1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2025-02-24 13:32:00 +00:00
Commit Graph

160 Commits

Author SHA1 Message Date
Masashi Honma
fcb6517b8b
Bump golang from 1.23.5 to 1.23.6 to fix CVE-2025-22866 (#1800)
This is the scan result of Trivy.

usr/local/bin/kube-bench (gobinary)
===================================
Total: 1 (UNKNOWN: 1, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬──────────────────────────────┬────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │        Fixed Version         │                   Title                    │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼──────────────────────────────┼────────────────────────────────────────────┤
│ stdlib  │ CVE-2025-22866 │ UNKNOWN  │ fixed  │ 1.23.5            │ 1.22.12, 1.23.6, 1.24.0-rc.3 │ Timing sidechannel for P-256 on ppc64le in │
│         │                │          │        │                   │                              │ crypto/internal/nistec                     │
│         │                │          │        │                   │                              │ https://avd.aquasec.com/nvd/cve-2025-22866 │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴──────────────────────────────┴────────────────────────────────────────────┘

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2025-02-10 12:11:21 +06:00
dependabot[bot]
c04b700d8a
build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1794)
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.55.3 to 1.55.8.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/iot/v1.55.3...service/wafv2/v1.55.8)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-04 18:01:51 +06:00
dependabot[bot]
4d82ee7f9a
build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1795)
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.28.10 to 1.29.4.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.28.10...config/v1.29.4)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-04 17:43:45 +06:00
dependabot[bot]
62a54424cb
build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.32.8 to 1.36.0 (#1796)
Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.32.8 to 1.36.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.32.8...v1.36.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-04 17:30:37 +06:00
dependabot[bot]
a7bd33cd02
build(deps): bump k8s.io/client-go from 0.32.0 to 0.32.1 (#1785)
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.32.0 to 0.32.1.
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.32.0...v0.32.1)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-04 17:18:32 +06:00
Masashi Honma
c9985a6e9b
Bump golang from 1.23.4 to 1.23.5 to fix vulnerabilities. (#1793)
This is the scan result of Trivy.

usr/local/bin/kube-bench (gobinary)

Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │        Fixed Version        │                            Title                             │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-45336 │ MEDIUM   │ fixed  │ v1.23.4           │ 1.22.11, 1.23.5, 1.24.0-rc2 │ golang: net/http: net/http: sensitive headers incorrectly    │
│         │                │          │        │                   │                             │ sent after cross-domain redirect                             │
│         │                │          │        │                   │                             │ https://avd.aquasec.com/nvd/cve-2024-45336                   │
│         ├────────────────┤          │        │                   │                             ├──────────────────────────────────────────────────────────────┤
│         │ CVE-2024-45341 │          │        │                   │                             │ golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can │
│         │                │          │        │                   │                             │ bypass URI name...                                           │
│         │                │          │        │                   │                             │ https://avd.aquasec.com/nvd/cve-2024-45341                   │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────────────────┴──────────────────────────────────────────────────────────────┘

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2025-02-04 17:06:14 +06:00
dependabot[bot]
368a8b5017
build(deps): bump k8s.io/apimachinery from 0.32.0 to 0.32.1 (#1782)
Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.32.0 to 0.32.1.
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.32.0...v0.32.1)

---
updated-dependencies:
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-04 16:55:04 +06:00
afdesk
08574d779f
chore: bump up Go version to 1.23.4 (#1776)
* chore; bump up Go version to 1.23.4

