Skip to content

Commit

Permalink
chore(sec): fix vulns by bumping pkgs to patched ver (#6060)
Browse files Browse the repository at this point in the history
* chore(sec): fix vulns by bumping pkgs to patched ver

Signed-off-by: hainenber <dotronghai96@gmail.com>

* chore(doc): add CHANGELOG entry

Signed-off-by: hainenber <dotronghai96@gmail.com>

* fix(ci): accomodate func signature change

Signed-off-by: hainenber <dotronghai96@gmail.com>

---------

Signed-off-by: hainenber <dotronghai96@gmail.com>
hainenber authored Jan 8, 2024
1 parent cbdfc87 commit c30cae4
Showing 4 changed files with 165 additions and 163 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -10,6 +10,12 @@ internal API changes are not present.
Main (unreleased)
-----------------

### Security fixes
- Fixes following vulnerabilities (@hainenber)
- [GO-2023-2409](https://github.com/advisories/GHSA-mhpq-9638-x6pw)
- [GO-2023-2412](https://github.com/advisories/GHSA-7ww5-4wqc-m92c)
- [CVE-2023-49568](https://github.com/advisories/GHSA-mw99-9chc-xw7r)

v0.39.0-rc.0 (2024-01-05)
-------------------------

86 changes: 45 additions & 41 deletions go.mod
Original file line number Diff line number Diff line change
@@ -14,13 +14,13 @@ require (
github.com/alecthomas/kingpin/v2 v2.4.0
github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137
github.com/aws/aws-sdk-go v1.45.25
github.com/aws/aws-sdk-go-v2 v1.21.1
github.com/aws/aws-sdk-go-v2/config v1.18.44
github.com/aws/aws-sdk-go-v2 v1.24.0
github.com/aws/aws-sdk-go-v2/config v1.26.2
github.com/aws/aws-sdk-go-v2/service/s3 v1.34.1
github.com/bmatcuk/doublestar v1.3.4
github.com/bufbuild/connect-go v1.10.0
github.com/buger/jsonparser v1.1.1
github.com/burningalchemist/sql_exporter v0.0.0-20221222155641-2ff59aa75200
github.com/burningalchemist/sql_exporter v0.0.0-20240103092044-466b38b6abc4
github.com/cespare/xxhash/v2 v2.2.0
github.com/cilium/ebpf v0.12.3 // indirect
github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf
@@ -34,10 +34,10 @@ require (
github.com/fortytw2/leaktest v1.3.0
github.com/fsnotify/fsnotify v1.6.0
github.com/github/smimesign v0.2.0
github.com/go-git/go-git/v5 v5.4.2
github.com/go-git/go-git/v5 v5.11.0
github.com/go-kit/log v0.2.1
github.com/go-logfmt/logfmt v0.6.0
github.com/go-logr/logr v1.3.0
github.com/go-logr/logr v1.4.1
github.com/go-sourcemap/sourcemap v2.1.3+incompatible
github.com/go-sql-driver/mysql v1.7.1
github.com/gogo/protobuf v1.3.2
@@ -87,7 +87,7 @@ require (
github.com/jmespath/go-jmespath v0.4.0
github.com/json-iterator/go v1.1.12
github.com/klauspost/compress v1.17.3
github.com/lib/pq v1.10.7
github.com/lib/pq v1.10.9
github.com/mackerelio/go-osstat v0.2.3
github.com/miekg/dns v1.1.56
github.com/mitchellh/mapstructure v1.5.1-0.20220423185008-bf980b35cac4
@@ -212,16 +212,16 @@ require (
go.uber.org/goleak v1.2.1
go.uber.org/multierr v1.11.0
go.uber.org/zap v1.26.0
golang.org/x/crypto v0.15.0
golang.org/x/crypto v0.17.0
golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa
golang.org/x/net v0.18.0
golang.org/x/net v0.19.0
golang.org/x/oauth2 v0.13.0
golang.org/x/sys v0.15.0
golang.org/x/text v0.14.0
golang.org/x/time v0.3.0
google.golang.org/api v0.147.0
google.golang.org/grpc v1.59.0
google.golang.org/protobuf v1.31.0
google.golang.org/protobuf v1.32.0
gopkg.in/yaml.v2 v2.4.0
gopkg.in/yaml.v3 v3.0.1
gotest.tools v2.2.0+incompatible
@@ -271,8 +271,7 @@ require (
github.com/Microsoft/go-winio v0.6.1 // indirect
github.com/Microsoft/hcsshim v0.11.4 // indirect
github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20210920160938-87db9fbc61c7 // indirect
github.com/acomagu/bufpipe v1.0.3 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
github.com/alecthomas/participle/v2 v2.1.0 // indirect
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
github.com/andybalholm/brotli v1.0.5 // indirect
@@ -283,21 +282,21 @@ require (
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
github.com/avvmoto/buf-readerat v0.0.0-20171115124131-a17c8cb89270 // indirect
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.13.42 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.12 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.16.13 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 // indirect
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.69 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.42 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.36 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.44 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 // indirect
