From 788a04710a7de32a64bb7378e5ef708fc310a05b Mon Sep 17 00:00:00 2001 From: Saurabh Parekh Date: Wed, 16 Oct 2024 09:44:50 -0700 Subject: [PATCH] Upgrade trivy and harbor-scanner-trivy for harbor v2.11.1 (#3932) --- UPSTREAM_PROJECTS.yaml | 6 +- .../harbor-scanner-trivy/ATTRIBUTION.txt | 62 +- .../harbor-scanner-trivy/CHECKSUMS | 4 +- .../aquasecurity/harbor-scanner-trivy/GIT_TAG | 2 +- .../harbor-scanner-trivy/GOLANG_VERSION | 2 +- .../harbor-scanner-trivy/README.md | 2 +- projects/aquasecurity/trivy/ATTRIBUTION.txt | 2461 +++++++++++++---- projects/aquasecurity/trivy/CHECKSUMS | 4 +- projects/aquasecurity/trivy/GIT_TAG | 2 +- projects/aquasecurity/trivy/README.md | 2 +- ...ependency-to-mitigate-license-issues.patch | 43 + ...h-os-ext-with-kardianos-os-ext-modul.patch | 38 - 12 files changed, 2087 insertions(+), 541 deletions(-) create mode 100644 projects/aquasecurity/trivy/patches/0001-Replace-dependency-to-mitigate-license-issues.patch delete mode 100644 projects/aquasecurity/trivy/patches/0001-Replace-mitchellh-os-ext-with-kardianos-os-ext-modul.patch diff --git a/UPSTREAM_PROJECTS.yaml b/UPSTREAM_PROJECTS.yaml index 9c007da049..a1f10af9a4 100644 --- a/UPSTREAM_PROJECTS.yaml +++ b/UPSTREAM_PROJECTS.yaml @@ -25,11 +25,11 @@ projects: repos: - name: harbor-scanner-trivy versions: - - tag: v0.31.2 - go_version: "1.21" + - tag: v0.31.4 + go_version: "1.22" - name: trivy versions: - - tag: v0.51.2 + - tag: v0.56.2 go_version: "1.22" - org: aws repos: diff --git a/projects/aquasecurity/harbor-scanner-trivy/ATTRIBUTION.txt b/projects/aquasecurity/harbor-scanner-trivy/ATTRIBUTION.txt index 648a0f52d3..3e78413d0e 100644 --- a/projects/aquasecurity/harbor-scanner-trivy/ATTRIBUTION.txt +++ b/projects/aquasecurity/harbor-scanner-trivy/ATTRIBUTION.txt @@ -1,5 +1,5 @@ -** github.com/aquasecurity/harbor-scanner-trivy; version v0.31.2 -- +** github.com/aquasecurity/harbor-scanner-trivy; version v0.31.4 -- https://github.com/aquasecurity/harbor-scanner-trivy ** github.com/containerd/stargz-snapshotter/estargz; version v0.14.3 -- @@ -11,13 +11,13 @@ https://github.com/docker/cli ** github.com/docker/distribution/registry/client/auth/challenge; version v2.8.2+incompatible -- https://github.com/distribution/distribution -** github.com/docker/docker/pkg/homedir; version v26.1.2+incompatible -- +** github.com/docker/docker/pkg/homedir; version v27.1.1+incompatible -- https://github.com/moby/moby ** github.com/knqyf263/go-containerregistry; version v0.16.2-0.20231101014841-fd95d0f749dd -- https://github.com/knqyf263/go-containerregistry -** github.com/klauspost/compress; version v1.16.5 -- +** github.com/klauspost/compress; version v1.17.4 -- https://github.com/klauspost/compress ** github.com/opencontainers/go-digest; version v1.0.0 -- @@ -375,7 +375,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/redis/go-redis/v9; version v9.5.1 -- +** github.com/redis/go-redis/v9; version v9.6.1 -- https://github.com/redis/go-redis/v9 Copyright (c) 2013 The github.com/redis/go-redis Authors. @@ -409,7 +409,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ** github.com/gorilla/mux; version v1.8.1 -- https://github.com/gorilla/mux -** github.com/gorilla/schema; version v1.3.0 -- +** github.com/gorilla/schema; version v1.4.1 -- https://github.com/gorilla/schema Copyright (c) 2023 The Gorilla Authors. All rights reserved. @@ -442,7 +442,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/klauspost/compress/internal/snapref; version v1.16.5 -- +** github.com/klauspost/compress/internal/snapref; version v1.17.4 -- https://github.com/klauspost/compress Copyright (c) 2011 The Snappy-Go Authors. All rights reserved. @@ -578,22 +578,52 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** golang.org/go; version go1.21.13 -- +** golang.org/go; version go1.22.8 -- https://github.com/golang/go -** golang.org/x/exp/constraints; version v0.0.0-20230510235704-dd950f8aeaea -- -https://golang.org/x/exp +Copyright (c) 2009 The Go Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +------ -** golang.org/x/net/context; version v0.25.0 -- +** golang.org/x/net/context; version v0.28.0 -- https://golang.org/x/net -** golang.org/x/sync/errgroup; version v0.3.0 -- +** golang.org/x/sync/errgroup; version v0.8.0 -- https://golang.org/x/sync -** golang.org/x/sys; version v0.20.0 -- +** golang.org/x/sys; version v0.23.0 -- https://golang.org/x/sys -Copyright (c) 2009 The Go Authors. All rights reserved. +** golang.org/x/text; version v0.17.0 -- +https://golang.org/x/text + +Copyright 2009 The Go Authors. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are @@ -605,7 +635,7 @@ notice, this list of conditions and the following disclaimer. copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - * Neither the name of Google Inc. nor the names of its + * Neither the name of Google LLC nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. @@ -730,7 +760,7 @@ Copyright (c) 2017-2020 Damian Gryski https://github.com/docker/docker-credential-helpers Copyright (c) 2016 David Calavera -** github.com/klauspost/compress/zstd/internal/xxhash; version v1.16.5 -- +** github.com/klauspost/compress/zstd/internal/xxhash; version v1.17.4 -- https://github.com/klauspost/compress Copyright (c) 2016 Caleb Spare @@ -738,7 +768,7 @@ Copyright (c) 2016 Caleb Spare https://github.com/mitchellh/go-homedir Copyright (c) 2013 Mitchell Hashimoto -** github.com/samber/lo; version v1.39.0 -- +** github.com/samber/lo; version v1.47.0 -- https://github.com/samber/lo Copyright (c) 2022 Samuel Berthe diff --git a/projects/aquasecurity/harbor-scanner-trivy/CHECKSUMS b/projects/aquasecurity/harbor-scanner-trivy/CHECKSUMS index 658bda5d5e..7167d1f70e 100644 --- a/projects/aquasecurity/harbor-scanner-trivy/CHECKSUMS +++ b/projects/aquasecurity/harbor-scanner-trivy/CHECKSUMS @@ -1,2 +1,2 @@ -c2bd544ed3e7ba3e2031c85b5b35834a0e79fe93c20bdc0fe50948efb13efcd4 _output/bin/harbor-scanner-trivy/linux-amd64/scanner-trivy -712f237c2115cb30bdf3a3d6ad74382bb581a752170a09be5fb1a13bba90dae3 _output/bin/harbor-scanner-trivy/linux-arm64/scanner-trivy +5bf6a0db227da17c076edab99d467bfa78e9c9eea4e887d086133a0f7d8095e1 _output/bin/harbor-scanner-trivy/linux-amd64/scanner-trivy +edf2ce6e325e7c28e7e31fab128f4b9ee133847f03ed1d382ea7dd25fcdf538b _output/bin/harbor-scanner-trivy/linux-arm64/scanner-trivy diff --git a/projects/aquasecurity/harbor-scanner-trivy/GIT_TAG b/projects/aquasecurity/harbor-scanner-trivy/GIT_TAG index 2d64485d28..6a167009fb 100644 --- a/projects/aquasecurity/harbor-scanner-trivy/GIT_TAG +++ b/projects/aquasecurity/harbor-scanner-trivy/GIT_TAG @@ -1 +1 @@ -v0.31.2 \ No newline at end of file +v0.31.4 \ No newline at end of file diff --git a/projects/aquasecurity/harbor-scanner-trivy/GOLANG_VERSION b/projects/aquasecurity/harbor-scanner-trivy/GOLANG_VERSION index d2ab029d32..71f7f51df9 100644 --- a/projects/aquasecurity/harbor-scanner-trivy/GOLANG_VERSION +++ b/projects/aquasecurity/harbor-scanner-trivy/GOLANG_VERSION @@ -1 +1 @@ -1.21 +1.22 diff --git a/projects/aquasecurity/harbor-scanner-trivy/README.md b/projects/aquasecurity/harbor-scanner-trivy/README.md index ce46027cbe..762b802b83 100644 --- a/projects/aquasecurity/harbor-scanner-trivy/README.md +++ b/projects/aquasecurity/harbor-scanner-trivy/README.md @@ -1,5 +1,5 @@ ## **harbor-scanner-trivy** -![Version](https://img.shields.io/badge/version-v0.31.2-blue) +![Version](https://img.shields.io/badge/version-v0.31.4-blue) ![Build Status](https://codebuild.us-west-2.amazonaws.com/badges?uuid=eyJlbmNyeXB0ZWREYXRhIjoieEpzUzBranRhT3NMMGdLU0lSVmh1S2RteDcyd1AwRU5LbVZFc2pnNlcvcWpaZHR4blQ3RktjbzllUmhwMmhma0pnZ2RWVEY0UEIzZ2NPc3pYQ2l1RFZvPSIsIml2UGFyYW1ldGVyU3BlYyI6IitiOTg2c2dOVW55cnVQREoiLCJtYXRlcmlhbFNldFNlcmlhbCI6MX0%3D&branch=main) The [Harbor Scanner Adapter for Trivy](https://github.com/aquasecurity/harbor-scanner-trivy) is a service that translates the Harbor scanning API into Trivy commands and allows Harbor to use Trivy for providing vulnerability reports on images stored in Harbor registry as part of its vulnerability scan feature. diff --git a/projects/aquasecurity/trivy/ATTRIBUTION.txt b/projects/aquasecurity/trivy/ATTRIBUTION.txt index 49828742b3..56cfc35a08 100644 --- a/projects/aquasecurity/trivy/ATTRIBUTION.txt +++ b/projects/aquasecurity/trivy/ATTRIBUTION.txt @@ -1,5 +1,5 @@ -** cloud.google.com/go/compute/metadata; version v0.2.3 -- +** cloud.google.com/go/compute/metadata; version v0.3.0 -- https://github.com/googleapis/google-cloud-go ** cloud.google.com/go/iam; version v1.1.6 -- @@ -26,184 +26,73 @@ https://github.com/aquasecurity/go-npm-version ** github.com/aquasecurity/go-pep440-version; version v0.0.0-20210121094942-22b2f8951d46 -- https://github.com/aquasecurity/go-pep440-version -** github.com/aquasecurity/go-version/pkg; version v0.0.0-20210121072130-637058cfe492 -- +** github.com/aquasecurity/go-version/pkg; version v0.0.0-20240603093900-cf8a8d29271d -- https://github.com/aquasecurity/go-version -** github.com/aquasecurity/trivy; version v0.51.2 -- +** github.com/aquasecurity/trivy; version v0.56.2 -- https://github.com/aquasecurity/trivy -** github.com/aquasecurity/trivy-db/pkg; version v0.0.0-20231005141211-4fc651f7ac8d -- +** github.com/aquasecurity/trivy-db/pkg; version v0.0.0-20240910133327-7e0f4d2ed4c1 -- https://github.com/aquasecurity/trivy-db ** github.com/aquasecurity/trivy-java-db/pkg; version v0.0.0-20240109071736-184bd7481d48 -- https://github.com/aquasecurity/trivy-java-db -** github.com/aquasecurity/trivy-kubernetes; version v0.6.7-0.20240516051533-4c5a4aad13b7 -- +** github.com/aquasecurity/trivy-kubernetes; version v0.6.7-0.20240707095038-0300bc49b68b -- https://github.com/aquasecurity/trivy-kubernetes -** github.com/aws/aws-sdk-go; version v1.53.0 -- +** github.com/aws/aws-sdk-go; version v1.54.6 -- https://github.com/aws/aws-sdk-go -** github.com/aws/aws-sdk-go-v2; version v1.26.1 -- +** github.com/aws/aws-sdk-go-v2; version v1.31.0 -- https://github.com/aws/aws-sdk-go-v2 -** github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream; version v1.6.2 -- -https://github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream - -** github.com/aws/aws-sdk-go-v2/config; version v1.27.11 -- +** github.com/aws/aws-sdk-go-v2/config; version v1.27.38 -- https://github.com/aws/aws-sdk-go-v2/config -** github.com/aws/aws-sdk-go-v2/credentials; version v1.17.11 -- +** github.com/aws/aws-sdk-go-v2/credentials; version v1.17.36 -- https://github.com/aws/aws-sdk-go-v2/credentials -** github.com/aws/aws-sdk-go-v2/feature/ec2/imds; version v1.16.1 -- +** github.com/aws/aws-sdk-go-v2/feature/ec2/imds; version v1.16.14 -- https://github.com/aws/aws-sdk-go-v2/feature/ec2/imds -** github.com/aws/aws-sdk-go-v2/feature/s3/manager; version v1.16.15 -- -https://github.com/aws/aws-sdk-go-v2/feature/s3/manager - -** github.com/aws/aws-sdk-go-v2/internal/configsources; version v1.3.5 -- +** github.com/aws/aws-sdk-go-v2/internal/configsources; version v1.3.18 -- https://github.com/aws/aws-sdk-go-v2/internal/configsources -** github.com/aws/aws-sdk-go-v2/internal/endpoints/v2; version v2.6.5 -- +** github.com/aws/aws-sdk-go-v2/internal/endpoints/v2; version v2.6.18 -- https://github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 -** github.com/aws/aws-sdk-go-v2/internal/ini; version v1.8.0 -- +** github.com/aws/aws-sdk-go-v2/internal/ini; version v1.8.1 -- https://github.com/aws/aws-sdk-go-v2/internal/ini -** github.com/aws/aws-sdk-go-v2/internal/v4a; version v1.3.5 -- -https://github.com/aws/aws-sdk-go-v2/internal/v4a - -** github.com/aws/aws-sdk-go-v2/service/accessanalyzer; version v1.26.7 -- -https://github.com/aws/aws-sdk-go-v2/service/accessanalyzer - -** github.com/aws/aws-sdk-go-v2/service/apigateway; version v1.21.6 -- -https://github.com/aws/aws-sdk-go-v2/service/apigateway - -** github.com/aws/aws-sdk-go-v2/service/apigatewayv2; version v1.18.6 -- -https://github.com/aws/aws-sdk-go-v2/service/apigatewayv2 - -** github.com/aws/aws-sdk-go-v2/service/athena; version v1.37.3 -- -https://github.com/aws/aws-sdk-go-v2/service/athena - -** github.com/aws/aws-sdk-go-v2/service/cloudfront; version v1.32.5 -- -https://github.com/aws/aws-sdk-go-v2/service/cloudfront - -** github.com/aws/aws-sdk-go-v2/service/cloudtrail; version v1.35.6 -- -https://github.com/aws/aws-sdk-go-v2/service/cloudtrail - -** github.com/aws/aws-sdk-go-v2/service/cloudwatch; version v1.32.2 -- -https://github.com/aws/aws-sdk-go-v2/service/cloudwatch - -** github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs; version v1.30.1 -- -https://github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs - -** github.com/aws/aws-sdk-go-v2/service/codebuild; version v1.26.5 -- -https://github.com/aws/aws-sdk-go-v2/service/codebuild - -** github.com/aws/aws-sdk-go-v2/service/docdb; version v1.33.1 -- -https://github.com/aws/aws-sdk-go-v2/service/docdb - -** github.com/aws/aws-sdk-go-v2/service/dynamodb; version v1.26.8 -- -https://github.com/aws/aws-sdk-go-v2/service/dynamodb - -** github.com/aws/aws-sdk-go-v2/service/ebs; version v1.21.7 -- +** github.com/aws/aws-sdk-go-v2/service/ebs; version v1.22.1 -- https://github.com/aws/aws-sdk-go-v2/service/ebs -** github.com/aws/aws-sdk-go-v2/service/ec2; version v1.155.1 -- +** github.com/aws/aws-sdk-go-v2/service/ec2; version v1.179.1 -- https://github.com/aws/aws-sdk-go-v2/service/ec2 -** github.com/aws/aws-sdk-go-v2/service/ecr; version v1.27.4 -- +** github.com/aws/aws-sdk-go-v2/service/ecr; version v1.35.2 -- https://github.com/aws/aws-sdk-go-v2/service/ecr -** github.com/aws/aws-sdk-go-v2/service/ecs; version v1.35.6 -- -https://github.com/aws/aws-sdk-go-v2/service/ecs - -** github.com/aws/aws-sdk-go-v2/service/efs; version v1.28.1 -- -https://github.com/aws/aws-sdk-go-v2/service/efs - -** github.com/aws/aws-sdk-go-v2/service/eks; version v1.41.0 -- -https://github.com/aws/aws-sdk-go-v2/service/eks - -** github.com/aws/aws-sdk-go-v2/service/elasticache; version v1.34.6 -- -https://github.com/aws/aws-sdk-go-v2/service/elasticache - -** github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2; version v1.26.6 -- -https://github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 - -** github.com/aws/aws-sdk-go-v2/service/elasticsearchservice; version v1.25.0 -- -https://github.com/aws/aws-sdk-go-v2/service/elasticsearchservice - -** github.com/aws/aws-sdk-go-v2/service/emr; version v1.36.0 -- -https://github.com/aws/aws-sdk-go-v2/service/emr - -** github.com/aws/aws-sdk-go-v2/service/iam; version v1.28.7 -- -https://github.com/aws/aws-sdk-go-v2/service/iam - -** github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding; version v1.11.2 -- +** github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding; version v1.11.5 -- https://github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding -** github.com/aws/aws-sdk-go-v2/service/internal/checksum; version v1.3.7 -- -https://github.com/aws/aws-sdk-go-v2/service/internal/checksum - -** github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery; version