* chore(ci): set up a timeout for go linter

* chore: remove deprecated linter checks

* chore: bump up golinter timeout to 10sec

* chore: bump up golinter action version to v1.61

* chore: fix linter errors

* chore: set up a timeout for golinter in Github action
2025-01-15 23:02:16 +06:00
dependabot[bot]
4e70640598
build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1770)
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.55.0 to 1.55.3.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.55.0...service/iot/v1.55.3)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-15 15:46:30 +06:00
dependabot[bot]
362e95a219
build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1769)
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.28.6 to 1.28.10.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.28.6...config/v1.28.10)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-15 15:01:02 +06:00
dependabot[bot]
9e526e6c5f
build(deps): bump github.com/golang/glog from 1.2.3 to 1.2.4 (#1774)
Bumps [github.com/golang/glog](https://github.com/golang/glog) from 1.2.3 to 1.2.4.
- [Release notes](https://github.com/golang/glog/releases)
- [Commits](https://github.com/golang/glog/compare/v1.2.3...v1.2.4)

---
updated-dependencies:
- dependency-name: github.com/golang/glog
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-14 15:50:02 +06:00
dependabot[bot]
2cab7f9ecb
build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.32.6 to 1.32.8 (#1771)
Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.32.6 to 1.32.8.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.32.6...v1.32.8)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-13 10:53:57 +06:00
jdesouza
acab94ea50
CVE-2024-45338: Inefficient Regular Expression Complexity (#1766) 2025-01-13 10:36:52 +06:00
dependabot[bot]
e26eff019c
build(deps): bump golang.org/x/crypto from 0.24.0 to 0.31.0 (#1754)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.24.0 to 0.31.0.
- [Commits](https://github.com/golang/crypto/compare/v0.24.0...v0.31.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-12 14:53:40 +06:00
dependabot[bot]
cce6b9d24f
build(deps): bump github.com/magiconair/properties from 1.8.7 to 1.8.9 (#1750)
Bumps [github.com/magiconair/properties](https://github.com/magiconair/properties) from 1.8.7 to 1.8.9.
- [Release notes](https://github.com/magiconair/properties/releases)
- [Commits](https://github.com/magiconair/properties/compare/v1.8.7...v1.8.9)

---
updated-dependencies:
- dependency-name: github.com/magiconair/properties
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-12 13:39:04 +06:00
dependabot[bot]
3ee8299bc4
build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1743)
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.28.4 to 1.28.6.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.28.4...config/v1.28.6)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-05 15:56:34 +06:00
dependabot[bot]
6aa242e2e5
build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1745)
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.54.6 to 1.55.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/kendra/v1.54.6...service/s3/v1.55.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-05 15:43:04 +06:00
dependabot[bot]
6da5ff4026
build(deps): bump gorm.io/driver/postgres from 1.5.9 to 1.5.11 (#1742)
Bumps [gorm.io/driver/postgres](https://github.com/go-gorm/postgres) from 1.5.9 to 1.5.11.
- [Commits](https://github.com/go-gorm/postgres/compare/v1.5.9...v1.5.11)

---
updated-dependencies:
- dependency-name: gorm.io/driver/postgres
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-05 15:25:34 +06:00
dependabot[bot]
09aa59e0cc
build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#1736)
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.9.0...v1.10.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-29 13:20:56 +06:00
dependabot[bot]
2500ceed5b
build(deps): bump k8s.io/client-go from 0.31.2 to 0.31.3 (#1738)
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.31.2 to 0.31.3.
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.31.2...v0.31.3)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-29 12:41:36 +06:00
dependabot[bot]
7ce327f1db
build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1728)
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.27.37 to 1.28.4.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.37...config/v1.28.4)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-15 18:21:14 +06:00
dependabot[bot]
8656945200
build(deps): bump github.com/golang/glog from 1.2.2 to 1.2.3 (#1726)
Bumps [github.com/golang/glog](https://github.com/golang/glog) from 1.2.2 to 1.2.3.
- [Release notes](https://github.com/golang/glog/releases)
- [Commits](https://github.com/golang/glog/compare/v1.2.2...v1.2.3)

