0.16.1 h1:3hZfSNiAU3KOiNtxuFXVp5WFy4hf/Ly3Sa4/7F8SXNo=
251+
github.com/google/cel-go v0.16.1/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY=
252252
github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
253253
github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
254254
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
@@ -841,47 +841,47 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt
841841
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
842842
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
843843
k8s.io/api v0.19.0/go.mod h1:I1K45XlvTrDjmj5LoM5LuP/KYrhWbjUKT/SoPG0qTjw=
844-
k8s.io/api v0.28.1 h1:i+0O8k2NPBCPYaMB+uCkseEbawEt/eFaiRqUx8aB108=
845-
k8s.io/api v0.28.1/go.mod h1:uBYwID+66wiL28Kn2tBjBYQdEU0Xk0z5qF8bIBqk/Dg=
846-
k8s.io/apiextensions-apiserver v0.28.1 h1:l2ThkBRjrWpw4f24uq0Da2HaEgqJZ7pcgiEUTKSmQZw=
847-
k8s.io/apiextensions-apiserver v0.28.1/go.mod h1:sVvrI+P4vxh2YBBcm8n2ThjNyzU4BQGilCQ/JAY5kGs=
844+
k8s.io/api v0.28.4 h1:8ZBrLjwosLl/NYgv1P7EQLqoO8MGQApnbgH8tu3BMzY=
845+
k8s.io/api v0.28.4/go.mod h1:axWTGrY88s/5YE+JSt4uUi6NMM+gur1en2REMR7IRj0=
846+
k8s.io/apiextensions-apiserver v0.28.4 h1:AZpKY/7wQ8n+ZYDtNHbAJBb+N4AXXJvyZx6ww6yAJvU=
847+
k8s.io/apiextensions-apiserver v0.28.4/go.mod h1:pgQIZ1U8eJSMQcENew/0ShUTlePcSGFq6dxSxf2mwPM=
848848
k8s.io/apimachinery v0.19.0/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA=
849-
k8s.io/apimachinery v0.28.1 h1:EJD40og3GizBSV3mkIoXQBsws32okPOy+MkRyzh6nPY=
850-
k8s.io/apimachinery v0.28.1/go.mod h1:X0xh/chESs2hP9koe+SdIAcXWcQ+RM5hy0ZynB+yEvw=
851-
k8s.io/apiserver v0.28.1 h1:dw2/NKauDZCnOUAzIo2hFhtBRUo6gQK832NV8kuDbGM=
852-
k8s.io/apiserver v0.28.1/go.mod h1:d8aizlSRB6yRgJ6PKfDkdwCy2DXt/d1FDR6iJN9kY1w=
849+
k8s.io/apimachinery v0.28.4 h1:zOSJe1mc+GxuMnFzD4Z/U1wst50X28ZNsn5bhgIIao8=
850+
k8s.io/apimachinery v0.28.4/go.mod h1:wI37ncBvfAoswfq626yPTe6Bz1c22L7uaJ8dho83mgg=
851+
k8s.io/apiserver v0.28.4 h1:BJXlaQbAU/RXYX2lRz+E1oPe3G3TKlozMMCZWu5GMgg=
852+
k8s.io/apiserver v0.28.4/go.mod h1:Idq71oXugKZoVGUUL2wgBCTHbUR+FYTWa4rq9j4n23w=
853853
k8s.io/client-go v0.19.0/go.mod h1:H9E/VT95blcFQnlyShFgnFT9ZnJOAceiUHM3MlRC+mU=
854-
k8s.io/client-go v0.28.1 h1:pRhMzB8HyLfVwpngWKE8hDcXRqifh1ga2Z/PU9SXVK8=
855-
k8s.io/client-go v0.28.1/go.mod h1:pEZA3FqOsVkCc07pFVzK076R+P/eXqsgx5zuuRWukNE=
856-
k8s.io/cloud-provider v0.28.1 h1:bR7lIRYBHqxfsOkUsY2hJ7V7vmStxb0wjJJdrID8+7I=
857-