v1.8.11 -- -https://github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery - -** github.com/aws/aws-sdk-go-v2/service/internal/presigned-url; version v1.11.7 -- +** github.com/aws/aws-sdk-go-v2/service/internal/presigned-url; version v1.11.20 -- https://github.com/aws/aws-sdk-go-v2/service/internal/presigned-url -** github.com/aws/aws-sdk-go-v2/service/internal/s3shared; version v1.17.5 -- -https://github.com/aws/aws-sdk-go-v2/service/internal/s3shared - -** github.com/aws/aws-sdk-go-v2/service/kafka; version v1.28.5 -- -https://github.com/aws/aws-sdk-go-v2/service/kafka - -** github.com/aws/aws-sdk-go-v2/service/kinesis; version v1.24.6 -- -https://github.com/aws/aws-sdk-go-v2/service/kinesis - -** github.com/aws/aws-sdk-go-v2/service/kms; version v1.30.0 -- -https://github.com/aws/aws-sdk-go-v2/service/kms - -** github.com/aws/aws-sdk-go-v2/service/lambda; version v1.49.6 -- -https://github.com/aws/aws-sdk-go-v2/service/lambda - -** github.com/aws/aws-sdk-go-v2/service/mq; version v1.20.6 -- -https://github.com/aws/aws-sdk-go-v2/service/mq - -** github.com/aws/aws-sdk-go-v2/service/neptune; version v1.28.1 -- -https://github.com/aws/aws-sdk-go-v2/service/neptune - -** github.com/aws/aws-sdk-go-v2/service/rds; version v1.66.1 -- -https://github.com/aws/aws-sdk-go-v2/service/rds - -** github.com/aws/aws-sdk-go-v2/service/redshift; version v1.39.7 -- -https://github.com/aws/aws-sdk-go-v2/service/redshift - -** github.com/aws/aws-sdk-go-v2/service/s3; version v1.53.1 -- +** github.com/aws/aws-sdk-go-v2/service/s3/types; version v1.63.2 -- https://github.com/aws/aws-sdk-go-v2/service/s3 -** github.com/aws/aws-sdk-go-v2/service/secretsmanager; version v1.26.0 -- -https://github.com/aws/aws-sdk-go-v2/service/secretsmanager - -** github.com/aws/aws-sdk-go-v2/service/sns; version v1.26.6 -- -https://github.com/aws/aws-sdk-go-v2/service/sns - -** github.com/aws/aws-sdk-go-v2/service/sqs; version v1.29.6 -- -https://github.com/aws/aws-sdk-go-v2/service/sqs - -** github.com/aws/aws-sdk-go-v2/service/sso; version v1.20.5 -- +** github.com/aws/aws-sdk-go-v2/service/sso; version v1.23.2 -- https://github.com/aws/aws-sdk-go-v2/service/sso -** github.com/aws/aws-sdk-go-v2/service/ssooidc; version v1.23.4 -- +** github.com/aws/aws-sdk-go-v2/service/ssooidc; version v1.27.2 -- https://github.com/aws/aws-sdk-go-v2/service/ssooidc -** github.com/aws/aws-sdk-go-v2/service/sts; version v1.28.6 -- +** github.com/aws/aws-sdk-go-v2/service/sts; version v1.31.2 -- https://github.com/aws/aws-sdk-go-v2/service/sts -** github.com/aws/aws-sdk-go-v2/service/workspaces; version v1.38.1 -- -https://github.com/aws/aws-sdk-go-v2/service/workspaces - -** github.com/aws/smithy-go; version v1.20.2 -- +** github.com/aws/smithy-go; version v1.21.0 -- https://github.com/aws/smithy-go ** github.com/Azure/go-autorest/autorest; version v0.11.29 -- @@ -227,43 +116,55 @@ https://github.com/bitnami/go-version ** github.com/briandowns/spinner; version v1.23.0 -- https://github.com/briandowns/spinner -** github.com/containerd/containerd; version v1.7.16 -- +** github.com/containerd/containerd; version v1.7.22 -- https://github.com/containerd/containerd -** github.com/containerd/continuity; version v0.4.2 -- +** github.com/containerd/containerd/api; version v1.7.19 -- +https://github.com/containerd/containerd/api + +** github.com/containerd/continuity; version v0.4.3 -- https://github.com/containerd/continuity +** github.com/containerd/errdefs; version v0.1.0 -- +https://github.com/containerd/errdefs + ** github.com/containerd/fifo; version v1.1.0 -- https://github.com/containerd/fifo ** github.com/containerd/log; version v0.1.0 -- https://github.com/containerd/log -** github.com/containerd/stargz-snapshotter/estargz; version v0.14.3 -- +** github.com/containerd/platforms; version v0.2.1 -- +https://github.com/containerd/platforms + +** github.com/containerd/stargz-snapshotter/estargz; version v0.15.1 -- https://github.com/containerd/stargz-snapshotter/estargz -** github.com/containerd/ttrpc; version v1.2.3 -- +** github.com/containerd/ttrpc; version v1.2.5 -- https://github.com/containerd/ttrpc -** github.com/containerd/typeurl/v2; version v2.1.1 -- +** github.com/containerd/typeurl/v2; version v2.2.0 -- https://github.com/containerd/typeurl/v2 ** github.com/csaf-poc/csaf_distribution/v3; version v3.0.0 -- https://github.com/csaf-poc/csaf_distribution/v3 -** github.com/CycloneDX/cyclonedx-go; version v0.8.0 -- +** github.com/cyberphone/json-canonicalization/go/src/webpki.org/jsoncanonicalizer; version v0.0.0-20231011164504-785e29786b46 -- +https://github.com/cyberphone/json-canonicalization + +** github.com/CycloneDX/cyclonedx-go; version v0.9.1 -- https://github.com/CycloneDX/cyclonedx-go ** github.com/distribution/reference; version v0.6.0 -- https://github.com/distribution/reference -** github.com/docker/cli/cli/config; version v25.0.1+incompatible -- +** github.com/docker/cli/cli/config; version v27.2.1+incompatible -- https://github.com/docker/cli ** github.com/docker/distribution; version v2.8.3+incompatible -- https://github.com/distribution/distribution -** github.com/docker/docker; version v26.0.2+incompatible -- +** github.com/docker/docker; version v27.3.1+incompatible -- https://github.com/moby/moby ** github.com/docker/go-connections; version v0.5.0 -- @@ -281,13 +182,13 @@ https://github.com/docker/go-units ** github.com/go-git/go-billy/v5; version v5.5.0 -- https://github.com/go-git/go-billy/v5 -** github.com/go-git/go-git/v5; version v5.11.0 -- +** github.com/go-git/go-git/v5; version v5.12.0 -- https://github.com/go-git/go-git/v5 ** github.com/go-ini/ini; version v1.67.0 -- https://github.com/go-ini/ini -** github.com/go-logr/logr; version v1.4.1 -- +** github.com/go-logr/logr; version v1.4.2 -- https://github.com/go-logr/logr ** github.com/go-logr/stdr; version v1.2.2 -- @@ -329,10 +230,13 @@ https://github.com/golang/groupcache ** github.com/google/btree; version v1.1.2 -- https://github.com/google/btree -** github.com/google/gnostic-models; version v0.6.8 -- +** github.com/google/certificate-transparency-go; version v1.1.8 -- +https://github.com/google/certificate-transparency-go + +** github.com/google/gnostic-models; version v0.6.9-0.20230804172637-c7be7c783f49 -- https://github.com/google/gnostic-models -** github.com/google/go-containerregistry; version v0.19.1 -- +** github.com/google/go-containerregistry; version v0.20.2 -- https://github.com/google/go-containerregistry ** github.com/google/gofuzz; version v1.2.0 -- @@ -362,7 +266,7 @@ https://github.com/in-toto/in-toto-golang ** github.com/jmespath/go-jmespath; version v0.4.0 -- https://github.com/jmespath/go-jmespath -** github.com/klauspost/compress; version v1.17.4 -- +** github.com/klauspost/compress; version v1.17.9 -- https://github.com/klauspost/compress ** github.com/knqyf263/go-apk-version; version v0.0.0-20200609155635-041fdbb8563f -- @@ -371,7 +275,7 @@ https://github.com/knqyf263/go-apk-version ** github.com/kylelemons/godebug; version v1.1.0 -- https://github.com/kylelemons/godebug -** github.com/masahiro331/go-ext4-filesystem; version v0.0.0-20231208112839-4339555a0cd4 -- +** github.com/masahiro331/go-ext4-filesystem; version v0.0.0-20240620024024-ca14e6327bbd -- https://github.com/masahiro331/go-ext4-filesystem ** github.com/masahiro331/go-mvn-version; version v0.0.0-20210429150710-d3157d602a08 -- @@ -380,13 +284,13 @@ https://github.com/masahiro331/go-mvn-version ** github.com/masahiro331/go-vmdk-parser/pkg/virtualization/vmdk; version v0.0.0-20221225061455-612096e4bbbd -- https://github.com/masahiro331/go-vmdk-parser -** github.com/masahiro331/go-xfs-filesystem; version v0.0.0-20230608043311-a335f4599b70 -- +** github.com/masahiro331/go-xfs-filesystem; version v0.0.0-20231205045356-1b22259a6c44 -- https://github.com/masahiro331/go-xfs-filesystem ** github.com/Masterminds/goutils; version v1.1.1 -- https://github.com/Masterminds/goutils -** github.com/moby/buildkit; version v0.12.5 -- +** github.com/moby/buildkit; version v0.16.0 -- https://github.com/moby/buildkit ** github.com/moby/docker-image-spec/specs-go/v1; version v1.3.1 -- @@ -395,18 +299,21 @@ https://github.com/moby/docker-image-spec ** github.com/moby/locker; version v1.0.1 -- https://github.com/moby/locker -** github.com/moby/spdystream; version v0.2.0 -- +** github.com/moby/spdystream; version v0.4.0 -- https://github.com/moby/spdystream -** github.com/moby/sys/mountinfo; version v0.6.2 -- +** github.com/moby/sys/mountinfo; version v0.7.2 -- https://github.com/moby/sys/mountinfo -** github.com/moby/sys/signal; version v0.7.0 -- +** github.com/moby/sys/signal; version v0.7.1 -- https://github.com/moby/sys/signal -** github.com/moby/sys/user; version v0.1.0 -- +** github.com/moby/sys/user; version v0.3.0 -- https://github.com/moby/sys/user +** github.com/moby/sys/userns; version v0.1.0 -- +https://github.com/moby/sys/userns + ** github.com/moby/term; version v0.5.0 -- https://github.com/moby/term @@ -416,6 +323,9 @@ https://github.com/modern-go/concurrent ** github.com/modern-go/reflect2; version v1.0.2 -- https://github.com/modern-go/reflect2 +** github.com/nozzle/throttler; version v0.0.0-20180817012639-2ea982251481 -- +https://github.com/nozzle/throttler + ** github.com/NYTimes/gziphandler; version v1.1.1 -- https://github.com/nytimes/gziphandler @@ -425,13 +335,13 @@ https://github.com/oklog/ulid ** github.com/OneOfOne/xxhash; version v1.2.8 -- https://github.com/OneOfOne/xxhash -** github.com/open-policy-agent/opa; version v0.64.1 -- +** github.com/open-policy-agent/opa; version v0.68.1-0.20240903211041-76f7038ea2d1 -- https://github.com/open-policy-agent/opa -** github.com/open-policy-agent/opa/internal/gojsonschema; version v0.64.1 -- +** github.com/open-policy-agent/opa/internal/gojsonschema; version v0.68.1-0.20240903211041-76f7038ea2d1 -- https://github.com/open-policy-agent/opa -** github.com/open-policy-agent/opa/internal/semver; version v0.64.1 -- +** github.com/open-policy-agent/opa/internal/semver; version v0.68.1-0.20240903211041-76f7038ea2d1 -- https://github.com/open-policy-agent/opa ** github.com/opencontainers/go-digest; version v1.0.0 -- @@ -440,7 +350,7 @@ https://github.com/opencontainers/go-digest ** github.com/opencontainers/image-spec; version v1.1.0 -- https://github.com/opencontainers/image-spec -** github.com/opencontainers/runtime-spec/specs-go; version v1.1.0 -- +** github.com/opencontainers/runtime-spec/specs-go; version v1.2.0 -- https://github.com/opencontainers/runtime-spec ** github.com/opencontainers/selinux; version v1.11.0 -- @@ -449,49 +359,70 @@ https://github.com/opencontainers/selinux ** github.com/opentracing/opentracing-go; version v1.2.0 -- https://github.com/opentracing/opentracing-go +** github.com/openvex/discovery/pkg; version v0.1.1-0.20240802171711-7c54efc57553 -- +https://github.com/openvex/discovery + ** github.com/openvex/go-vex/pkg; version v0.2.5 -- https://github.com/openvex/go-vex ** github.com/pjbgf/sha1cd; version v0.3.0 -- https://github.com/pjbgf/sha1cd -** github.com/prometheus/client_golang/prometheus; version v1.19.0 -- +** github.com/prometheus/client_golang/prometheus; version v1.20.2 -- https://github.com/prometheus/client_golang ** github.com/prometheus/client_model/go; version v0.6.1 -- https://github.com/prometheus/client_model -** github.com/prometheus/common; version v0.48.0 -- +** github.com/prometheus/common; version v0.55.0 -- https://github.com/prometheus/common -** github.com/prometheus/procfs; version v0.12.0 -- +** github.com/prometheus/procfs; version v0.15.1 -- https://github.com/prometheus/procfs ** github.com/santhosh-tekuri/jsonschema/v5; version v5.3.1 -- https://github.com/santhosh-tekuri/jsonschema/v5 +** github.com/sassoftware/go-rpmutils; version v0.4.0 -- +https://github.com/sassoftware/go-rpmutils + +** github.com/sassoftware/relic/lib; version v7.2.1+incompatible -- +https://github.com/sassoftware/relic + ** github.com/shibumi/go-pathspec; version v1.3.0 -- https://github.com/shibumi/go-pathspec -** github.com/sigstore/rekor/pkg/generated; version v1.3.6 -- +** github.com/sigstore/cosign/v2; version v2.2.4 -- +https://github.com/sigstore/cosign/v2 + +** github.com/sigstore/rekor/pkg; version v1.3.6 -- https://github.com/sigstore/rekor -** github.com/skeema/knownhosts; version v1.2.1 -- +** github.com/sigstore/sigstore/pkg; version v1.8.3 -- +https://github.com/sigstore/sigstore + +** github.com/sigstore/timestamp-authority/pkg/verification; version v1.2.2 -- +https://github.com/sigstore/timestamp-authority + +** github.com/skeema/knownhosts; version v1.2.2 -- https://github.com/skeema/knownhosts -** github.com/spdx/tools-golang; version v0.5.4-0.20231108154018-0c0f394b5e1a -- +** github.com/spdx/tools-golang; version v0.5.5 -- https://github.com/spdx/tools-golang ** github.com/spf13/afero; version v1.11.0 -- https://github.com/spf13/afero -** github.com/spf13/cobra; version v1.8.0 -- +** github.com/spf13/cobra; version v1.8.1 -- https://github.com/spf13/cobra -** github.com/tetratelabs/wazero; version v1.7.0 -- +** github.com/tetratelabs/wazero; version v1.8.0 -- https://github.com/tetratelabs/wazero -** github.com/twitchtv/twirp; version v8.1.2+incompatible -- +** github.com/transparency-dev/merkle; version v0.0.2 -- +https://github.com/transparency-dev/merkle + +** github.com/twitchtv/twirp; version v8.1.3+incompatible -- https://github.com/twitchtv/twirp ** github.com/xanzy/ssh-agent; version v0.3.3 -- @@ -518,67 +449,70 @@ https://github.com/mongodb/mongo-go-driver ** go.opencensus.io; version v0.24.0 -- https://github.com/census-instrumentation/opencensus-go -** go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc; version v0.49.0 -- +** go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc; version v0.53.0 -- https://github.com/open-telemetry/opentelemetry-go-contrib -** go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp; version v0.49.0 -- +** go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp; version v0.53.0 -- https://github.com/open-telemetry/opentelemetry-go-contrib -** go.opentelemetry.io/otel; version v1.24.0 -- +** go.opentelemetry.io/otel; version v1.28.0 -- https://github.com/open-telemetry/opentelemetry-go -** go.opentelemetry.io/otel/metric; version v1.24.0 -- +** go.opentelemetry.io/otel/metric; version v1.28.0 -- https://github.com/open-telemetry/opentelemetry-go -** go.opentelemetry.io/otel/sdk; version v1.24.0 -- +** go.opentelemetry.io/otel/sdk; version v1.28.0 -- https://github.com/open-telemetry/opentelemetry-go -** go.opentelemetry.io/otel/trace; version v1.24.0 -- +** go.opentelemetry.io/otel/trace; version v1.28.0 -- https://github.com/open-telemetry/opentelemetry-go ** google.golang.org/genproto; version v0.0.0-20240311173647-c811ad7063a7 -- https://github.com/googleapis/go-genproto -** google.golang.org/genproto/googleapis/api; version v0.0.0-20240311173647-c811ad7063a7 -- +** google.golang.org/genproto/googleapis/api; version