From f4ed03292dc11f1908c0b25213edb75ffd99195c Mon Sep 17 00:00:00 2001 From: "jesus m. rodriguez" Date: Fri, 17 Jul 2020 22:34:38 -0400 Subject: [PATCH] Update golang.org/x/text to v0.3.3 --- changelog/fragments/fix-cve-2020-14040.yaml | 10 ++++++++++ go.mod | 1 + go.sum | 7 ------- 3 files changed, 11 insertions(+), 7 deletions(-) create mode 100644 changelog/fragments/fix-cve-2020-14040.yaml diff --git a/changelog/fragments/fix-cve-2020-14040.yaml b/changelog/fragments/fix-cve-2020-14040.yaml new file mode 100644 index 0000000000..45816e20a6 --- /dev/null +++ b/changelog/fragments/fix-cve-2020-14040.yaml @@ -0,0 +1,10 @@ +# entries is a list of entries to include in +# release notes and/or the migration guide +entries: + - description: > + Fix CVE-2020-14040 by upgrading to golang.org/x/text v0.3.3 + + kind: "change" + + # Is this a breaking change? + breaking: false diff --git a/go.mod b/go.mod index 516b60e6a8..db44feb8da 100644 --- a/go.mod +++ b/go.mod @@ -57,5 +57,6 @@ require ( replace ( github.com/Azure/go-autorest => github.com/Azure/go-autorest v13.3.2+incompatible // Required by OLM github.com/mattn/go-sqlite3 => github.com/mattn/go-sqlite3 v1.10.0 + golang.org/x/text => golang.org/x/text v0.3.3 // Required to fix CVE-2020-14040 k8s.io/client-go => k8s.io/client-go v0.18.2 ) diff --git a/go.sum b/go.sum index ea1bae5145..30f9a39961 100644 --- a/go.sum +++ b/go.sum @@ -1166,13 +1166,6 @@ golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae h1:Ih9Yo4hSPImZOpfGuA4bR/ORKTAbhZo2AbWNRCnevdo= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180805044716-cb6730876b98/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=