github/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-02-14 18:10:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
87c7e89b139a8024d8b00bfbd18e500cc25937e4
pinniped/go.mod
Matt Moyer 87c7e89b13 Upgrade github.com/ory/fosite to v0.40.2. 
This required a weird hack because some of the Fosite tests (or a transitive dependency of them) depends on a newer version of gRPC that's incompatible with the Kubernetes runtime version we use. It wasn't as simple as just replacing the gRPC module with an older version, because in the latest versions of gRPC, they split out the "examples" packages into their own module. This new module name doesn't exist at the old version.

Ultimately, the workaround was to make a fake "examples" module locally. This module can be empty because we never actually depend on that code (it's only used in transitive dependency tests).

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-28 12:53:37 -05:00

65 lines
2.6 KiB
Modula-2
Raw Blame History

module go.pinniped.dev
go 1.14
require (
github.com/MakeNowJust/heredoc/v2 v2.0.1
github.com/coreos/go-oidc/v3 v3.0.0
github.com/creack/pty v1.1.12
github.com/davecgh/go-spew v1.1.1
github.com/go-ldap/ldap/v3 v3.3.0
github.com/go-logr/logr v0.4.0
github.com/go-logr/stdr v0.4.0
github.com/go-openapi/spec v0.20.3 // indirect
github.com/gofrs/flock v0.8.0
github.com/golang/mock v1.5.0
github.com/google/go-cmp v0.5.6
github.com/google/gofuzz v1.2.0
github.com/gorilla/securecookie v1.1.1
github.com/gorilla/websocket v1.4.2
github.com/onsi/ginkgo v1.13.0 // indirect
github.com/ory/fosite v0.40.2
github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4
github.com/pkg/errors v0.9.1
github.com/sclevine/agouti v3.0.0+incompatible
github.com/sclevine/spec v1.4.0
github.com/spf13/cobra v1.1.3
github.com/spf13/pflag v1.0.5
github.com/stretchr/testify v1.7.0
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a
golang.org/x/net v0.0.0-20210520170846-37e1c6afe023
golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
golang.org/x/term v0.0.0-20210503060354-a79de5458b56
gopkg.in/square/go-jose.v2 v2.5.1
k8s.io/api v0.21.1
k8s.io/apimachinery v0.21.1
k8s.io/apiserver v0.21.1
k8s.io/client-go v0.21.1
k8s.io/component-base v0.21.1
k8s.io/gengo v0.0.0-20210203185629-de9496dff47b
k8s.io/klog/v2 v2.8.0
k8s.io/kube-aggregator v0.21.1
k8s.io/utils v0.0.0-20210521133846-da695404a2bc
sigs.k8s.io/yaml v1.2.0
)
// Workaround a broken module version (see https://github.com/oleiade/reflections/issues/14).
// We need this until none of our deps tries to pull in v1.0.0, otherwise some tools like
// Dependabot will fail on our module.
replace github.com/oleiade/reflections v1.0.0 => github.com/oleiade/reflections v1.0.1
// We were never vulnerable to CVE-2020-26160 but this avoids future issues
// This fork is not particularly better though:
// https://github.com/form3tech-oss/jwt-go/issues/7
// We use the SHA of github.com/form3tech-oss/jwt-go@v3.2.2 to get around "used for two different module paths"
// https://golang.org/issues/26904
replace github.com/dgrijalva/jwt-go v3.2.0+incompatible => github.com/form3tech-oss/jwt-go v0.0.0-20200915135329-9162a5abdbc0
// Pin gRPC back to v1.29.1 (the version required by Kubernetes), but also override a module that's only used in some tests.
// This is required because sometime after v1.29.1, they moved this package into a separate module.
replace (
google.golang.org/grpc => google.golang.org/grpc v1.29.1
google.golang.org/grpc/examples => ./hack/dependencyhacks/grpcexamples/
)
Reference in New Issue View Git Blame Copy Permalink