v0.0.0-20240701130421-f6361c86f094 -- https://github.com/googleapis/go-genproto -** google.golang.org/genproto/googleapis/rpc; version v0.0.0-20240318140521-94a12d6c2237 -- +** google.golang.org/genproto/googleapis/rpc; version v0.0.0-20240701130421-f6361c86f094 -- https://github.com/googleapis/go-genproto -** google.golang.org/grpc; version v1.63.2 -- +** google.golang.org/grpc; version v1.66.0 -- https://github.com/grpc/grpc-go +** gopkg.in/go-jose/go-jose.v2; version v2.6.3 -- +https://gopkg.in/go-jose/go-jose.v2 + ** gopkg.in/ini.v1; version v1.67.0 -- https://gopkg.in/ini.v1 ** gopkg.in/yaml.v2; version v2.4.0 -- https://gopkg.in/yaml.v2 -** helm.sh/helm/v3; version v3.14.2 -- +** helm.sh/helm/v3; version v3.16.1 -- https://github.com/helm/helm -** k8s.io/api; version v0.30.0 -- +** k8s.io/api; version v0.31.0 -- https://github.com/kubernetes/api -** k8s.io/apiextensions-apiserver/pkg/apis/apiextensions; version v0.29.0 -- +** k8s.io/apiextensions-apiserver/pkg/apis/apiextensions; version v0.31.0 -- https://github.com/kubernetes/apiextensions-apiserver -** k8s.io/apimachinery/pkg; version v0.30.0 -- +** k8s.io/apimachinery/pkg; version v0.31.0 -- https://github.com/kubernetes/apimachinery -** k8s.io/apiserver/pkg/endpoints/deprecation; version v0.29.0 -- +** k8s.io/apiserver/pkg/endpoints/deprecation; version v0.31.0 -- https://github.com/kubernetes/apiserver -** k8s.io/cli-runtime/pkg; version v0.30.0 -- +** k8s.io/cli-runtime/pkg; version v0.31.0 -- https://github.com/kubernetes/cli-runtime -** k8s.io/client-go; version v0.30.0 -- +** k8s.io/client-go; version v0.31.0 -- https://github.com/kubernetes/client-go -** k8s.io/component-base/version; version v0.30.0 -- +** k8s.io/component-base/version; version v0.31.0 -- https://github.com/kubernetes/component-base -** k8s.io/klog/v2; version v2.120.1 -- +** k8s.io/klog/v2; version v2.130.1 -- https://github.com/kubernetes/klog ** k8s.io/kube-openapi/pkg; version v0.0.0-20240228011516-70dd3763d340 -- @@ -587,10 +521,10 @@ https://github.com/kubernetes/kube-openapi ** k8s.io/kube-openapi/pkg/validation/spec; version v0.0.0-20240228011516-70dd3763d340 -- https://github.com/kubernetes/kube-openapi -** k8s.io/kubectl/pkg; version v0.30.0 -- +** k8s.io/kubectl/pkg; version v0.31.0 -- https://github.com/kubernetes/kubectl -** k8s.io/utils; version v0.0.0-20231127182322-b307cd553661 -- +** k8s.io/utils; version v0.0.0-20240711033017-18e509b52bc8 -- https://github.com/kubernetes/utils ** oras.land/oras-go/pkg; version v1.2.5 -- @@ -599,10 +533,10 @@ https://github.com/oras-project/oras-go ** sigs.k8s.io/json; version v0.0.0-20221116044647-bc3834ca7abd -- https://github.com/kubernetes-sigs/json -** sigs.k8s.io/kustomize/api; version v0.13.5-0.20230601165947-6ce0bf390ce3 -- +** sigs.k8s.io/kustomize/api; version v0.17.2 -- https://github.com/kubernetes-sigs/kustomize -** sigs.k8s.io/kustomize/kyaml; version v0.14.3-0.20230601165947-6ce0bf390ce3 -- +** sigs.k8s.io/kustomize/kyaml; version v0.17.1 -- https://github.com/kubernetes-sigs/kustomize ** sigs.k8s.io/structured-merge-diff/v4; version v4.4.1 -- @@ -887,7 +821,7 @@ United States and other governments. It is your responsibility to ensure that your use and/or transfer does not violate applicable laws. -For more information, please see https://www.bis.doc.gov +For more information, see https://www.bis.doc.gov See also https://www.apache.org/dev/crypto.html and/or seek legal counsel. @@ -961,11 +895,6 @@ http://github.com/golang/protobuf/ Copyright 2010 The Go Authors See source code for license details. -Support for streaming Protocol Buffer messages for the Go language (golang). -https://github.com/matttproud/golang_protobuf_extensions -Copyright 2013 Matt T. Proud -Licensed under the Apache License, Version 2.0 - * For github.com/prometheus/client_model/go see also this required NOTICE: Data model artifacts for Prometheus. @@ -994,7 +923,7 @@ SoundCloud Ltd. (http://soundcloud.com/). * For github.com/skeema/knownhosts see also this required NOTICE: -Copyright 2023 Skeema LLC and the Skeema Knownhosts authors +Copyright 2024 Skeema LLC and the Skeema Knownhosts authors Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -1075,21 +1004,23 @@ limitations under the License. ------ -** github.com/emirpasic/gods; version v1.18.1 -- -https://github.com/emirpasic/gods +** github.com/digitorus/timestamp; version v0.0.0-20231217203849-220c5c2851b7 -- +https://github.com/digitorus/timestamp -Copyright (c) 2015, Emir Pasic +BSD 2-Clause License + +Copyright (c) 2017, Digitorus B.V. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: -* Redistributions of source code must retain the above copyright notice, this - list of conditions and the following disclaimer. +1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. -* Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -1102,24 +1033,6 @@ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- - -AVL Tree: - -Copyright (c) 2017 Benjamin Scher Purcell - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - ------ ** github.com/rcrowley/go-metrics; version v0.0.0-20201227073835-cf1acfcdf475 -- @@ -1157,6 +1070,53 @@ official policies, either expressed or implied, of Richard Crowley. ------ +** github.com/emirpasic/gods; version v1.18.1 -- +https://github.com/emirpasic/gods + +Copyright (c) 2015, Emir Pasic +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +* Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +* Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +------------------------------------------------------------------------------- + +AVL Tree: + +Copyright (c) 2017 Benjamin Scher Purcell + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +------ + ** github.com/go-redis/redis/v8; version v8.11.5 -- https://github.com/go-redis/redis/v8 @@ -1339,6 +1299,98 @@ Blackfriday is distributed under the Simplified BSD License: ------ +** github.com/syndtr/goleveldb/leveldb; version v1.0.1-0.20220721030215-126854af5e6d -- +https://github.com/syndtr/goleveldb + +Copyright 2012 Suryandaru Triandana +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright +notice, this list of conditions and the following disclaimer in the +documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +------ + +** github.com/vmihailenco/msgpack/v5; version v5.3.5 -- +https://github.com/vmihailenco/msgpack/v5 + +Copyright (c) 2013 The github.com/vmihailenco/msgpack Authors. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +------ + +** github.com/vmihailenco/tagparser/v2; version v2.0.0 -- +https://github.com/vmihailenco/tagparser/v2 + +Copyright (c) 2019 The github.com/vmihailenco/tagparser Authors. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +------ + ** gopkg.in/warnings.v0; version v0.1.2 -- https://gopkg.in/warnings.v0 @@ -1369,7 +1421,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** modernc.org/libc; version v1.49.3 -- +** modernc.org/libc; version v1.55.3 -- https://gitlab.com/cznic/libc Copyright (c) 2017 The Libc Authors. All rights reserved. @@ -1468,10 +1520,10 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** dario.cat/mergo; version v1.0.0 -- +** dario.cat/mergo; version v1.0.1 -- https://dario.cat/mergo -** github.com/imdario/mergo; version v0.3.15 -- +** github.com/imdario/mergo; version v0.3.16 -- https://github.com/darccio/mergo Copyright (c) 2013 Dario Castañé. All rights reserved. @@ -1505,10 +1557,10 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/aws/aws-sdk-go-v2/internal/sync/singleflight; version v1.26.1 -- +** github.com/aws/aws-sdk-go-v2/internal/sync/singleflight; version v1.31.0 -- https://github.com/aws/aws-sdk-go-v2 -** github.com/aws/smithy-go/internal/sync/singleflight; version v1.20.2 -- +** github.com/aws/smithy-go/internal/sync/singleflight; version v1.21.0 -- https://github.com/aws/smithy-go Copyright (c) 2009 The Go Authors. All rights reserved. @@ -1542,13 +1594,13 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/aws/aws-sdk-go/internal/sync/singleflight; version v1.53.0 -- +** github.com/aws/aws-sdk-go/internal/sync/singleflight; version v1.54.6 -- https://github.com/aws/aws-sdk-go ** github.com/liggitt/tabwriter; version v0.0.0-20181228230101-89fcab3d43de -- https://github.com/liggitt/tabwriter -** github.com/ProtonMail/go-crypto; version v1.1.0-alpha.0 -- +** github.com/ProtonMail/go-crypto; version v1.1.0-alpha.2 -- https://github.com/ProtonMail/go-crypto ** github.com/sagikazarmark/slog-shim; version v0.1.0 -- @@ -1557,40 +1609,16 @@ https://github.com/sagikazarmark/slog-shim ** golang.org/go; version go1.22.8 -- https://github.com/golang/go -** golang.org/x/crypto; version v0.22.0 -- -https://golang.org/x/crypto - ** golang.org/x/exp; version v0.0.0-20231110203233-9a3e6036ecaa -- https://golang.org/x/exp -** golang.org/x/mod; version v0.16.0 -- -https://golang.org/x/mod - -** golang.org/x/net; version v0.24.0 -- -https://golang.org/x/net - -** golang.org/x/oauth2; version v0.18.0 -- +** golang.org/x/oauth2; version v0.21.0 -- https://golang.org/x/oauth2 -** golang.org/x/sync; version v0.6.0 -- -https://golang.org/x/sync - -** golang.org/x/sys; version v0.19.0 -- -https://golang.org/x/sys - -** golang.org/x/term; version v0.19.0 -- -https://golang.org/x/term - -** golang.org/x/text; version v0.14.0 -- -https://golang.org/x/text - -** golang.org/x/time/rate; version v0.5.0 -- -https://golang.org/x/time - -** k8s.io/apimachinery/third_party/forked/golang; version v0.30.0 -- +** k8s.io/apimachinery/third_party/forked/golang; version v0.31.0 -- https://github.com/kubernetes/apimachinery -** k8s.io/client-go/third_party/forked/golang/template; version v0.30.0 -- +** k8s.io/client-go/third_party/forked/golang/template; version v0.31.0 -- https://github.com/kubernetes/client-go Copyright (c) 2009 The Go Authors. All rights reserved. @@ -1656,7 +1684,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/cheggaaa/pb/v3; version v3.1.4 -- +** github.com/cheggaaa/pb/v3; version v3.1.5 -- https://github.com/cheggaaa/pb/v3 ** gopkg.in/cheggaaa/pb.v1; version v1.0.28 -- @@ -1676,7 +1704,7 @@ Redistribution and use in source and binary forms, with or without modification, THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/cloudflare/circl; version v1.3.7 -- +** github.com/cloudflare/circl; version v1.3.8 -- https://github.com/cloudflare/circl Copyright (c) 2019 Cloudflare. All rights reserved. @@ -1739,11 +1767,11 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/cyphar/filepath-securejoin; version v0.2.4 -- +** github.com/cyphar/filepath-securejoin; version v0.3.1 -- https://github.com/cyphar/filepath-securejoin Copyright (C) 2014-2015 Docker Inc & Go Authors. All rights reserved. -Copyright (C) 2017 SUSE LLC. All rights reserved. +Copyright (C) 2017-2024 SUSE LLC. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are @@ -1773,9 +1801,42 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/evanphx/json-patch; version v5.7.0+incompatible -- +** github.com/dsnet/compress; version v0.0.1 -- +https://github.com/dsnet/compress + +Copyright © 2015, Joe Tsai and The Go Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +* Redistributions of source code must retain the above copyright notice, this +list of conditions and the following disclaimer. +* Redistributions in binary form must reproduce the above copyright notice, +this list of conditions and the following disclaimer in the documentation and/or +other materials provided with the distribution. +* Neither the copyright holder nor the names of its contributors may be used to +endorse or promote products derived from this software without specific prior +written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +------ + +** github.com/evanphx/json-patch; version v5.9.0+incompatible -- https://github.com/evanphx/json-patch +** gopkg.in/evanphx/json-patch.v4; version v4.12.0 -- +https://gopkg.in/evanphx/json-patch.v4 + Copyright (c) 2014, Evan Phoenix All rights reserved. @@ -1913,7 +1974,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/golang/protobuf; version v1.5.4 -- +** github.com/golang/protobuf/proto; version v1.5.4 -- https://github.com/golang/protobuf Copyright 2010 The Go Authors. All rights reserved. @@ -1947,10 +2008,13 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/google/go-cmp/cmp; version v0.6.0 -- -https://github.com/google/go-cmp +** github.com/golang/snappy; version v0.0.4 -- +https://github.com/golang/snappy -Copyright (c) 2017 The Go Authors. All rights reserved. +** github.com/klauspost/compress/internal/snapref; version v1.17.9 -- +https://github.com/klauspost/compress + +Copyright (c) 2011 The Snappy-Go Authors. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are @@ -1980,10 +2044,10 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/google/uuid; version v1.6.0 -- -https://github.com/google/uuid +** github.com/google/go-cmp/cmp; version v0.6.0 -- +https://github.com/google/go-cmp -Copyright (c) 2009,2014 Google Inc. All rights reserved. +Copyright (c) 2017 The Go Authors. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are @@ -2013,11 +2077,11 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/googleapis/gax-go/v2; version v2.12.3 -- -https://github.com/googleapis/gax-go/v2 +** github.com/google/go-github/v62/github; version v62.0.0 -- +https://github.com/google/go-github/v62 + +Copyright (c) 2013 The go-github AUTHORS. All rights reserved. -Copyright 2016, Google Inc. -All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -2046,22 +2110,22 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/gorilla/mux; version v1.8.1 -- -https://github.com/gorilla/mux +** github.com/google/go-querystring/query; version v1.1.0 -- +https://github.com/google/go-querystring -Copyright (c) 2023 The Gorilla Authors. All rights reserved. +Copyright (c) 2013 Google. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright + * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above + * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - * Neither the name of Google Inc. nor the names of its + * Neither the name of Google Inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. @@ -2079,12 +2143,10 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/hashicorp/golang-lru/v2/simplelru; version v2.0.7 -- -https://github.com/hashicorp/golang-lru/v2 - -This license applies to simplelru/list.go +** github.com/google/uuid; version v1.6.0 -- +https://github.com/google/uuid -Copyright (c) 2009 The Go Authors. All rights reserved. +Copyright (c) 2009,2014 Google Inc. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are @@ -2114,30 +2176,78 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/Intevation/gval; version v1.3.0 -- -https://github.com/Intevation/gval - -** github.com/Intevation/jsonpath; version v0.2.1 -- -https://github.com/Intevation/jsonpath +** github.com/googleapis/gax-go/v2; version v2.12.3 -- +https://github.com/googleapis/gax-go/v2 -Copyright (c) 2017, Paessler AG +Copyright 2016, Google Inc. All rights reserved. +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: -Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. -1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. +------ -3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. +** github.com/gorilla/mux; version v1.8.1 -- +https://github.com/gorilla/mux + +Copyright (c) 2023 The Gorilla Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/klauspost/compress/internal/snapref; version v1.17.4 -- -https://github.com/klauspost/compress +** github.com/hashicorp/golang-lru/v2/simplelru; version v2.0.7 -- +https://github.com/hashicorp/golang-lru/v2 -Copyright (c) 2011 The Snappy-Go Authors. All rights reserved. +This license applies to simplelru/list.go + +Copyright (c) 2009 The Go Authors. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are @@ -2167,6 +2277,26 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ +** github.com/Intevation/gval; version v1.3.0 -- +https://github.com/Intevation/gval + +** github.com/Intevation/jsonpath; version v0.2.1 -- +https://github.com/Intevation/jsonpath + +Copyright (c) 2017, Paessler AG +All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + +3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +------ + ** github.com/munnerz/goautoneg; version v0.0.0-20191010083416-a7dc8b61c822 -- https://github.com/munnerz/goautoneg @@ -2239,7 +2369,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/open-policy-agent/opa/internal/edittree/bitvector; version v0.64.1 -- +** github.com/open-policy-agent/opa/internal/edittree/bitvector; version v0.68.1-0.20240903211041-76f7038ea2d1 -- https://github.com/open-policy-agent/opa Copyright (c) 2014 Dropbox, Inc. @@ -2305,46 +2435,46 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg; version v0.48.0 -- -https://github.com/prometheus/common +** github.com/prometheus/client_golang/internal/github.com/golang/gddo/httputil; version v1.20.2 -- +https://github.com/prometheus/client_golang -Copyright (c) 2011, Open Knowledge Foundation Ltd. -All rights reserved. +Copyright (c) 2013 The Go Authors. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - - Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in - the documentation and/or other materials provided with the - distribution. - - Neither the name of the Open Knowledge Foundation Ltd. nor the - names of its contributors may be used to endorse or promote - products derived from this software without specific prior written - permission. + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + ------ ** github.com/remyoudompheng/bigfft; version v0.0.0-20230129092748-24d4a6f8daec -- https://github.com/remyoudompheng/bigfft -** k8s.io/utils/internal/third_party/forked/golang/net; version v0.0.0-20231127182322-b307cd553661 -- +** gopkg.in/go-jose/go-jose.v2/json; version v2.6.3 -- +https://gopkg.in/go-jose/go-jose.v2 + +** k8s.io/utils/internal/third_party/forked/golang/net; version v0.0.0-20240711033017-18e509b52bc8 -- https://github.com/kubernetes/utils Copyright (c) 2012 The Go Authors. All rights reserved. @@ -2411,7 +2541,40 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/ulikunitz/xz; version v0.5.11 -- +** github.com/theupdateframework/go-tuf; version v0.7.0 -- +https://github.com/theupdateframework/go-tuf + +Copyright (c) 2014-2020 Prime Directive, Inc. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Prime Directive, Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +------ + +** github.com/ulikunitz/xz; version v0.5.12 -- https://github.com/ulikunitz/xz Copyright (c) 2014-2022 Ulrich Kunitz @@ -2443,7 +2606,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/vbatts/tar-split/archive/tar; version v0.11.3 -- +** github.com/vbatts/tar-split/archive/tar; version v0.11.5 -- https://github.com/vbatts/tar-split Copyright (c) 2015 Vincent Batts, Raleigh, NC, USA @@ -2512,6 +2675,60 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ +** golang.org/x/crypto; version v0.27.0 -- +https://golang.org/x/crypto + +** golang.org/x/mod; version v0.21.0 -- +https://golang.org/x/mod + +** golang.org/x/net; version v0.29.0 -- +https://golang.org/x/net + +** golang.org/x/sync; version v0.8.0 -- +https://golang.org/x/sync + +** golang.org/x/sys; version v0.25.0 -- +https://golang.org/x/sys + +** golang.org/x/term; version v0.24.0 -- +https://golang.org/x/term + +** golang.org/x/text; version v0.18.0 -- +https://golang.org/x/text + +** golang.org/x/time/rate; version v0.6.0 -- +https://golang.org/x/time + +Copyright 2009 The Go Authors. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google LLC nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +------ + ** golang.org/x/xerrors; version v0.0.0-20231012003039-104605ab7028 -- https://golang.org/x/xerrors @@ -2611,7 +2828,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** google.golang.org/protobuf; version v1.34.0 -- +** google.golang.org/protobuf; version v1.34.2 -- https://go.googlesource.com/protobuf Copyright (c) 2018 The Go Authors. All rights reserved. @@ -2677,7 +2894,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** modernc.org/sqlite; version v1.29.7 -- +** modernc.org/sqlite; version v1.33.1 -- https://gitlab.com/cznic/sqlite Copyright (c) 2017 The Sqlite Authors. All rights reserved. @@ -2709,28 +2926,153 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/davecgh/go-spew/spew; version v1.1.2-0.20180830191138-d8f796af33cc -- -https://github.com/davecgh/go-spew - -ISC License - -Copyright (c) 2012-2016 Dave Collins +** mvdan.cc/sh/v3; version v3.8.0 -- +https://github.com/mvdan/sh -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. +Copyright (c) 2016, Daniel Martí. All rights reserved. -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: ------- + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of the copyright holder nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. -** github.com/agnivade/levenshtein; version v1.1.1 -- +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +------ + +** github.com/therootcompany/xz; version v1.0.1 -- +https://github.com/therootcompany/xz + +Creative Commons CC0 1.0 Universal + +CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL +SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN ATTORNEY-CLIENT +RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. +CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE USE OF THIS DOCUMENT OR THE +INFORMATION OR WORKS PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES +RESULTING FROM THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED +HEREUNDER. + +Statement of Purpose + +The laws of most jurisdictions throughout the world automatically confer +exclusive Copyright and Related Rights (defined below) upon the creator and +subsequent owner(s) (each and all, an "owner") of an original work of +authorship and/or a database (each, a "Work"). + +Certain owners wish to permanently relinquish those rights to a Work for the +purpose of contributing to a commons of creative, cultural and scientific +works ("Commons") that the public can reliably and without fear of later +claims of infringement build upon, modify, incorporate in other works, reuse +and redistribute as freely as possible in any form whatsoever and for any +purposes, including without limitation commercial purposes. These owners may +contribute to the Commons to promote the ideal of a free culture and the +further production of creative, cultural and scientific works, or to gain +reputation or greater distribution for their Work in part through the use and +efforts of others. + +For these and/or other purposes and motivations, and without any expectation +of additional consideration or compensation, the person associating CC0 with a +Work (the "Affirmer"), to the extent that he or she is an owner of Copyright +and Related Rights in the Work, voluntarily elects to apply CC0 to the Work +and publicly distribute the Work under its terms, with knowledge of his or her +Copyright and Related Rights in the Work and the meaning and intended legal +effect of CC0 on those rights. + +1. Copyright and Related Rights. A Work made available under CC0 may be protected by copyright and related or neighboring rights ("Copyright and Related Rights"). Copyright and Related Rights include, but are not limited to, the following: + +i. the right to reproduce, adapt, distribute, perform, display, communicate, +and translate a Work; + +ii. moral rights retained by the original author(s) and/or performer(s); + +iii. publicity and privacy rights pertaining to a person's image or +likeness depicted in a Work; + +iv. rights protecting against unfair competition in regards to a Work, subject +to the limitations in paragraph 4(a), below; + +v. rights protecting the extraction, dissemination, use and reuse of data in a +Work; + +vi. database rights (such as those arising under Directive 96/9/EC of the +European Parliament and of the Council of 11 March 1996 on the legal +protection of databases, and under any national implementation thereof, +including any amended or successor version of such directive); and + +vii. other similar, equivalent or corresponding rights throughout the world +based on applicable law or treaty, and any national implementations thereof. + +2. Waiver. To the greatest extent permitted by, but not in contravention of, applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and unconditionally waives, abandons, and surrenders all of Affirmer's Copyright and Related Rights and associated claims and causes of action, whether now known or unknown (including existing as well as future claims and causes of action), in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each member of the public at large and to the detriment of Affirmer's heirs and successors, fully intending that such Waiver shall not be subject to revocation, rescission, cancellation, termination, or any other legal or equitable action to disrupt the quiet enjoyment of the Work by the public as contemplated by Affirmer's express Statement of Purpose. + +3. Public License Fallback. Should any part of the Waiver for any reason be judged legally invalid or ineffective under applicable law, then the Waiver shall be preserved to the maximum extent permitted taking into account Affirmer's express Statement of Purpose. In addition, to the extent the Waiver is so judged Affirmer hereby grants to each affected person a royalty-free, non transferable, non sublicensable, non exclusive, irrevocable and unconditional license to exercise Affirmer's Copyright and Related Rights in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "License"). The License shall be deemed effective as of the date CC0 was applied by Affirmer to the Work. Should any part of the License for any reason be judged legally invalid or ineffective under applicable law, such partial invalidity or ineffectiveness shall not invalidate the remainder of the License, and in such case Affirmer hereby affirms that he or she will not (i) exercise any of his or her remaining Copyright and Related Rights in the Work or (ii) assert any associated claims and causes of action with respect to the Work, in either case contrary to Affirmer's express Statement of Purpose. + +4. Limitations and Disclaimers. + +a. No trademark or patent rights held by Affirmer are waived, abandoned, +surrendered, licensed or otherwise affected by this document. + +b. Affirmer offers the Work as-is and makes no representations or warranties +of any kind concerning the Work, express, implied, statutory or otherwise, +including without limitation warranties of title, merchantability, fitness for +a particular purpose, non infringement, or the absence of latent or other +defects, accuracy, or the present or absence of errors, whether or not +discoverable, all to the greatest extent permissible under applicable law. + +c. Affirmer disclaims responsibility for clearing rights of other persons that +may apply to the Work or any use thereof, including without limitation any +person's Copyright and Related Rights in the Work. Further, Affirmer +disclaims responsibility for obtaining any necessary consents, permissions or +other rights required for any use of the Work. + +d. Affirmer understands and acknowledges that Creative Commons is not a party +to this document and has no duty or obligation with respect to this CC0 or use +of the Work. + + +------ + +** github.com/davecgh/go-spew/spew; version v1.1.2-0.20180830191138-d8f796af33cc -- +https://github.com/davecgh/go-spew + +ISC License + +Copyright (c) 2012-2016 Dave Collins + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +------ + +** github.com/agnivade/levenshtein; version v1.1.1 -- https://github.com/agnivade/levenshtein Copyright (c) 2015 Agniva De Sarker @@ -2742,19 +3084,11 @@ Copyright (C) 2017 Alec Thomas https://github.com/apparentlymart/go-cidr Copyright (c) 2015 Martin Atkins -** github.com/aquasecurity/loading/pkg; version v0.0.5 -- -https://github.com/aquasecurity/loading -Copyright (c) 2022 Liam Galvin - ** github.com/aquasecurity/table; version v1.8.0 -- https://github.com/aquasecurity/table Copyright (c) 2022 Aqua Security -** github.com/aquasecurity/trivy-aws; version v0.8.0 -- -https://github.com/aquasecurity/trivy-aws -Copyright (c) 2021 Aqua Security - -** github.com/aquasecurity/trivy-checks; version v0.10.5-0.20240430045208-6cc735de6b9e -- +** github.com/aquasecurity/trivy-checks; version v1.1.0 -- https://github.com/aquasecurity/trivy-checks Copyright (c) 2024 Aqua Security @@ -2770,19 +3104,27 @@ Copyright (c) Microsoft Corporation. https://github.com/beorn7/perks Copyright (C) 2013 Blake Mizerany +** github.com/blang/semver; version v3.5.1+incompatible -- +https://github.com/blang/semver +Copyright (c) 2014 Benedikt Lang + +** github.com/blang/semver/v4; version v4.0.0 -- +https://github.com/blang/semver/v4 +Copyright (c) 2014 Benedikt Lang + ** github.com/bmatcuk/doublestar/v4; version v4.6.1 -- https://github.com/bmatcuk/doublestar/v4 Copyright (c) 2014 Bob Matcuk -** github.com/BurntSushi/toml; version v1.3.2 -- +** github.com/BurntSushi/toml; version v1.4.0 -- https://github.com/BurntSushi/toml Copyright (c) 2013 TOML authors -** github.com/cenkalti/backoff; version v2.2.1+incompatible -- -https://github.com/cenkalti/backoff +** github.com/cenkalti/backoff/v4; version v4.3.0 -- +https://github.com/cenkalti/backoff/v4 Copyright (c) 2014 Cenk Altı -** github.com/cespare/xxhash/v2; version v2.2.0 -- +** github.com/cespare/xxhash/v2; version v2.3.0 -- https://github.com/cespare/xxhash/v2 Copyright (c) 2016 Caleb Spare @@ -2790,11 +3132,15 @@ Copyright (c) 2016 Caleb Spare https://github.com/dgryski/go-rendezvous Copyright (c) 2017-2020 Damian Gryski +** github.com/digitorus/pkcs7; version v0.0.0-20230818184609-3a137a874352 -- +https://github.com/digitorus/pkcs7 +Copyright (c) 2015 Andrew Smith + ** github.com/dlclark/regexp2; version v1.4.0 -- https://github.com/dlclark/regexp2 Copyright (c) Doug Clark -** github.com/docker/docker-credential-helpers; version v0.7.0 -- +** github.com/docker/docker-credential-helpers; version v0.8.2 -- https://github.com/docker/docker-credential-helpers Copyright (c) 2016 David Calavera @@ -2806,7 +3152,7 @@ Copyright (c) 2012,2013 Ernest Micklei https://github.com/exponent-io/jsonpath Copyright (c) 2015 Exponent Labs LLC -** github.com/fatih/color; version v1.16.0 -- +** github.com/fatih/color; version v1.17.0 -- https://github.com/fatih/color Copyright (c) 2013 Fatih Arslan @@ -2814,6 +3160,14 @@ Copyright (c) 2013 Fatih Arslan https://github.com/felixge/httpsnoop Copyright (c) 2016 Felix Geisendörfer (felix@debuggable.com) +** github.com/fxamacker/cbor/v2; version v2.7.0 -- +https://github.com/fxamacker/cbor/v2 +Copyright (c) 2019-present Faye Amacker + +** github.com/go-chi/chi; version v4.1.2+incompatible -- +https://github.com/go-chi/chi +Copyright (c) 2015-present Peter Kieltyka (https://github.com/pkieltyka), Google Inc. + ** github.com/go-errors/errors; version v1.4.2 -- https://github.com/go-errors/errors Copyright (c) 2015 Conrad Irwin @@ -2840,7 +3194,7 @@ Copyright (c) 2021 golang-jwt maintainers https://github.com/gosuri/uitable Copyright (c) 2014 Mitchell Hashimoto -** github.com/huandu/xstrings; version v1.4.0 -- +** github.com/huandu/xstrings; version v1.5.0 -- https://github.com/huandu/xstrings Copyright (c) 2015 Huan Du @@ -2848,7 +3202,11 @@ Copyright (c) 2015 Huan Du https://github.com/jbenet/go-context Copyright (c) 2014 Juan Batiz-Benet -** github.com/jmoiron/sqlx; version v1.3.5 -- +** github.com/jedisct1/go-minisign; version v0.0.0-20230811132847-661be99b8267 -- +https://github.com/jedisct1/go-minisign +Copyright (c) 2018-2023 Frank Denis + +** github.com/jmoiron/sqlx; version v1.4.0 -- https://github.com/jmoiron/sqlx Copyright (c) 2013, Jason Moiron @@ -2860,7 +3218,7 @@ Copyright (c) 2019 Josh Bleecher Snyder https://github.com/json-iterator/go Copyright (c) 2016 json-iterator -** github.com/klauspost/compress/zstd/internal/xxhash; version v1.17.4 -- +** github.com/klauspost/compress/zstd/internal/xxhash; version v1.17.9 -- https://github.com/klauspost/compress Copyright (c) 2016 Caleb Spare @@ -2872,7 +3230,7 @@ Copyright (c) 2017 Teppei Fukuda https://github.com/knqyf263/go-rpm-version Copyright (c) 2017 Teppei Fukuda -** github.com/knqyf263/go-rpmdb/pkg; version v0.0.0-20231008124120-ac49267ab4e1 -- +** github.com/knqyf263/go-rpmdb/pkg; version v0.1.1 -- https://github.com/knqyf263/go-rpmdb Copyright (c) 2019 Teppei Fukuda @@ -2912,19 +3270,19 @@ Copyright (c) 2016 Mail.Ru Group https://github.com/makenowjust/heredoc Copyright (c) 2014-2019 TSUYUSATO Kitsune -** github.com/masahiro331/go-disk; version v0.0.0-20220919035250-c8da316f91ac -- +** github.com/masahiro331/go-disk; version v0.0.0-20240625071113-56c933208fee -- https://github.com/masahiro331/go-disk Copyright (c) 2022 Masahiro331 -** github.com/masahiro331/go-ebs-file; version v0.0.0-20240112135404-d5fbb1d46323 -- +** github.com/masahiro331/go-ebs-file; version v0.0.0-20240917043618-e6d2bea5c32e -- https://github.com/masahiro331/go-ebs-file Copyright (c) 2022 Masahiro331 -** github.com/Masterminds/semver/v3; version v3.2.1 -- +** github.com/Masterminds/semver/v3; version v3.3.0 -- https://github.com/Masterminds/semver/v3 Copyright (C) 2014-2019, Matt Butcher and Matt Farina -** github.com/Masterminds/sprig/v3; version v3.2.3 -- +** github.com/Masterminds/sprig/v3; version v3.3.0 -- https://github.com/Masterminds/sprig/v3 Copyright (C) 2013-2020 Masterminds @@ -2936,7 +3294,7 @@ Copyright (c) 2016 Yasuhiro Matsumoto https://github.com/mattn/go-isatty Copyright (c) Yasuhiro MATSUMOTO -** github.com/mattn/go-runewidth; version v0.0.14 -- +** github.com/mattn/go-runewidth; version v0.0.15 -- https://github.com/mattn/go-runewidth Copyright (c) 2016 Yasuhiro Matsumoto @@ -2976,15 +3334,15 @@ Copyright (c) 2013 Mitchell Hashimoto https://github.com/monochromegane/go-gitignore Copyright (c) [2015] [go-gitignore] -** github.com/open-policy-agent/opa/internal/gqlparser; version v0.64.1 -- +** github.com/open-policy-agent/opa/internal/gqlparser; version v0.68.1-0.20240903211041-76f7038ea2d1 -- https://github.com/open-policy-agent/opa Copyright (c) 2018 Adam Scarr -** github.com/open-policy-agent/opa/internal/jwx; version v0.64.1 -- +** github.com/open-policy-agent/opa/internal/jwx; version v0.68.1-0.20240903211041-76f7038ea2d1 -- https://github.com/open-policy-agent/opa Copyright (c) 2015 lestrrat -** github.com/package-url/packageurl-go; version v0.1.2 -- +** github.com/package-url/packageurl-go; version v0.1.3 -- https://github.com/package-url/packageurl-go Copyright (c) the purl authors @@ -2992,20 +3350,20 @@ Copyright (c) the purl authors https://github.com/peterbourgon/diskv Copyright (c) 2011-2012 Peter Bourgon -** github.com/rivo/uniseg; version v0.2.0 -- +** github.com/rivo/uniseg; version v0.4.4 -- https://github.com/rivo/uniseg Copyright (c) 2019 Oliver Kuederle -** github.com/rubenv/sql-migrate; version v1.5.2 -- +** github.com/rubenv/sql-migrate; version v1.7.0 -- https://github.com/rubenv/sql-migrate Copyright (C) 2014-2021 by Ruben Vermeersch -** github.com/rubenv/sql-migrate/sqlparse; version v1.5.2 -- +** github.com/rubenv/sql-migrate/sqlparse; version v1.7.0 -- https://github.com/rubenv/sql-migrate Copyright (C) 2014-2017 by Ruben Vermeersch Copyright (C) 2012-2014 by Liam Staskawicz -** github.com/samber/lo; version v1.39.0 -- +** github.com/samber/lo; version v1.47.0 -- https://github.com/samber/lo Copyright (c) 2022 Samuel Berthe @@ -3013,7 +3371,7 @@ Copyright (c) 2022 Samuel Berthe https://github.com/secure-systems-lab/go-securesystemslib Copyright (c) 2021 NYU Secure Systems Lab -** github.com/sergi/go-diff/diffmatchpatch; version v1.3.1 -- +** github.com/sergi/go-diff/diffmatchpatch; version v1.3.2-0.20230802210424-5b0b94c5c0d3 -- https://github.com/sergi/go-diff Copyright (c) 2012-2016 The go-diff Authors. All rights reserved. @@ -3021,11 +3379,11 @@ Copyright (c) 2012-2016 The go-diff Authors. All rights reserved. https://github.com/sirupsen/logrus Copyright (c) 2014 Simon Eskildsen -** github.com/spf13/cast; version v1.6.0 -- +** github.com/spf13/cast; version v1.7.0 -- https://github.com/spf13/cast Copyright (c) 2014 Steve Francia -** github.com/spf13/viper; version v1.18.2 -- +** github.com/spf13/viper; version v1.19.0 -- https://github.com/spf13/viper Copyright (c) 2014 Steve Francia @@ -3046,15 +3404,24 @@ Copyright (c) 2013 Alif Rachmawadi https://github.com/tchap/go-patricia/v2 Copyright (c) 2014 The AUTHORS +** github.com/titanous/rocacheck; version v0.0.0-20171023193734-afe73141d399 -- +https://github.com/titanous/rocacheck +Copyright (c) 2017, Jonathan Rudenberg +Copyright (c) 2017, CRoCS, EnigmaBridge Ltd. + ** github.com/VividCortex/ewma; version v1.2.0 -- https://github.com/VividCortex/ewma Copyright (c) 2013 VividCortex -** github.com/zclconf/go-cty/cty; version v1.14.4 -- +** github.com/x448/float16; version v0.8.4 -- +https://github.com/x448/float16 +Copyright (c) 2019 Montgomery Edwards⁴⁴⁸ and Faye Amacker + +** github.com/zclconf/go-cty/cty; version v1.15.0 -- https://github.com/zclconf/go-cty Copyright (c) 2017-2018 Martin Atkins -** go.etcd.io/bbolt; version v1.3.9 -- +** go.etcd.io/bbolt; version v1.3.11 -- https://github.com/etcd-io/bbolt Copyright (c) 2013 Ben Johnson @@ -3066,7 +3433,7 @@ Copyright (c) 2017-2021 Uber Technologies, Inc. https://github.com/uber-go/zap Copyright (c) 2016-2017 Uber Technologies, Inc. -** sigs.k8s.io/kustomize/kyaml/internal/forked/github.com/qri-io/starlib/util; version v0.14.3-0.20230601165947-6ce0bf390ce3 -- +** sigs.k8s.io/kustomize/kyaml/internal/forked/github.com/qri-io/starlib/util; version v0.17.1 -- https://github.com/kubernetes-sigs/kustomize Copyright (c) 2018 QRI, Inc. @@ -3189,15 +3556,15 @@ use or other dealings in these Data Files or Software without prior written authorization of the copyright holder. ------ -** github.com/Azure/azure-sdk-for-go/sdk/azcore; version v1.10.0 -- +** github.com/Azure/azure-sdk-for-go/sdk/azcore; version v1.14.0 -- https://github.com/Azure/azure-sdk-for-go/sdk/azcore Copyright (c) Microsoft Corporation. -** github.com/Azure/azure-sdk-for-go/sdk/azidentity; version v1.5.1 -- +** github.com/Azure/azure-sdk-for-go/sdk/azidentity; version v1.7.0 -- https://github.com/Azure/azure-sdk-for-go/sdk/azidentity Copyright (c) Microsoft Corporation. -** github.com/Azure/azure-sdk-for-go/sdk/internal; version v1.5.2 -- +** github.com/Azure/azure-sdk-for-go/sdk/internal; version v1.10.0 -- https://github.com/Azure/azure-sdk-for-go/sdk/internal Copyright (c) Microsoft Corporation. @@ -3451,7 +3818,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ------ -** github.com/pelletier/go-toml/v2; version v2.1.0 -- +** github.com/pelletier/go-toml/v2; version v2.2.2 -- https://github.com/pelletier/go-toml/v2 Copyright (c) 2021 - 2023 Thomas Pelletier @@ -3477,7 +3844,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ------ -** github.com/shopspring/decimal; version v1.3.1 -- +** github.com/shopspring/decimal; version v1.4.0 -- https://github.com/shopspring/decimal Copyright (c) 2015 Spring, Inc. Copyright (c) 2013 Oguz Bilgic @@ -3525,6 +3892,33 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ ------ +** github.com/tonistiigi/go-csvvalue; version v0.0.0-20240710180619-ddb21b71c0b4 -- +https://github.com/tonistiigi/go-csvvalue + +MIT + +Copyright 2024 Tõnis Tiigi + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +------ + ** github.com/xlab/treeprint; version v1.2.0 -- https://github.com/xlab/treeprint @@ -3555,8 +3949,8 @@ Copyright (c) 2006-2010 Kirill Simonov Copyright (c) 2006-2011 Kirill Simonov Copyright (c) 2011-2019 Canonical Ltd -** sigs.k8s.io/kustomize/kyaml/internal/forked/github.com/go-yaml/yaml; version v0.14.3-0.20230601165947-6ce0bf390ce3 -- -https://github.com/kubernetes-sigs/kustomize +** sigs.k8s.io/yaml/goyaml.v3; version v1.4.0 -- +https://github.com/kubernetes-sigs/yaml Copyright (c) 2006-2010 Kirill Simonov Copyright (c) 2006-2011 Kirill Simonov Copyright (c) 2011-2019 Canonical Ltd @@ -3627,7 +4021,7 @@ See the License for the specific language governing permissions and limitations under the License. -* For sigs.k8s.io/kustomize/kyaml/internal/forked/github.com/go-yaml/yaml see also this required NOTICE: +* For sigs.k8s.io/yaml/goyaml.v3 see also this required NOTICE: Copyright 2011-2016 Canonical Ltd. Licensed under the Apache License, Version 2.0 (the "License"); @@ -3650,17 +4044,11 @@ https://github.com/hashicorp/errwrap * Package github.com/hashicorp/errwrap's source code may be found at: https://github.com/hashicorp/errwrap/tree/v1.1.0 -** github.com/hashicorp/go-version; version v1.6.0 -- -https://github.com/hashicorp/go-version - - * Package github.com/hashicorp/go-version's source code may be found at: - https://github.com/hashicorp/go-version/tree/v1.6.0 - -** github.com/hashicorp/hcl; version v1.0.0 -- +** github.com/hashicorp/hcl; version v1.0.1-vault-5 -- https://github.com/hashicorp/hcl * Package github.com/hashicorp/hcl's source code may be found at: - https://github.com/hashicorp/hcl/tree/v1.0.0 + https://github.com/hashicorp/hcl/tree/v1.0.1-vault-5 Mozilla Public License, version 2.0 @@ -4391,11 +4779,11 @@ Exhibit B - "Incompatible With Secondary Licenses" Notice ------ -** github.com/hashicorp/go-getter; version v1.7.4 -- +** github.com/hashicorp/go-getter; version v1.7.6 -- https://github.com/hashicorp/go-getter * Package github.com/hashicorp/go-getter's source code may be found at: - https://github.com/hashicorp/go-getter/tree/v1.7.4 + https://github.com/hashicorp/go-getter/tree/v1.7.6 Copyright (c) 2015 HashiCorp, Inc. @@ -5118,11 +5506,13 @@ Exhibit B - “Incompatible With Secondary Licenses” Notice ------ -** github.com/hashicorp/go-safetemp; version v1.0.0 -- -https://github.com/hashicorp/go-safetemp +** github.com/hashicorp/go-retryablehttp; version v0.7.7 -- +https://github.com/hashicorp/go-retryablehttp - * Package github.com/hashicorp/go-safetemp's source code may be found at: - https://github.com/hashicorp/go-safetemp/tree/v1.0.0 + * Package github.com/hashicorp/go-retryablehttp's source code may be found at: + https://github.com/hashicorp/go-retryablehttp/tree/v0.7.7 + +Copyright (c) 2015 HashiCorp, Inc. Mozilla Public License, version 2.0 @@ -5487,15 +5877,14 @@ Exhibit B - "Incompatible With Secondary Licenses" Notice With Secondary Licenses", as defined by the Mozilla Public License, v. 2.0. ------- -** github.com/hashicorp/go-uuid; version v1.0.3 -- -https://github.com/hashicorp/go-uuid +------ - * Package github.com/hashicorp/go-uuid's source code may be found at: - https://github.com/hashicorp/go-uuid/tree/v1.0.3 +** github.com/hashicorp/go-safetemp; version v1.0.0 -- +https://github.com/hashicorp/go-safetemp -Copyright © 2015-2022 HashiCorp, Inc. + * Package github.com/hashicorp/go-safetemp's source code may be found at: + https://github.com/hashicorp/go-safetemp/tree/v1.0.0 Mozilla Public License, version 2.0 @@ -5723,14 +6112,757 @@ Mozilla Public License, version 2.0 4. Inability to Comply Due to Statute or Regulation If it is impossible for You to comply with any of the terms of this License - with respect to some or all of the Covered Software due to statute, - judicial order, or regulation then You must: (a) comply with the terms of - this License to the maximum extent possible; and (b) describe the - limitations and the code they affect. Such description must be placed in a - text file included with all distributions of the Covered Software under - this License. Except to the extent prohibited by statute or regulation, - such description must be sufficiently detailed for a recipient of ordinary - skill to be able to understand it. + with respect to some or all of the Covered Software due to statute, + judicial order, or regulation then You must: (a) comply with the terms of + this License to the maximum extent possible; and (b) describe the + limitations and the code they affect. Such description must be placed in a + text file included with all distributions of the Covered Software under + this License. Except to the extent prohibited by statute or regulation, + such description must be sufficiently detailed for a recipient of ordinary + skill to be able to understand it. + +5. Termination + +5.1. The rights granted under this License will terminate automatically if You + fail to comply with any of its terms. However, if You become compliant, + then the rights granted under this License from a particular Contributor + are reinstated (a) provisionally, unless and until such Contributor + explicitly and finally terminates Your grants, and (b) on an ongoing + basis, if such Contributor fails to notify You of the non-compliance by + some reasonable means prior to 60 days after You have come back into + compliance. Moreover, Your grants from a particular Contributor are + reinstated on an ongoing basis if such Contributor