Skip to content

Commit 25e7204

Browse files
jakedoublevjakedoublev
authored
fix(deps): bump github.com/docker/compose/v2 and related deps in tests-bdd module (#2883)
govulncheck: ``` Vulnerability #1: GO-2025-4077 Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations in github.com/docker/compose More info: https://pkg.go.dev/vuln/GO-2025-4077 Module: github.com/docker/compose/v2 Found in: github.com/docker/compose/v2@v2.39.1 Fixed in: github.com/docker/compose/v2@v2.40.2 Example traces found: ... ``` DSPX-1901 Release [v2.40.1](https://github.com/docker/compose/releases/tag/v2.40.1) bumped the go version minimum to `1.24.9`, so this requires removal of the `toolchain` directive in the `go.mod` and `go.work` now that a workspace module directly requires that go version.
1 parent a12d1d4 commit 25e7204

File tree

3 files changed

+77
-118
lines changed

3 files changed

+77
-118
lines changed

go.work

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,11 @@
1-
go 1.24.0
2-
3-
toolchain go1.24.9
1+
go 1.24.9
42

53
use (
64
./examples
75
./lib/fixtures
86
./lib/flattening
9-
./lib/ocrypto
107
./lib/identifier
8+
./lib/ocrypto
119
./protocol/go
1210
./sdk
1311
./service

tests-bdd/go.mod

Lines changed: 24 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,6 @@
11
module github.com/opentdf/platform/tests-bdd
22

3-
go 1.24.0
4-
5-
toolchain go1.24.4
3+
go 1.24.9
64

75
require (
86
github.com/cucumber/godog v0.15.0
@@ -12,9 +10,9 @@ require (
1210
github.com/opentdf/platform/protocol/go v0.5.0
1311
github.com/opentdf/platform/sdk v0.5.0
1412
github.com/opentdf/platform/service v0.7.2
15-
github.com/spf13/pflag v1.0.7
16-
github.com/testcontainers/testcontainers-go v0.37.0
17-
github.com/testcontainers/testcontainers-go/modules/compose v0.37.0
13+
github.com/spf13/pflag v1.0.10
14+
github.com/testcontainers/testcontainers-go v0.39.0
15+
github.com/testcontainers/testcontainers-go/modules/compose v0.39.1
1816
gopkg.in/yaml.v2 v2.4.0
1917
)
2018