github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.26 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.29 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.36 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.3 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.15.1 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.2 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.23.1 // indirect
github.com/aws/smithy-go v1.15.0 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.26.6 // indirect
github.com/aws/smithy-go v1.19.0 // indirect
github.com/beevik/ntp v1.3.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/blang/semver v3.5.2-0.20180723201105-3c1074078d32+incompatible // indirect
@@ -313,7 +312,7 @@ require (
github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 // indirect
github.com/containerd/cgroups v1.1.0 // indirect
github.com/containerd/console v1.0.3 // indirect
github.com/containerd/containerd v1.7.6 // indirect
github.com/containerd/containerd v1.7.11 // indirect
github.com/containerd/continuity v0.4.2 // indirect
github.com/containerd/ttrpc v1.2.2 // indirect
github.com/coreos/go-semver v0.3.1 // indirect
@@ -332,7 +331,7 @@ require (
github.com/docker/distribution v2.8.2+incompatible // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/dustin/go-humanize v1.0.1 // indirect
github.com/dvsekhvalnov/jose2go v1.5.0 // indirect
github.com/dvsekhvalnov/jose2go v1.6.0 // indirect
github.com/eapache/go-resiliency v1.4.0 // indirect
github.com/eapache/go-xerial-snappy v0.0.0-20230731223053-c322873962e3 // indirect
github.com/eapache/queue v1.1.0 // indirect
@@ -342,7 +341,7 @@ require (
github.com/elastic/go-windows v1.0.1 // indirect
github.com/ema/qdisc v1.0.0 // indirect
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
github.com/emirpasic/gods v1.12.0 // indirect
github.com/emirpasic/gods v1.18.1 // indirect
github.com/envoyproxy/go-control-plane v0.11.1 // indirect
github.com/envoyproxy/protoc-gen-validate v1.0.2 // indirect
github.com/euank/go-kmsg-parser v2.0.0+incompatible // indirect
@@ -354,8 +353,8 @@ require (
github.com/felixge/httpsnoop v1.0.3 // indirect
github.com/form3tech-oss/jwt-go v3.2.5+incompatible // indirect
github.com/gabriel-vasile/mimetype v1.4.2 // indirect
github.com/go-git/gcfg v1.5.0 // indirect
github.com/go-git/go-billy/v5 v5.3.1 // indirect
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
github.com/go-git/go-billy/v5 v5.5.0 // indirect
github.com/go-kit/kit v0.13.0 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-ole/go-ole v1.3.0 // indirect
@@ -379,7 +378,7 @@ require (
github.com/gogo/googleapis v1.4.1 // indirect
github.com/gogo/status v1.1.1 // indirect
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe // indirect
github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 // indirect
github.com/golang-sql/sqlexp v0.1.0 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/gomodule/redigo v1.8.9 // indirect
@@ -428,13 +427,13 @@ require (
github.com/influxdata/telegraf v1.16.3 // indirect
github.com/ionos-cloud/sdk-go/v6 v6.1.9 // indirect
github.com/jackc/chunkreader/v2 v2.0.1 // indirect
github.com/jackc/pgconn v1.13.0 // indirect
github.com/jackc/pgconn v1.14.0 // indirect
github.com/jackc/pgio v1.0.0 // indirect
github.com/jackc/pgpassfile v1.0.0 // indirect
github.com/jackc/pgproto3/v2 v2.3.1 // indirect
github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b // indirect
github.com/jackc/pgtype v1.12.0 // indirect
github.com/jackc/pgx/v4 v4.17.2 // indirect
github.com/jackc/pgproto3/v2 v2.3.2 // indirect
github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
github.com/jackc/pgtype v1.14.0 // indirect
github.com/jackc/pgx/v4 v4.18.1 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/jcmturner/aescts/v2 v2.0.0 // indirect
github.com/jcmturner/dnsutils/v2 v2.0.0 // indirect
@@ -448,7 +447,7 @@ require (
github.com/jpillora/backoff v1.0.0 // indirect
github.com/jsimonetti/rtnetlink v1.3.5 // indirect
github.com/karrick/godirwalk v1.17.0 // indirect
github.com/kevinburke/ssh_config v1.1.0 // indirect
github.com/kevinburke/ssh_config v1.2.0 // indirect
github.com/klauspost/asmfmt v1.3.2 // indirect
github.com/klauspost/cpuid/v2 v2.2.5 // indirect
github.com/knadh/koanf v1.5.0 // indirect
@@ -470,7 +469,7 @@ require (
github.com/mdlayher/netlink v1.7.2 // indirect
github.com/mdlayher/socket v0.4.1 // indirect
github.com/mdlayher/wifi v0.1.0 // indirect
github.com/microsoft/go-mssqldb v0.19.0 // indirect
github.com/microsoft/go-mssqldb v1.6.0 // indirect
github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible // indirect
github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
@@ -516,7 +515,7 @@ require (