notifies You of the + non-compliance by some reasonable means, this is the first time You have + received notice of non-compliance with this License from such + Contributor, and You become compliant prior to 30 days after Your receipt + of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent + infringement claim (excluding declaratory judgment actions, + counter-claims, and cross-claims) alleging that a Contributor Version + directly or indirectly infringes any patent, then the rights granted to + You by any and all Contributors for the Covered Software under Section + 2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user + license agreements (excluding distributors and resellers) which have been + validly granted by You or Your distributors under this License prior to + termination shall survive termination. + +6. Disclaimer of Warranty + + Covered Software is provided under this License on an "as is" basis, + without warranty of any kind, either expressed, implied, or statutory, + including, without limitation, warranties that the Covered Software is free + of defects, merchantable, fit for a particular purpose or non-infringing. + The entire risk as to the quality and performance of the Covered Software + is with You. Should any Covered Software prove defective in any respect, + You (not any Contributor) assume the cost of any necessary servicing, + repair, or correction. This disclaimer of warranty constitutes an essential + part of this License. No use of any Covered Software is authorized under + this License except under this disclaimer. + +7. Limitation of Liability + + Under no circumstances and under no legal theory, whether tort (including + negligence), contract, or otherwise, shall any Contributor, or anyone who + distributes Covered Software as permitted above, be liable to You for any + direct, indirect, special, incidental, or consequential damages of any + character including, without limitation, damages for lost profits, loss of + goodwill, work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses, even if such party shall have been + informed of the possibility of such damages. This limitation of liability + shall not apply to liability for death or personal injury resulting from + such party's negligence to the extent applicable law prohibits such + limitation. Some jurisdictions do not allow the exclusion or limitation of + incidental or consequential damages, so this exclusion and limitation may + not apply to You. + +8. Litigation + + Any litigation relating to this License may be brought only in the courts + of a jurisdiction where the defendant maintains its principal place of + business and such litigation shall be governed by laws of that + jurisdiction, without reference to its conflict-of-law provisions. Nothing + in this Section shall prevent a party's ability to bring cross-claims or + counter-claims. + +9. Miscellaneous + + This License represents the complete agreement concerning the subject + matter hereof. If any provision of this License is held to be + unenforceable, such provision shall be reformed only to the extent + necessary to make it enforceable. Any law or regulation which provides that + the language of a contract shall be construed against the drafter shall not + be used to construe this License against a Contributor. + + +10. Versions of the License + +10.1. New Versions + + Mozilla Foundation is the license steward. Except as provided in Section + 10.3, no one other than the license steward has the right to modify or + publish new versions of this License. Each version will be given a + distinguishing version number. + +10.2. Effect of New Versions + + You may distribute the Covered Software under the terms of the version + of the License under which You originally received the Covered Software, + or under the terms of any subsequent version published by the license + steward. + +10.3. Modified Versions + + If you create software not governed by this License, and you want to + create a new license for such software, you may create and use a + modified version of this License if you rename the license and remove + any references to the name of the license steward (except to note that + such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary + Licenses If You choose to distribute Source Code Form that is + Incompatible With Secondary Licenses under the terms of this version of + the License, the notice described in Exhibit B of this License must be + attached. + +Exhibit A - Source Code Form License Notice + + This Source Code Form is subject to the + terms of the Mozilla Public License, v. + 2.0. If a copy of the MPL was not + distributed with this file, You can + obtain one at + http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular file, +then You may include the notice in a location (such as a LICENSE file in a +relevant directory) where a recipient would be likely to look for such a +notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice + + This Source Code Form is "Incompatible + With Secondary Licenses", as defined by + the Mozilla Public License, v. 2.0. + +------ + +** github.com/hashicorp/go-uuid; version v1.0.3 -- +https://github.com/hashicorp/go-uuid + + * Package github.com/hashicorp/go-uuid's source code may be found at: + https://github.com/hashicorp/go-uuid/tree/v1.0.3 + +Copyright © 2015-2022 HashiCorp, Inc. + +Mozilla Public License, version 2.0 + +1. Definitions + +1.1. "Contributor" + + means each individual or legal entity that creates, contributes to the + creation of, or owns Covered Software. + +1.2. "Contributor Version" + + means the combination of the Contributions of others (if any) used by a + Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + + means Source Code Form to which the initial Contributor has attached the + notice in Exhibit A, the Executable Form of such Source Code Form, and + Modifications of such Source Code Form, in each case including portions + thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + a. that the initial Contributor has attached the notice described in + Exhibit B to the Covered Software; or + + b. that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the terms of + a Secondary License. + +1.6. "Executable Form" + + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + + means a work that combines Covered Software with other material, in a + separate file or files, that is not Covered Software. + +1.8. "License" + + means this document. + +1.9. "Licensable" + + means having the right to grant, to the maximum extent possible, whether + at the time of the initial grant or subsequently, any and all of the + rights conveyed by this License. + +1.10. "Modifications" + + means any of the following: + + a. any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered Software; or + + b. any new file in Source Code Form that contains any Covered Software. + +1.11. "Patent Claims" of a Contributor + + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the License, + by the making, using, selling, offering for sale, having made, import, + or transfer of either its Contributions or its Contributor Version. + +1.12. "Secondary License" + + means either the GNU General Public License, Version 2.0, the GNU Lesser + General Public License, Version 2.1, the GNU Affero General Public + License, Version 3.0, or any later versions of those licenses. + +1.13. "Source Code Form" + + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that controls, is + controlled by, or is under common control with You. For purposes of this + definition, "control" means (a) the power, direct or indirect, to cause + the direction or management of such entity, whether by contract or + otherwise, or (b) ownership of more than fifty percent (50%) of the + outstanding shares or beneficial ownership of such entity. + + +2. License Grants and Conditions + +2.1. Grants + + Each Contributor hereby grants You a world-wide, royalty-free, + non-exclusive license: + + a. under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + + b. under Patent Claims of such Contributor to make, use, sell, offer for + sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + + The licenses granted in Section 2.1 with respect to any Contribution + become effective for each Contribution on the date the Contributor first + distributes such Contribution. + +2.3. Limitations on Grant Scope + + The licenses granted in this Section 2 are the only rights granted under + this License. No additional rights or licenses will be implied from the + distribution or licensing of Covered Software under this License. + Notwithstanding Section 2.1(b) above, no patent license is granted by a + Contributor: + + a. for any code that a Contributor has removed from Covered Software; or + + b. for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + + c. under Patent Claims infringed by Covered Software in the absence of + its Contributions. + + This License does not grant any rights in the trademarks, service marks, + or logos of any Contributor (except as may be necessary to comply with + the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + + No Contributor makes additional grants as a result of Your choice to + distribute the Covered Software under a subsequent version of this + License (see Section 10.2) or under the terms of a Secondary License (if + permitted under the terms of Section 3.3). + +2.5. Representation + + Each Contributor represents that the Contributor believes its + Contributions are its original creation(s) or it has sufficient rights to + grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + + This License is not intended to limit any rights You have under + applicable copyright doctrines of fair use, fair dealing, or other + equivalents. + +2.7. Conditions + + Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in + Section 2.1. + + +3. Responsibilities + +3.1. Distribution of Source Form + + All distribution of Covered Software in Source Code Form, including any + Modifications that You create or to which You contribute, must be under + the terms of this License. You must inform recipients that the Source + Code Form of the Covered Software is governed by the terms of this + License, and how they can obtain a copy of this License. You may not + attempt to alter or restrict the recipients' rights in the Source Code + Form. + +3.2. Distribution of Executable Form + + If You distribute Covered Software in Executable Form then: + + a. such Covered Software must also be made available in Source Code Form, + as described in Section 3.1, and You must inform recipients of the + Executable Form how they can obtain a copy of such Source Code Form by + reasonable means in a timely manner, at a charge no more than the cost + of distribution to the recipient; and + + b. You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter the + recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + + You may create and distribute a Larger Work under terms of Your choice, + provided that You also comply with the requirements of this License for + the Covered Software. If the Larger Work is a combination of Covered + Software with a work governed by one or more Secondary Licenses, and the + Covered Software is not Incompatible With Secondary Licenses, this + License permits You to additionally distribute such Covered Software + under the terms of such Secondary License(s), so that the recipient of + the Larger Work may, at their option, further distribute the Covered + Software under the terms of either this License or such Secondary + License(s). + +3.4. Notices + + You may not remove or alter the substance of any license notices + (including copyright notices, patent notices, disclaimers of warranty, or + limitations of liability) contained within the Source Code Form of the + Covered Software, except that You may alter any license notices to the + extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + + You may choose to offer, and to charge a fee for, warranty, support, + indemnity or liability obligations to one or more recipients of Covered + Software. However, You may do so only on Your own behalf, and not on + behalf of any Contributor. You must make it absolutely clear that any + such warranty, support, indemnity, or liability obligation is offered by + You alone, and You hereby agree to indemnify every Contributor for any + liability incurred by such Contributor as a result of warranty, support, + indemnity or liability terms You offer. You may include additional + disclaimers of warranty and limitations of liability specific to any + jurisdiction. + +4. Inability to Comply Due to Statute or Regulation + + If it is impossible for You to comply with any of the terms of this License + with respect to some or all of the Covered Software due to statute, + judicial order, or regulation then You must: (a) comply with the terms of + this License to the maximum extent possible; and (b) describe the + limitations and the code they affect. Such description must be placed in a + text file included with all distributions of the Covered Software under + this License. Except to the extent prohibited by statute or regulation, + such description must be sufficiently detailed for a recipient of ordinary + skill to be able to understand it. + +5. Termination + +5.1. The rights granted under this License will terminate automatically if You + fail to comply with any of its terms. However, if You become compliant, + then the rights granted under this License from a particular Contributor + are reinstated (a) provisionally, unless and until such Contributor + explicitly and finally terminates Your grants, and (b) on an ongoing + basis, if such Contributor fails to notify You of the non-compliance by + some reasonable means prior to 60 days after You have come back into + compliance. Moreover, Your grants from a particular Contributor are + reinstated on an ongoing basis if such Contributor notifies You of the + non-compliance by some reasonable means, this is the first time You have + received notice of non-compliance with this License from such + Contributor, and You become compliant prior to 30 days after Your receipt + of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent + infringement claim (excluding declaratory judgment actions, + counter-claims, and cross-claims) alleging that a Contributor Version + directly or indirectly infringes any patent, then the rights granted to + You by any and all Contributors for the Covered Software under Section + 2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user + license agreements (excluding distributors and resellers) which have been + validly granted by You or Your distributors under this License prior to + termination shall survive termination. + +6. Disclaimer of Warranty + + Covered Software is provided under this License on an "as is" basis, + without warranty of any kind, either