@@ -27,7 +25,6 @@ require (
2725
connectrpc.com/grpcreflect v1.3.0 // indirect
2826
connectrpc.com/validate v0.3.0 // indirect
2927
dario.cat/mergo v1.0.2 // indirect
30-
github.com/AlecAivazis/survey/v2 v2.3.7 // indirect
3128
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
3229
github.com/DefangLabs/secret-detector v0.0.0-20250403165618-22662109213e // indirect
3330
github.com/Masterminds/semver/v3 v3.4.0 // indirect
@@ -60,10 +57,10 @@ require (
6057
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
6158
github.com/cenkalti/backoff/v5 v5.0.2 // indirect
6259
github.com/cespare/xxhash/v2 v2.3.0 // indirect
63-
github.com/compose-spec/compose-go/v2 v2.8.1 // indirect
60+
github.com/compose-spec/compose-go/v2 v2.9.1 // indirect
6461
github.com/containerd/console v1.0.5 // indirect
6562
github.com/containerd/containerd/api v1.9.0 // indirect
66-
github.com/containerd/containerd/v2 v2.1.3 // indirect
63+
github.com/containerd/containerd/v2 v2.1.4 // indirect
6764
github.com/containerd/continuity v0.4.5 // indirect
6865
github.com/containerd/errdefs v1.0.0 // indirect
6966
github.com/containerd/errdefs/pkg v0.3.0 // indirect
@@ -79,15 +76,15 @@ require (
7976
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect
8077
github.com/dgraph-io/ristretto v0.2.0 // indirect
8178
github.com/distribution/reference v0.6.0 // indirect
82-
github.com/docker/buildx v0.26.1 // indirect
83-
github.com/docker/cli v28.3.3+incompatible // indirect
79+
github.com/docker/buildx v0.29.1 // indirect
80+
github.com/docker/cli v28.5.1+incompatible // indirect
8481
github.com/docker/cli-docs-tool v0.10.0 // indirect
85-
github.com/docker/compose/v2 v2.39.1 // indirect
82+
github.com/docker/compose/v2 v2.40.2 // indirect
8683
github.com/docker/distribution v2.8.3+incompatible // indirect
87-
github.com/docker/docker v28.3.3+incompatible // indirect
84+
github.com/docker/docker v28.5.1+incompatible // indirect
8885
github.com/docker/docker-credential-helpers v0.9.3 // indirect
8986
github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c // indirect
90-
github.com/docker/go-connections v0.5.0 // indirect
87+
github.com/docker/go-connections v0.6.0 // indirect
9188
github.com/docker/go-metrics v0.0.1 // indirect
9289
github.com/docker/go-units v0.5.0 // indirect
9390
github.com/dustin/go-humanize v1.0.1 // indirect
@@ -150,7 +147,6 @@ require (
150147
github.com/jonboulle/clockwork v0.5.0 // indirect
151148
github.com/josharian/intern v1.0.0 // indirect
152149
github.com/json-iterator/go v1.1.12 // indirect
153-
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
154150
github.com/klauspost/compress v1.18.0 // indirect
155151
github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
156152
github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
@@ -164,17 +160,13 @@ require (
164160
github.com/lufia/plan9stats v0.0.0-20250317134145-8bc96cf8fc35 // indirect
165161
github.com/magiconair/properties v1.8.10 // indirect
166162
github.com/mailru/easyjson v0.9.0 // indirect
167-
github.com/mattn/go-colorable v0.1.14 // indirect
168-
github.com/mattn/go-isatty v0.0.20 // indirect
169163
github.com/mattn/go-runewidth v0.0.16 // indirect
170164
github.com/mattn/go-shellwords v1.0.12 // indirect
171165
github.com/mfridman/interpolate v0.0.2 // indirect
172-
github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect
173166
github.com/miekg/dns v1.1.58 // indirect
174167
github.com/miekg/pkcs11 v1.1.1 // indirect
175168
github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect
176-
github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c // indirect
177-
github.com/moby/buildkit v0.23.0-rc1.0.20250618182037-9b91d20367db // indirect
169+
github.com/moby/buildkit v0.25.1 // indirect
178170
github.com/moby/docker-image-spec v1.3.1 // indirect
179171
github.com/moby/go-archive v0.1.0 // indirect
180172
github.com/moby/locker v1.0.1 // indirect
@@ -222,16 +214,16 @@ require (
222214
github.com/serialx/hashring v0.0.0-20200727003509-22c0c7ab6b1b // indirect
223215
github.com/sethvargo/go-retry v0.3.0 // indirect
224216
github.com/shibumi/go-pathspec v1.3.0 // indirect
225-
github.com/shirou/gopsutil/v4 v4.25.5 // indirect
217+
github.com/shirou/gopsutil/v4 v4.25.6 // indirect
226218
github.com/sirupsen/logrus v1.9.3 // indirect
227219
github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
228220
github.com/sourcegraph/conc v0.3.0 // indirect
229221
github.com/spf13/afero v1.12.0 // indirect
230222
github.com/spf13/cast v1.7.1 // indirect
231-
github.com/spf13/cobra v1.9.1 // indirect
223+
github.com/spf13/cobra v1.10.1 // indirect
232224
github.com/spf13/viper v1.20.1 // indirect
233225
github.com/stoewer/go-strcase v1.3.0 // indirect
234-
github.com/stretchr/testify v1.10.0 // indirect
226+
github.com/stretchr/testify v1.11.1 // indirect
235227
github.com/subosito/gotenv v1.6.0 // indirect
236228
github.com/tchap/go-patricia/v2 v2.3.2 // indirect
237229
github.com/theupdateframework/notary v0.7.0 // indirect
@@ -251,7 +243,7 @@ require (
251243
github.com/xhit/go-str2duration/v2 v2.1.0 // indirect
252244
github.com/yashtewari/glob-intersection v0.2.0 // indirect
253245
github.com/yusufpapurcu/wmi v1.2.4 // indirect
254-
github.com/zclconf/go-cty v1.16.2 // indirect
246+
github.com/zclconf/go-cty v1.17.0 // indirect
255247
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
256248
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 // indirect
257249
go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.60.0 // indirect
@@ -268,22 +260,22 @@ require (
268260
go.opentelemetry.io/otel/sdk/metric v1.36.0 // indirect
269261
go.opentelemetry.io/otel/trace v1.36.0 // indirect
270262
go.opentelemetry.io/proto/otlp v1.6.0 // indirect
271-
go.uber.org/mock v0.5.2 // indirect
263+
go.uber.org/mock v0.6.0 // indirect
272264
go.uber.org/multierr v1.11.0 // indirect
273265
go.yaml.in/yaml/v3 v3.0.4 // indirect
274-
golang.org/x/crypto v0.39.0 // indirect
266+
golang.org/x/crypto v0.42.0 // indirect
275267
golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6 // indirect
276-
golang.org/x/net v0.41.0 // indirect
268+
golang.org/x/net v0.43.0 // indirect
277269
golang.org/x/oauth2 v0.30.0 // indirect
278-
golang.org/x/sync v0.16.0 // indirect
279-
golang.org/x/sys v0.34.0 // indirect
280-
golang.org/x/term v0.32.0 // indirect
281-
golang.org/x/text v0.26.0 // indirect
270+
golang.org/x/sync v0.17.0 // indirect
271+
golang.org/x/sys v0.37.0 // indirect
272+
golang.org/x/term v0.35.0 // indirect
273+
golang.org/x/text v0.29.0 // indirect
282274
golang.org/x/time v0.12.0 // indirect
283275
google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822 // indirect
284276
google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 // indirect
285277
google.golang.org/grpc v1.74.2 // indirect
286-
google.golang.org/protobuf v1.36.6 // indirect
278+
google.golang.org/protobuf v1.36.9 // indirect
287279
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
288280
gopkg.in/inf.v0 v0.9.1 // indirect
289281
gopkg.in/ini.v1 v1.67.0 // indirect

0 commit comments

Comments
 (0)