Bump gjson to fix two security vulnerabilities.

gjson v1.6.5 is vulnerable to two denial of service attacks: - https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTIDWALLGJSON-1055822 - https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTIDWALLGJSON-1056415 These were reported in CVE-2020-36067. Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>
tektoncd · Sep 6, 2021 · f230e53 · f230e53
1 parent b36e824
commit f230e53
Show file tree

Hide file tree

Showing 20 changed files with 779 additions and 654 deletions.
diff --git a/go.mod b/go.mod
@@ -15,8 +15,7 @@ require (
 	github.com/spf13/cobra v1.2.1
 	github.com/tektoncd/pipeline v0.27.1
 	github.com/tektoncd/plumbing v0.0.0-20210514044347-f8a9689d5bd5
-	github.com/tidwall/gjson v1.6.5 // indirect
-	github.com/tidwall/sjson v1.0.4
+	github.com/tidwall/sjson v1.2.1
 	go.opencensus.io v0.23.0
 	go.uber.org/zap v1.18.1
 	golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 // indirect

diff --git a/go.sum b/go.sum
@@ -1004,14 +1004,15 @@ github.com/tektoncd/pipeline v0.27.1 h1:zz3Nj/N1SubqN89LR1hQbI6+UieE7fg5/7hVJmaw
 github.com/tektoncd/pipeline v0.27.1/go.mod h1:m8fmoJm7h5qhtl4lroyn6tBzyy53rkM/kYVqM/UL304=
 github.com/tektoncd/plumbing v0.0.0-20210514044347-f8a9689d5bd5 h1:tY3t38AFNwlSWALhulEHryANpQ53Hfjp9jM5zl8ImSQ=
 github.com/tektoncd/plumbing v0.0.0-20210514044347-f8a9689d5bd5/go.mod h1:WTWwsg91xgm+jPOKoyKVK/yRYxnVDlUYeDlypB1lDdQ=
-github.com/tidwall/gjson v1.6.5 h1:P/K9r+1pt9AK54uap7HcoIp6T3a7AoMg3v18tUis+Cg=
-github.com/tidwall/gjson v1.6.5/go.mod h1:zeFuBCIqD4sN/gmqBzZ4j7Jd6UcA2Fc56x7QFsv+8fI=
+github.com/tidwall/gjson v1.9.0 h1:+Od7AE26jAaMgVC31cQV/Ope5iKXulNMflrlB7k+F9E=
+github.com/tidwall/gjson v1.9.0/go.mod h1:5/xDoumyyDNerp2U36lyolv46b3uF/9Bu6OfyQ9GImk=
 github.com/tidwall/match v1.0.3 h1:FQUVvBImDutD8wJLN6c5eMzWtjgONK9MwIBCOrUJKeE=
 github.com/tidwall/match v1.0.3/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
-github.com/tidwall/pretty v1.0.2 h1:Z7S3cePv9Jwm1KwS0513MRaoUe3S01WPbLNV40pwWZU=
-github.com/tidwall/pretty v1.0.2/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
-github.com/tidwall/sjson v1.0.4 h1:UcdIRXff12Lpnu3OLtZvnc03g4vH2suXDXhBwBqmzYg=
-github.com/tidwall/sjson v1.0.4/go.mod h1:bURseu1nuBkFpIES5cz6zBtjmYeOQmEESshn7VpF15Y=
+github.com/tidwall/pretty v1.1.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
+github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
+github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
+github.com/tidwall/sjson v1.2.1 h1:r0D/mPikA5YxxFluOftF9DBnwTv9LzY9J4UteHTdh3A=
+github.com/tidwall/sjson v1.2.1/go.mod h1:3nkMFbUMK4z5nlDu1y6g7O+zvjJ6hbyoJUZa4WzepBE=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tsenart/go-tsz v0.0.0-20180814232043-cdeb9e1e981e/go.mod h1:SWZznP1z5Ki7hDT2ioqiFKEse8K9tU2OUvaRI0NeGQo=

diff --git a/vendor/github.com/tidwall/gjson/README.md b/vendor/github.com/tidwall/gjson/README.md
diff --git a/vendor/github.com/tidwall/gjson/SYNTAX.md b/vendor/github.com/tidwall/gjson/SYNTAX.md