---
updated-dependencies:
- dependency-name: github.com/golang/glog
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-15 17:53:09 +06:00
dependabot[bot]
702107daff
build(deps): bump github.com/spf13/viper from 1.18.2 to 1.19.0 (#1720)
Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.18.2 to 1.19.0.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.18.2...v1.19.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-15 17:34:30 +06:00
dependabot[bot]
5fac7f626b
build(deps): bump github.com/fatih/color from 1.16.0 to 1.18.0 (#1719)
Bumps [github.com/fatih/color](https://github.com/fatih/color) from 1.16.0 to 1.18.0.
- [Release notes](https://github.com/fatih/color/releases)
- [Commits](https://github.com/fatih/color/compare/v1.16.0...v1.18.0)

---
updated-dependencies:
- dependency-name: github.com/fatih/color
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-15 16:14:30 +06:00
dependabot[bot]
9f0f5567ae
build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1724)
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.54.4 to 1.54.6.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.54.4...service/lambda/v1.54.6)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-15 11:32:36 +06:00
dependabot[bot]
74f5c8b800
build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1716)
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.53.3 to 1.54.4.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/iot/v1.53.3...service/s3/v1.54.4)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-01 11:14:40 +06:00
dependabot[bot]
e2a97f49f5
build(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#1718)
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.8.0...v1.8.1)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-01 10:31:03 +06:00
dependabot[bot]
b4000f677b
build(deps): bump gorm.io/gorm from 1.25.10 to 1.25.12 (#1714)
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.25.10 to 1.25.12.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](https://github.com/go-gorm/gorm/compare/v1.25.10...v1.25.12)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 15:37:35 +06:00
dependabot[bot]
8a695eb8d1
build(deps): bump k8s.io/client-go from 0.29.3 to 0.31.2 (#1712)
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.29.3 to 0.31.2.
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.29.3...v0.31.2)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 10:26:08 +06:00
dependabot[bot]
ddb586d441
build(deps): bump k8s.io/apimachinery from 0.29.3 to 0.31.1 (#1681)
* build(deps): bump k8s.io/apimachinery from 0.29.3 to 0.31.1

Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.29.3 to 0.31.1.
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.29.3...v0.31.1)

---
updated-dependencies:
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* skip go toolchain

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-24 12:51:14 +06:00
afdesk
5568895095
chore: add go toolchain version (#1710)
* chore: add go toolchain version

* bump up toolchain to 1.22.7
2024-10-24 12:40:41 +06:00
dependabot[bot]
1d8f80e846
build(deps): bump github.com/golang/glog from 1.2.0 to 1.2.2 (#1702)
Bumps [github.com/golang/glog](https://github.com/golang/glog) from 1.2.0 to 1.2.2.
- [Release notes](https://github.com/golang/glog/releases)
- [Commits](https://github.com/golang/glog/compare/v1.2.0...v1.2.2)

---
updated-dependencies:
- dependency-name: github.com/golang/glog
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-15 11:14:14 +06:00
dependabot[bot]
e47725299e
build(deps): bump gorm.io/driver/postgres from 1.5.6 to 1.5.9 (#1698)
Bumps [gorm.io/driver/postgres](https://github.com/go-gorm/postgres) from 1.5.6 to 1.5.9.
- [Commits](https://github.com/go-gorm/postgres/compare/v1.5.6...v1.5.9)

---
updated-dependencies:
- dependency-name: gorm.io/driver/postgres
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-10 10:37:41 +06:00
dependabot[bot]
c683e93968
build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1696)
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.53.1 to 1.53.3.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.53.1...service/iot/v1.53.3)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-04 12:21:07 +06:00
Wolfgang Reichert
f6877e3c17
Fix issue 1595: failed to output to ASFF (#1691)
A breaking change was introduced in aws-sdk-go-v2.
See https://github.com/aws/aws-sdk-go-v2/issues/2370#issuecomment-1953308268.

Mixing aws-sdk-go-v2 packages from versions before and after the breaking change causes kube-bench to fail. This issue occurs when it attempts to access AWS Security Hub.

