File tree Expand file tree Collapse file tree 2 files changed +14
-233
lines changed Expand file tree Collapse file tree 2 files changed +14
-233
lines changed Original file line number Diff line number Diff line change @@ -79,3 +79,16 @@ require (
7979 google.golang.org/protobuf v1.27.1 // indirect
8080 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c // indirect
8181)
82+
83+ // Include the single version of the dependency to clean up go.sum from old revisions.
84+ // Since old and indirect dependencies are listed in the sum file and the vulnerability scanner flags the project as containing vulnerabilities.
85+ replace (
86+ github.com/containerd/containerd => github.com/containerd/containerd v1.5.9 // mitigate CVE-2021-32760 and CVE-2020-15257
87+ github.com/coreos/etcd => github.com/coreos/etcd v3.3.27+incompatible // mitigate CVE-2020-15113 and CVE-2020-15112
88+ github.com/docker/docker => github.com/docker/docker v20.10.12+incompatible // mitigate CVE-2018-20699
89+ github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2 // mitigate CVE-2021-3121
90+ github.com/opencontainers/image-spec => github.com/opencontainers/image-spec v1.0.2 // mitigate CVE-2021-41190
91+ github.com/opencontainers/runc => github.com/opencontainers/runc v1.0.3 // mitigate CVE-2021-30465
92+ golang.org/x/crypto => golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2 // mitigate CVE-2018-16875 and CVE-2020-29652
93+ k8s.io/kubernetes v1.13.0 => k8s.io/kubernetes v1.23.3 // mitigate CVE-2020-8559 and CVE-2020-8565
94+ )
You can’t perform that action at this time.
0 commit comments