k8s.io/cloud-provider v0.28.1/go.mod h1:7jxsc3c15go606KLXnUq8Cy4nX1R1dxFRgn/czIJp/Q=
854+
k8s.io/client-go v0.28.4 h1:Np5ocjlZcTrkyRJ3+T3PkXDpe4UpatQxj85+xjaD2wY=
855+
k8s.io/client-go v0.28.4/go.mod h1:0VDZFpgoZfelyP5Wqu0/r/TRYcLYuJ2U1KEeoaPa1N4=
856+
k8s.io/cloud-provider v0.28.4 h1:7obmeuJJ5CYTO9HANDqemf/d2v95U+F0t8aeH4jNOsQ=
857+
k8s.io/cloud-provider v0.28.4/go.mod h1:xbhmGZ7wRHgXFP3SNsvdmFRO87KJIvirDYQA5ydMgGA=
858858
k8s.io/code-generator v0.19.0/go.mod h1:moqLn7w0t9cMs4+5CQyxnfA/HV8MF6aAVENF+WZZhgk=
859-
k8s.io/component-base v0.28.1 h1:LA4AujMlK2mr0tZbQDZkjWbdhTV5bRyEyAFe0TJxlWg=
860-
k8s.io/component-base v0.28.1/go.mod h1:jI11OyhbX21Qtbav7JkhehyBsIRfnO8oEgoAR12ArIU=
861-
k8s.io/component-helpers v0.28.1 h1:ts/vykhyUmPLhUl/hdLdf+a4BWA0giQ3f25HAIhl+RI=
862-
k8s.io/component-helpers v0.28.1/go.mod h1:rHFPj33uXNbgppg+ilmjJ4oR73prZQNRRmg+utVOAb0=
863-
k8s.io/controller-manager v0.28.1 h1:+md/3DAsdLVoMe3AewhyTxljnPLE/gyshTDZ8sX4Rf0=
864-
k8s.io/controller-manager v0.28.1/go.mod h1:yZ8aOBpMYOBTAI/Jd0qpaUzZUlQigmtRcdYg2VgWKiU=
865-
k8s.io/csi-translation-lib v0.28.1 h1:6EdpqKbwgJEcLxRzcGR1GnbyJrcTcUMhHTYfMwFT3LA=
859+
k8s.io/component-base v0.28.4 h1:c/iQLWPdUgI90O+T9TeECg8o7N3YJTiuz2sKxILYcYo=
860+
k8s.io/component-base v0.28.4/go.mod h1:m9hR0uvqXDybiGL2nf/3Lf0MerAfQXzkfWhUY58JUbU=
861+
k8s.io/component-helpers v0.28.4 h1:+X9VXT5+jUsRdC26JyMZ8Fjfln7mSjgumafocE509C4=
862+
k8s.io/component-helpers v0.28.4/go.mod h1:8LzMalOQ0K10tkBJWBWq8h0HTI9HDPx4WT3QvTFn9Ro=
863+
k8s.io/controller-manager v0.28.4 h1:8uJmo1pD6fWYk4mC/JfZQU6zPvuCgEHf3pd5G39ldDU=
864+
k8s.io/controller-manager v0.28.4/go.mod h1:pnO+UK2mcWNu1MxucqI8xHPD/8UBm04IUmp2u/3vbnM=
865+
k8s.io/csi-translation-lib v0.28.4 h1:4TrU2zefZGU5HQCyPZvcPxkS6IowqZ/jBs2Qi/dPUpc=
866866
k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
867867
k8s.io/gengo v0.0.0-20200428234225-8167cfdcfc14/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
868868
k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
869869
k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
870870
k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
871871
k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
872-
k8s.io/kms v0.28.1 h1:QLNTIc0k7Yebkt9yobj9Y9qBoRCMB4dq+pFCxVXVBnY=
873-
k8s.io/kms v0.28.1/go.mod h1:I2TwA8oerDRInHWWBOqSUzv1EJDC1+55FQKYkxaPxh0=
872+
k8s.io/kms v0.28.4 h1:PMgY/3CQTWP9eIKmNQiTgjLIZ0ns6O+voagzD2/4mSg=
873+
k8s.io/kms v0.28.4/go.mod h1:HL4/lR/bhjAJPbqycKtfhWiKh1Sp21cpHOL8P4oo87w=