Addressed issue: https://github.com/aquasecurity/kube-bench/issues/1595

Supersedes bot PR: https://github.com/aquasecurity/kube-bench/pull/1689
Besides upgrading to latest SDK version, some variable types need to be adapted.
2024-09-28 13:36:44 +06:00
mjshastha
f8b6f2fc19
chore: fixed vulns - bump Go version (#1687) 2024-09-24 12:12:40 +06:00
dependabot[bot]
65c484e85a
build(deps): bump k8s.io/client-go from 0.29.1 to 0.29.3 (#1587)
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.29.1 to 0.29.3.
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.29.1...v0.29.3)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2024-04-18 09:54:55 +03:00
dependabot[bot]
73e1377ce0
build(deps): bump github.com/jackc/pgx/v5 from 5.4.3 to 5.5.4 (#1586)
Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.4.3 to 5.5.4.
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgx/compare/v5.4.3...v5.5.4)

---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-06 08:59:45 +03:00
dependabot[bot]
dc8f4d37f0
build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.25.2 to 1.26.0 (#1589)
Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.25.2 to 1.26.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.25.2...v1.26.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2024-03-30 12:41:07 +03:00
dependabot[bot]
45afbd76c2
build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1577)
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.26.6 to 1.27.4.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.26.6...config/v1.27.4)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2024-03-08 15:36:33 +02:00
dependabot[bot]
57132a69fd
build(deps): bump gorm.io/driver/postgres from 1.5.4 to 1.5.6 (#1567)
Bumps [gorm.io/driver/postgres](https://github.com/go-gorm/postgres) from 1.5.4 to 1.5.6.
- [Commits](https://github.com/go-gorm/postgres/compare/v1.5.4...v1.5.6)

---
updated-dependencies:
- dependency-name: gorm.io/driver/postgres
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2024-02-19 10:27:44 +02:00
dependabot[bot]
30217061ac
build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1554)
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.18.4 to 1.26.6.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.4...config/v1.26.6)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2024-02-03 09:35:10 +02:00
dependabot[bot]
a93b19f0c0
build(deps): bump k8s.io/client-go from 0.29.0 to 0.29.1 (#1552)
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.29.0 to 0.29.1.
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.29.0...v0.29.1)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-28 12:21:47 +02:00
dependabot[bot]
b17aa709b3
build(deps): bump k8s.io/apimachinery from 0.29.0 to 0.29.1 (#1553)
Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.29.0 to 0.29.1.
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.29.0...v0.29.1)

---
updated-dependencies:
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2024-01-27 11:18:39 +02:00
dependabot[bot]
38949874d1
build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.18.0 to 1.24.1 (#1550)
Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.18.0 to 1.24.1.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.18.0...v1.24.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-20 12:22:18 +02:00
dependabot[bot]
cc6c091b41
build(deps): bump gorm.io/driver/postgres from 1.4.6 to 1.5.4 (#1514)
Bumps [gorm.io/driver/postgres](https://github.com/go-gorm/postgres) from 1.4.6 to 1.5.4.
- [Commits](https://github.com/go-gorm/postgres/compare/v1.4.6...v1.5.4)

---
updated-dependencies:
- dependency-name: gorm.io/driver/postgres
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-11 11:02:00 +02:00
dependabot[bot]
7efba2b94d
build(deps): bump k8s.io/client-go from 0.26.0 to 0.29.0 (#1540)
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.26.0 to 0.29.0.
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.26.0...v0.29.0)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-11 10:34:21 +02:00
Devendra Turkar
a4b46f50de
chore: update go version to 1.21 (#1546)
Updating go version to 1.21
2024-01-10 14:26:50 +02:00
dependabot[bot]
8c47d59e99
build(deps): bump github.com/spf13/viper from 1.14.0 to 1.18.2 (#1541)
Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.14.0 to 1.18.2.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.14.0...v1.18.2)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-05 07:59:17 +02:00
dependabot[bot]
151efc3494
build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 (#1542)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.14.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2023-12-29 20:57:02 +02:00