expressed, implied, or statutory, + including, without limitation, warranties that the Covered Software is free + of defects, merchantable, fit for a particular purpose or non-infringing. + The entire risk as to the quality and performance of the Covered Software + is with You. Should any Covered Software prove defective in any respect, + You (not any Contributor) assume the cost of any necessary servicing, + repair, or correction. This disclaimer of warranty constitutes an essential + part of this License. No use of any Covered Software is authorized under + this License except under this disclaimer. + +7. Limitation of Liability + + Under no circumstances and under no legal theory, whether tort (including + negligence), contract, or otherwise, shall any Contributor, or anyone who + distributes Covered Software as permitted above, be liable to You for any + direct, indirect, special, incidental, or consequential damages of any + character including, without limitation, damages for lost profits, loss of + goodwill, work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses, even if such party shall have been + informed of the possibility of such damages. This limitation of liability + shall not apply to liability for death or personal injury resulting from + such party's negligence to the extent applicable law prohibits such + limitation. Some jurisdictions do not allow the exclusion or limitation of + incidental or consequential damages, so this exclusion and limitation may + not apply to You. + +8. Litigation + + Any litigation relating to this License may be brought only in the courts + of a jurisdiction where the defendant maintains its principal place of + business and such litigation shall be governed by laws of that + jurisdiction, without reference to its conflict-of-law provisions. Nothing + in this Section shall prevent a party's ability to bring cross-claims or + counter-claims. + +9. Miscellaneous + + This License represents the complete agreement concerning the subject + matter hereof. If any provision of this License is held to be + unenforceable, such provision shall be reformed only to the extent + necessary to make it enforceable. Any law or regulation which provides that + the language of a contract shall be construed against the drafter shall not + be used to construe this License against a Contributor. + + +10. Versions of the License + +10.1. New Versions + + Mozilla Foundation is the license steward. Except as provided in Section + 10.3, no one other than the license steward has the right to modify or + publish new versions of this License. Each version will be given a + distinguishing version number. + +10.2. Effect of New Versions + + You may distribute the Covered Software under the terms of the version + of the License under which You originally received the Covered Software, + or under the terms of any subsequent version published by the license + steward. + +10.3. Modified Versions + + If you create software not governed by this License, and you want to + create a new license for such software, you may create and use a + modified version of this License if you rename the license and remove + any references to the name of the license steward (except to note that + such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary + Licenses If You choose to distribute Source Code Form that is + Incompatible With Secondary Licenses under the terms of this version of + the License, the notice described in Exhibit B of this License must be + attached. + +Exhibit A - Source Code Form License Notice + + This Source Code Form is subject to the + terms of the Mozilla Public License, v. + 2.0. If a copy of the MPL was not + distributed with this file, You can + obtain one at + http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular file, +then You may include the notice in a location (such as a LICENSE file in a +relevant directory) where a recipient would be likely to look for such a +notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice + + This Source Code Form is "Incompatible + With Secondary Licenses", as defined by + the Mozilla Public License, v. 2.0. + + +------ + +** github.com/hashicorp/go-version; version v1.7.0 -- +https://github.com/hashicorp/go-version + + * Package github.com/hashicorp/go-version's source code may be found at: + https://github.com/hashicorp/go-version/tree/v1.7.0 + +Copyright (c) 2014 HashiCorp, Inc. + +Mozilla Public License, version 2.0 + +1. Definitions + +1.1. “Contributor” + + means each individual or legal entity that creates, contributes to the + creation of, or owns Covered Software. + +1.2. “Contributor Version” + + means the combination of the Contributions of others (if any) used by a + Contributor and that particular Contributor’s Contribution. + +1.3. “Contribution” + + means Covered Software of a particular Contributor. + +1.4. “Covered Software” + + means Source Code Form to which the initial Contributor has attached the + notice in Exhibit A, the Executable Form of such Source Code Form, and + Modifications of such Source Code Form, in each case including portions + thereof. + +1.5. “Incompatible With Secondary Licenses” + means + + a. that the initial Contributor has attached the notice described in + Exhibit B to the Covered Software; or + + b. that the Covered Software was made available under the terms of version + 1.1 or earlier of the License, but not also under the terms of a + Secondary License. + +1.6. “Executable Form” + + means any form of the work other than Source Code Form. + +1.7. “Larger Work” + + means a work that combines Covered Software with other material, in a separate + file or files, that is not Covered Software. + +1.8. “License” + + means this document. + +1.9. “Licensable” + + means having the right to grant, to the maximum extent possible, whether at the + time of the initial grant or subsequently, any and all of the rights conveyed by + this License. + +1.10. “Modifications” + + means any of the following: + + a. any file in Source Code Form that results from an addition to, deletion + from, or modification of the contents of Covered Software; or + + b. any new file in Source Code Form that contains any Covered Software. + +1.11. “Patent Claims” of a Contributor + + means any patent claim(s), including without limitation, method, process, + and apparatus claims, in any patent Licensable by such Contributor that + would be infringed, but for the grant of the License, by the making, + using, selling, offering for sale, having made, import, or transfer of + either its Contributions or its Contributor Version. + +1.12. “Secondary License” + + means either the GNU General Public License, Version 2.0, the GNU Lesser + General Public License, Version 2.1, the GNU Affero General Public + License, Version 3.0, or any later versions of those licenses. + +1.13. “Source Code Form” + + means the form of the work preferred for making modifications. + +1.14. “You” (or “Your”) + + means an individual or a legal entity exercising rights under this + License. For legal entities, “You” includes any entity that controls, is + controlled by, or is under common control with You. For purposes of this + definition, “control” means (a) the power, direct or indirect, to cause + the direction or management of such entity, whether by contract or + otherwise, or (b) ownership of more than fifty percent (50%) of the + outstanding shares or beneficial ownership of such entity. + + +2. License Grants and Conditions + +2.1. Grants + + Each Contributor hereby grants You a world-wide, royalty-free, + non-exclusive license: + + a. under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or as + part of a Larger Work; and + + b. under Patent Claims of such Contributor to make, use, sell, offer for + sale, have made, import, and otherwise transfer either its Contributions + or its Contributor Version. + +2.2. Effective Date + + The licenses granted in Section 2.1 with respect to any Contribution become + effective for each Contribution on the date the Contributor first distributes + such Contribution. + +2.3. Limitations on Grant Scope + + The licenses granted in this Section 2 are the only rights granted under this + License. No additional rights or licenses will be implied from the distribution + or licensing of Covered Software under this License. Notwithstanding Section + 2.1(b) above, no patent license is granted by a Contributor: + + a. for any code that a Contributor has removed from Covered Software; or + + b. for infringements caused by: (i) Your and any other third party’s + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + + c. under Patent Claims infringed by Covered Software in the absence of its + Contributions. + + This License does not grant any rights in the trademarks, service marks, or + logos of any Contributor (except as may be necessary to comply with the + notice requirements in Section 3.4). + +2.4. Subsequent Licenses + + No Contributor makes additional grants as a result of Your choice to + distribute the Covered Software under a subsequent version of this License + (see Section 10.2) or under the terms of a Secondary License (if permitted + under the terms of Section 3.3). + +2.5. Representation + + Each Contributor represents that the Contributor believes its Contributions + are its original creation(s) or it has sufficient rights to grant the + rights to its Contributions conveyed by this License. + +2.6. Fair Use + + This License is not intended to limit any rights You have under applicable + copyright doctrines of fair use, fair dealing, or other equivalents. + +2.7. Conditions + + Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in + Section 2.1. + + +3. Responsibilities + +3.1. Distribution of Source Form + + All distribution of Covered Software in Source Code Form, including any + Modifications that You create or to which You contribute, must be under the + terms of this License. You must inform recipients that the Source Code Form + of the Covered Software is governed by the terms of this License, and how + they can obtain a copy of this License. You may not attempt to alter or + restrict the recipients’ rights in the Source Code Form. + +3.2. Distribution of Executable Form + + If You distribute Covered Software in Executable Form then: + + a. such Covered Software must also be made available in Source Code Form, + as described in Section 3.1, and You must inform recipients of the + Executable Form how they can obtain a copy of such Source Code Form by + reasonable means in a timely manner, at a charge no more than the cost + of distribution to the recipient; and + + b. You may distribute such Executable Form under the terms of this License, + or sublicense it under different terms, provided that the license for + the Executable Form does not attempt to limit or alter the recipients’ + rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + + You may create and distribute a Larger Work under terms of Your choice, + provided that You also comply with the requirements of this License for the + Covered Software. If the Larger Work is a combination of Covered Software + with a work governed by one or more Secondary Licenses, and the Covered + Software is not Incompatible With Secondary Licenses, this License permits + You to additionally distribute such Covered Software under the terms of + such Secondary License(s), so that the recipient of the Larger Work may, at + their option, further distribute the Covered Software under the terms of + either this License or such Secondary License(s). + +3.4. Notices + + You may not remove or alter the substance of any license notices (including + copyright notices, patent notices, disclaimers of warranty, or limitations + of liability) contained within the Source Code Form of the Covered + Software, except that You may alter any license notices to the extent + required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + + You may choose to offer, and to charge a fee for, warranty, support, + indemnity or liability obligations to one or more recipients of Covered + Software. However, You may do so only on Your own behalf, and not on behalf + of any Contributor. You must make it absolutely clear that any such + warranty, support, indemnity, or liability obligation is offered by You + alone, and You hereby agree to indemnify every Contributor for any + liability incurred by such Contributor as a result of warranty, support, + indemnity or liability terms You offer. You may include additional + disclaimers of warranty and limitations of liability specific to any + jurisdiction. + +4. Inability to Comply Due to Statute or Regulation + + If it is impossible for You to comply with any of the terms of this License + with respect to some or all of the Covered Software due to statute, judicial + order, or regulation then You must: (a) comply with the terms of this License + to the maximum extent possible; and (b) describe the limitations and the code + they affect. Such description must be placed in a text file included with all + distributions of the Covered Software under this License. Except to the + extent prohibited by statute or regulation, such description must be + sufficiently detailed for a recipient of ordinary skill to be able to + understand it. 5. Termination @@ -5738,22 +6870,21 @@ Mozilla Public License, version 2.0 fail to comply with any of its terms. However, if You become compliant, then the rights granted under this License from a particular Contributor are reinstated (a) provisionally, unless and until such Contributor - explicitly and finally terminates Your grants, and (b) on an ongoing - basis, if such Contributor fails to notify You of the non-compliance by - some reasonable means prior to 60 days after You have come back into - compliance. Moreover, Your grants from a particular Contributor are - reinstated on an ongoing basis if such Contributor notifies You of the - non-compliance by some reasonable means, this is the first time You have - received notice of non-compliance with this License from such - Contributor, and You become compliant prior to 30 days after Your receipt - of the notice. + explicitly and finally terminates Your grants, and (b) on an ongoing basis, + if such Contributor fails to notify You of the non-compliance by some + reasonable means prior to 60 days after You have come back into compliance. + Moreover, Your grants from a particular Contributor are reinstated on an + ongoing basis if such Contributor notifies You of the non-compliance by + some reasonable means, this is the first time You have received notice of + non-compliance with this License from such Contributor, and You become + compliant prior to 30 days after Your receipt of the notice. 