874874
k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o=
875875
k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ=
876876
k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM=
877-
k8s.io/kubectl v0.28.1 h1:jAq4yKEqQL+fwkWcEsUWxhJ7uIRcOYQraJxx4SyAMTY=
878-
k8s.io/kubectl v0.28.1/go.mod h1:a0nk/lMMeKBulp0lMTJAKbkjZg1ykqfLfz/d6dnv1ak=
879-
k8s.io/kubelet v0.28.1 h1:QRfx+jrzNgkLnMSw/nxGkAN7cjHPO446MDbjPITxLkk=
880-
k8s.io/kubelet v0.28.1/go.mod h1:xYBbbJ0e2Rtb/hv+QFie448lFF81J990ImIptce2AHk=
881-
k8s.io/kubernetes v1.28.1 h1:ZQuukGbpVjSbMypkjNErpbsSHni6RPgoqz+2zDBsuMY=
882-
k8s.io/kubernetes v1.28.1/go.mod h1:rBQpjGYlLBV0KuOLw8EG45N5EBCskWiPpi0xy5liHMI=
883-
k8s.io/mount-utils v0.0.0-20230103133730-1df1a57439e2 h1:kfACKquxtsEA7XXDy+iC92lg/1stK0UtzAhf7R2Y8Fc=
884-
k8s.io/mount-utils v0.0.0-20230103133730-1df1a57439e2/go.mod h1:au99w4FWU5ZWelLb3Yx6kJc8RZ387IyWVM9tN65Yhxo=
877+
k8s.io/kubectl v0.28.4 h1:gWpUXW/T7aFne+rchYeHkyB8eVDl5UZce8G4X//kjUQ=
878+
k8s.io/kubectl v0.28.4/go.mod h1:CKOccVx3l+3MmDbkXtIUtibq93nN2hkDR99XDCn7c/c=
879+
k8s.io/kubelet v0.28.4 h1:Ypxy1jaFlSXFXbg/yVtFOU2ZxErBVRJfLu8+t4s7Dtw=
880+
k8s.io/kubelet v0.28.4/go.mod h1:w1wPI12liY/aeC70nqKYcNNkr6/nbyvdMB7P7wmww2o=
881+
k8s.io/kubernetes v1.28.4 h1:aRNxs5jb8FVTtlnxeA4FSDBVKuFwA8Gw40/U2zReBYA=
882+
k8s.io/kubernetes v1.28.4/go.mod h1:BTzDCKYAlu6LL9ITbfjwgwIrJ30hlTgbv0eXDoA/WoA=
883+
k8s.io/mount-utils v0.28.4 h1:5GOZLm2dXi2fr+MKY8hS6kdV5reXrZBiK7848O5MVD0=
884+
k8s.io/mount-utils v0.28.4/go.mod h1:ceMAZ+Nzlk8zOwN205YXXGJRGmf1o0/XIwsKnG44p0I=
885885
k8s.io/pod-security-admission v0.27.4 h1:AA32ID+ECNJoUU8yuzLt4WzKPDZg7zMmP2cZ9rVsFyE=
886886
k8s.io/pod-security-admission v0.27.4/go.mod h1:GOcnrXk8TT5cPhtCxdlkOAvBnX3QmZiMHqPw9PbZhPs=
887887
k8s.io/utils v0.0.0-20200729134348-d5654de09c73/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=

vendor/github.com/google/cel-go/checker/cost.go

Lines changed: 23 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/k8s.io/api/batch/v1/generated.proto

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/k8s.io/api/batch/v1/types.go

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go

Lines changed: 9 additions & 6 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go

Lines changed: 13 additions & 9 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/dispatcher.go

Lines changed: 16 additions & 11 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)