github.com/prometheus-community/go-runit v0.1.0 // indirect
github.com/prometheus/alertmanager v0.26.0 // indirect
github.com/prometheus/common/sigv4 v0.1.0
github.com/prometheus/exporter-toolkit v0.10.1-0.20230714054209-2f4150c63f97 // indirect
github.com/prometheus/exporter-toolkit v0.11.0 // indirect
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
github.com/remeh/sizedwaitgroup v1.0.0 // indirect
github.com/renier/xmlrpc v0.0.0-20170708154548-ce4a1a486c03 // indirect
@@ -533,7 +532,7 @@ require (
github.com/shopspring/decimal v1.2.0 // indirect
github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c // indirect
github.com/shurcooL/vfsgen v0.0.0-20200824052919-0d455de96546 // indirect
github.com/snowflakedb/gosnowflake v1.6.22 // indirect
github.com/snowflakedb/gosnowflake v1.7.2-0.20240103203018-f1d625f17408 // indirect
github.com/softlayer/softlayer-go v0.0.0-20180806151055-260589d94c7d // indirect
github.com/soheilhy/cmux v0.1.5 // indirect
github.com/spf13/afero v1.9.5 // indirect
@@ -551,14 +550,14 @@ require (
github.com/tklauser/numcpus v0.6.1 // indirect
github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80 // indirect
github.com/uber/jaeger-lib v2.4.1+incompatible // indirect
github.com/vertica/vertica-sql-go v1.3.0 // indirect
github.com/vertica/vertica-sql-go v1.3.3 // indirect
github.com/vishvananda/netlink v1.2.1-beta.2 // indirect
github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f // indirect
github.com/vmware/govmomi v0.32.0 // indirect
github.com/vultr/govultr/v2 v2.17.2 // indirect
github.com/willf/bitset v1.1.11 // indirect
github.com/willf/bloom v2.0.3+incompatible // indirect
github.com/xanzy/ssh-agent v0.3.1 // indirect
github.com/xanzy/ssh-agent v0.3.3 // indirect
github.com/xdg-go/pbkdf2 v1.0.0 // indirect
github.com/xdg-go/stringprep v1.0.4 // indirect
github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c // indirect
@@ -567,7 +566,7 @@ require (
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
github.com/xhit/go-str2duration/v2 v2.1.0 // indirect
github.com/xo/dburl v0.13.0 // indirect
github.com/xo/dburl v0.20.0 // indirect
github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d // indirect
github.com/yusufpapurcu/wmi v1.2.3 // indirect
go.etcd.io/etcd/api/v3 v3.5.9 // indirect
@@ -583,7 +582,7 @@ require (
go4.org/netipx v0.0.0-20230125063823-8449b0a6169f // indirect
golang.org/x/mod v0.14.0 // indirect
golang.org/x/sync v0.5.0 // indirect
golang.org/x/term v0.14.0 // indirect
golang.org/x/term v0.15.0 // indirect
golang.org/x/tools v0.15.0 // indirect
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
@@ -623,7 +622,10 @@ require (
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v2 v2.2.1 // indirect
github.com/Shopify/sarama v1.38.1 // indirect
github.com/Workiva/go-datastructures v1.1.0 // indirect
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.26.0 // indirect
github.com/channelmeter/iso8601duration v0.0.0-20150204201828-8da3af7a2a61 // indirect
github.com/cloudflare/circl v1.3.3 // indirect
github.com/containerd/log v0.1.0 // indirect
github.com/drone/envsubst v1.0.3 // indirect
github.com/go-jose/go-jose/v3 v3.0.1 // indirect
github.com/golang-jwt/jwt/v5 v5.0.0 // indirect
@@ -642,8 +644,10 @@ require (
github.com/open-telemetry/opentelemetry-collector-contrib/pkg/translator/prometheusremotewrite v0.87.0 // indirect
github.com/openshift/api v3.9.0+incompatible // indirect
github.com/openshift/client-go v0.0.0-20210521082421-73d9475a9142 // indirect
github.com/pjbgf/sha1cd v0.3.0 // indirect
github.com/prometheus-community/prom-label-proxy v0.6.0 // indirect
github.com/sercand/kuberesolver/v4 v4.0.0 // indirect
github.com/skeema/knownhosts v1.2.1 // indirect
github.com/sony/gobreaker v0.5.0 // indirect
github.com/tidwall/gjson v1.10.2 // indirect
github.com/tidwall/match v1.1.1 // indirect
232 changes: 110 additions & 122 deletions go.sum

Large diffs are not rendered by default.

4 changes: 4 additions & 0 deletions pkg/integrations/mssql/sql_exporter.go
Original file line number Diff line number Diff line change
@@ -114,6 +114,9 @@ func (c *Config) NewIntegration(l log.Logger) (integrations.Integration, error)
collectorConfig = *customCollectorConfig
}

// TODO(hainenber): expose below attr as config
enablePing := false

t, err := sql_exporter.NewTarget(
"mssqlintegration",
"",
@@ -128,6 +131,7 @@ func (c *Config) NewIntegration(l log.Logger) (integrations.Integration, error)
MaxConns: c.MaxOpenConnections,
MaxIdleConns: c.MaxIdleConnections,
},
&enablePing,
)

if err != nil {

0 comments on commit c30cae4

Please sign in to comment.