5.2. If You initiate litigation against any entity by asserting a patent - infringement claim (excluding declaratory judgment actions, - counter-claims, and cross-claims) alleging that a Contributor Version - directly or indirectly infringes any patent, then the rights granted to - You by any and all Contributors for the Covered Software under Section - 2.1 of this License shall terminate. + infringement claim (excluding declaratory judgment actions, counter-claims, + and cross-claims) alleging that a Contributor Version directly or + indirectly infringes any patent, then the rights granted to You by any and + all Contributors for the Covered Software under Section 2.1 of this License + shall terminate. 5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user license agreements (excluding distributors and resellers) which have been @@ -5762,16 +6893,16 @@ Mozilla Public License, version 2.0 6. Disclaimer of Warranty - Covered Software is provided under this License on an "as is" basis, - without warranty of any kind, either expressed, implied, or statutory, - including, without limitation, warranties that the Covered Software is free - of defects, merchantable, fit for a particular purpose or non-infringing. - The entire risk as to the quality and performance of the Covered Software - is with You. Should any Covered Software prove defective in any respect, - You (not any Contributor) assume the cost of any necessary servicing, - repair, or correction. This disclaimer of warranty constitutes an essential - part of this License. No use of any Covered Software is authorized under - this License except under this disclaimer. + Covered Software is provided under this License on an “as is” basis, without + warranty of any kind, either expressed, implied, or statutory, including, + without limitation, warranties that the Covered Software is free of defects, + merchantable, fit for a particular purpose or non-infringing. The entire + risk as to the quality and performance of the Covered Software is with You. + Should any Covered Software prove defective in any respect, You (not any + Contributor) assume the cost of any necessary servicing, repair, or + correction. This disclaimer of warranty constitutes an essential part of this + License. No use of any Covered Software is authorized under this License + except under this disclaimer. 7. Limitation of Liability @@ -5783,29 +6914,27 @@ Mozilla Public License, version 2.0 goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses, even if such party shall have been informed of the possibility of such damages. This limitation of liability - shall not apply to liability for death or personal injury resulting from - such party's negligence to the extent applicable law prohibits such - limitation. Some jurisdictions do not allow the exclusion or limitation of - incidental or consequential damages, so this exclusion and limitation may - not apply to You. + shall not apply to liability for death or personal injury resulting from such + party’s negligence to the extent applicable law prohibits such limitation. + Some jurisdictions do not allow the exclusion or limitation of incidental or + consequential damages, so this exclusion and limitation may not apply to You. 8. Litigation - Any litigation relating to this License may be brought only in the courts - of a jurisdiction where the defendant maintains its principal place of - business and such litigation shall be governed by laws of that - jurisdiction, without reference to its conflict-of-law provisions. Nothing - in this Section shall prevent a party's ability to bring cross-claims or - counter-claims. + Any litigation relating to this License may be brought only in the courts of + a jurisdiction where the defendant maintains its principal place of business + and such litigation shall be governed by laws of that jurisdiction, without + reference to its conflict-of-law provisions. Nothing in this Section shall + prevent a party’s ability to bring cross-claims or counter-claims. 9. Miscellaneous - This License represents the complete agreement concerning the subject - matter hereof. If any provision of this License is held to be - unenforceable, such provision shall be reformed only to the extent - necessary to make it enforceable. Any law or regulation which provides that - the language of a contract shall be construed against the drafter shall not - be used to construe this License against a Contributor. + This License represents the complete agreement concerning the subject matter + hereof. If any provision of this License is held to be unenforceable, such + provision shall be reformed only to the extent necessary to make it + enforceable. Any law or regulation which provides that the language of a + contract shall be construed against the drafter shall not be used to construe + this License against a Contributor. 10. Versions of the License @@ -5819,24 +6948,23 @@ Mozilla Public License, version 2.0 10.2. Effect of New Versions - You may distribute the Covered Software under the terms of the version - of the License under which You originally received the Covered Software, - or under the terms of any subsequent version published by the license + You may distribute the Covered Software under the terms of the version of + the License under which You originally received the Covered Software, or + under the terms of any subsequent version published by the license steward. 10.3. Modified Versions If you create software not governed by this License, and you want to - create a new license for such software, you may create and use a - modified version of this License if you rename the license and remove - any references to the name of the license steward (except to note that - such modified license differs from this License). + create a new license for such software, you may create and use a modified + version of this License if you rename the license and remove any + references to the name of the license steward (except to note that such + modified license differs from this License). -10.4. Distributing Source Code Form that is Incompatible With Secondary - Licenses If You choose to distribute Source Code Form that is - Incompatible With Secondary Licenses under the terms of this version of - the License, the notice described in Exhibit B of this License must be - attached. +10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses + If You choose to distribute Source Code Form that is Incompatible With + Secondary Licenses under the terms of this version of the License, the + notice described in Exhibit B of this License must be attached. Exhibit A - Source Code Form License Notice @@ -5847,17 +6975,16 @@ Exhibit A - Source Code Form License Notice obtain one at http://mozilla.org/MPL/2.0/. -If it is not possible or desirable to put the notice in a particular file, -then You may include the notice in a location (such as a LICENSE file in a -relevant directory) where a recipient would be likely to look for such a -notice. +If it is not possible or desirable to put the notice in a particular file, then +You may include the notice in a location (such as a LICENSE file in a relevant +directory) where a recipient would be likely to look for such a notice. You may add additional accurate notices of copyright ownership. -Exhibit B - "Incompatible With Secondary Licenses" Notice +Exhibit B - “Incompatible With Secondary Licenses” Notice - This Source Code Form is "Incompatible - With Secondary Licenses", as defined by + This Source Code Form is “Incompatible + With Secondary Licenses”, as defined by the Mozilla Public License, v. 2.0. @@ -6236,11 +7363,11 @@ Exhibit B - "Incompatible With Secondary Licenses" Notice ------ -** github.com/hashicorp/hcl/v2; version v2.19.1 -- +** github.com/hashicorp/hcl/v2; version v2.22.0 -- https://github.com/hashicorp/hcl/v2 * Package github.com/hashicorp/hcl/v2's source code may be found at: - https://github.com/hashicorp/hcl/v2/tree/v2.19.1 + https://github.com/hashicorp/hcl/v2/tree/v2.22.0 Copyright (c) 2014 HashiCorp, Inc. @@ -6600,6 +7727,390 @@ Exhibit B - “Incompatible With Secondary Licenses” Notice ------ +** github.com/letsencrypt/boulder; version v0.0.0-20231026200631-000cd05d5491 -- +https://github.com/letsencrypt/boulder + + * Package github.com/letsencrypt/boulder's source code may be found at: + https://github.com/letsencrypt/boulder/tree/v0.0.0-20231026200631-000cd05d5491 + +Copyright 2016 ISRG. All rights reserved. + +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. + +------ + ** github.com/aquasecurity/tml; version v0.6.1 -- https://github.com/aquasecurity/tml @@ -6631,10 +8142,10 @@ For more information, please refer to ------ -** github.com/owenrumney/go-sarif/v2/sarif; version v2.3.0 -- +** github.com/owenrumney/go-sarif/v2/sarif; version v2.3.3 -- https://github.com/owenrumney/go-sarif/v2 -** github.com/owenrumney/squealer; version v1.2.2 -- +** github.com/owenrumney/squealer; version v1.2.4 -- https://github.com/owenrumney/squealer This is free and unencumbered software released into the public domain. diff --git a/projects/aquasecurity/trivy/CHECKSUMS b/projects/aquasecurity/trivy/CHECKSUMS index edadffafd2..daf8c606f1 100644 --- a/projects/aquasecurity/trivy/CHECKSUMS +++ b/projects/aquasecurity/trivy/CHECKSUMS @@ -1,2 +1,2 @@ -5b5e539d940a0eef4bebf6c070ae49d168823d8eddf546ea4f71f8b8b82d5c37 _output/bin/trivy/linux-amd64/trivy -b181a35ed3061257190aa3233ddee3f5cfdd50914316bb83530a64c44d3e5ac8 _output/bin/trivy/linux-arm64/trivy +fc13c860512e95c0bce78dc5e8a6b4c83baa0bf72a3f170f8691634487cf19b7 _output/bin/trivy/linux-amd64/trivy +0a7c8a64e7dc25192c749c66a0f9a0bbbcfd02304d985f623261ed433973982b _output/bin/trivy/linux-arm64/trivy diff --git a/projects/aquasecurity/trivy/GIT_TAG b/projects/aquasecurity/trivy/GIT_TAG index c21fa7b369..df8473fbd1 100644 --- a/projects/aquasecurity/trivy/GIT_TAG +++ b/projects/aquasecurity/trivy/GIT_TAG @@ -1 +1 @@ -v0.51.2 \ No newline at end of file +v0.56.2 diff --git a/projects/aquasecurity/trivy/README.md b/projects/aquasecurity/trivy/README.md index f24f5fea32..4dfdc99bf6 100644 --- a/projects/aquasecurity/trivy/README.md +++ b/projects/aquasecurity/trivy/README.md @@ -1,5 +1,5 @@ ## **trivy** -![Version](https://img.shields.io/badge/version-v0.51.2-blue) +![Version](https://img.shields.io/badge/version-v0.56.2-blue) ![Build Status](https://codebuild.us-west-2.amazonaws.com/badges?uuid=eyJlbmNyeXB0ZWREYXRhIjoiMVBvZE5FTEtYaVpuWUJ3eGd2Tis1dHAxT0ZKcXBuWkNVUmpjL0pRVnduRUl2Qm1XZ29xbHBENU5wVGM3TzVTTXhFTS83VUtrWGdCVU9lVkVxSmFhUnBFPSIsIml2UGFyYW1ldGVyU3BlYyI6IkQzTU9tSEd0YWZDc0NVYkIiLCJtYXRlcmlhbFNldFNlcmlhbCI6MX0%3D&branch=main) [Trivy](https://github.com/aquasecurity/trivy/) is a simple and comprehensive scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and language-specific packages (Bundler, Composer, npm, yarn, etc.). In addition, Trivy scans Infrastructure as Code (IaC) files such as Terraform, Dockerfile and Kubernetes, to detect potential configuration issues that expose your deployments to the risk of attack. Trivy also scans hardcoded secrets like passwords, API keys and tokens. diff --git a/projects/aquasecurity/trivy/patches/0001-Replace-dependency-to-mitigate-license-issues.patch b/projects/aquasecurity/trivy/patches/0001-Replace-dependency-to-mitigate-license-issues.patch new file mode 100644 index 0000000000..e9633744d1 --- /dev/null +++ b/projects/aquasecurity/trivy/patches/0001-Replace-dependency-to-mitigate-license-issues.patch @@ -0,0 +1,43 @@ +From d7cf6742978a28ac40c58a15682c67120a99c71e Mon Sep 17 00:00:00 2001 +From: Saurabh Parekh +Date: Wed, 16 Oct 2024 00:54:45 -0700 +Subject: [PATCH] Replace dependency to mitigate license issues + +replace xi2/xz to mitigate non-standard license +The xi2/xz package, a dependency of some module imported by aquasecurity/trivy, uses a non-standard Public Domain license. +This replacement points to a fork which has a standard CC-0 public domain license. + +Signed-off-by: Saurabh Parekh +--- + go.mod | 4 ++++ + go.sum | 2 ++ + 2 files changed, 6 insertions(+) + +diff --git a/go.mod b/go.mod +index d01ce2a7d..5dfb08764 100644 +--- a/go.mod ++++ b/go.mod +@@ -423,3 +423,7 @@ require ( + sigs.k8s.io/kustomize/kyaml v0.17.1 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + ) ++ ++replace( ++ github.com/xi2/xz => github.com/therootcompany/xz v1.0.1 ++) +diff --git a/go.sum b/go.sum +index 51d43bf95..bed5ea970 100644 +--- a/go.sum ++++ b/go.sum +@@ -1328,6 +1328,8 @@ github.com/tetratelabs/wazero v1.8.0 h1:iEKu0d4c2Pd+QSRieYbnQC9yiFlMS9D+Jr0LsRmc + github.com/tetratelabs/wazero v1.8.0/go.mod h1:yAI0XTsMBhREkM/YDAK/zNou3GoiAce1P6+rp/wQhjs= + github.com/thales-e-security/pool v0.0.2 h1:RAPs4q2EbWsTit6tpzuvTFlgFRJ3S8Evf5gtvVDbmPg= + github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU= ++github.com/therootcompany/xz v1.0.1 h1:CmOtsn1CbtmyYiusbfmhmkpAAETj0wBIH6kCYaX+xzw= ++github.com/therootcompany/xz v1.0.1/go.mod h1:3K3UH1yCKgBneZYhuQUvJ9HPD19UEXEI0BWbMn8qNMY= + github.com/theupdateframework/go-tuf v0.7.0 h1:CqbQFrWo1ae3/I0UCblSbczevCCbS31Qvs5LdxRWqRI= + github.com/theupdateframework/go-tuf v0.7.0/go.mod h1:uEB7WSY+7ZIugK6R1hiBMBjQftaFzn7ZCDJcp1tCUug= + github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= +-- +2.46.2 + diff --git a/projects/aquasecurity/trivy/patches/0001-Replace-mitchellh-os-ext-with-kardianos-os-ext-modul.patch b/projects/aquasecurity/trivy/patches/0001-Replace-mitchellh-os-ext-with-kardianos-os-ext-modul.patch deleted file mode 100644 index 2f08f888c2..0000000000 --- a/projects/aquasecurity/trivy/patches/0001-Replace-mitchellh-os-ext-with-kardianos-os-ext-modul.patch +++ /dev/null @@ -1,38 +0,0 @@ -From f3d1ca8d9d05e3522f0d3376c01fc5e1a2471e24 Mon Sep 17 00:00:00 2001 -From: Jhaanvi Golani -Date: Wed, 12 Jun 2024 13:37:09 -0700 -Subject: [PATCH] Replace mitchellh os-ext with kardianos os-ext module - ---- - go.mod | 1 + - go.sum | 2 +- - 2 files changed, 2 insertions(+), 1 deletion(-) - -diff --git a/go.mod b/go.mod -index 4227c73e1..c556b7f40 100644 ---- a/go.mod -+++ b/go.mod -@@ -140,6 +140,7 @@ require ( - golang.org/x/crypto v0.22.0 - sigs.k8s.io/yaml v1.4.0 - ) -+replace github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f => github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 - - require ( - cloud.google.com/go v0.112.1 // indirect -diff --git a/go.sum b/go.sum -index 83bdd09d6..842b8f73e 100644 ---- a/go.sum -+++ b/go.sum -@@ -1788,7 +1788,7 @@ github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh - github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= - github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= - github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= --github.aaakk.us.kg/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A= -+github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0/go.mod h1:1NbS8ALrpOvjt0rHPNLyCIeMtbizbir8U//inJ+zuB8= - github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= - github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= - github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= --- -2.44.0 -