diff --git a/applicationset/utils/createOrUpdate_test.go b/applicationset/utils/createOrUpdate_test.go index bc06f5e1dd..8a77d9e8eb 100644 --- a/applicationset/utils/createOrUpdate_test.go +++ b/applicationset/utils/createOrUpdate_test.go @@ -5,7 +5,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "gopkg.in/yaml.v3" + "go.yaml.in/yaml/v3" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" diff --git a/cmd/argocd/commands/app_resources.go b/cmd/argocd/commands/app_resources.go index 609aa84fe6..1eb796452b 100644 --- a/cmd/argocd/commands/app_resources.go +++ b/cmd/argocd/commands/app_resources.go @@ -8,7 +8,7 @@ import ( "strings" "text/tabwriter" - "gopkg.in/yaml.v3" + "go.yaml.in/yaml/v3" "github.com/argoproj/argo-cd/v3/util/templates" diff --git a/commitserver/commit/hydratorhelper.go b/commitserver/commit/hydratorhelper.go index 1eddd7017d..73d8b0872b 100644 --- a/commitserver/commit/hydratorhelper.go +++ b/commitserver/commit/hydratorhelper.go @@ -10,7 +10,7 @@ import ( "github.com/Masterminds/sprig/v3" log "github.com/sirupsen/logrus" - "gopkg.in/yaml.v3" + "go.yaml.in/yaml/v3" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "github.com/argoproj/argo-cd/v3/commitserver/apiclient" diff --git a/go.mod b/go.mod index 7c865ccd54..fe653dcb60 100644 --- a/go.mod +++ b/go.mod @@ -96,6 +96,7 @@ require ( go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.42.0 go.opentelemetry.io/otel/sdk v1.42.0 go.opentelemetry.io/otel/trace v1.42.0 + go.yaml.in/yaml/v3 v3.0.4 golang.org/x/crypto v0.49.0 golang.org/x/net v0.52.0 golang.org/x/oauth2 v0.36.0 @@ -106,7 +107,6 @@ require ( google.golang.org/grpc v1.79.3 google.golang.org/protobuf v1.36.11 gopkg.in/yaml.v2 v2.4.0 - gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.34.0 k8s.io/apiextensions-apiserver v0.34.0 k8s.io/apimachinery v0.34.0 @@ -280,7 +280,6 @@ require ( go.opentelemetry.io/proto/otlp v1.9.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.yaml.in/yaml/v2 v2.4.2 // indirect - go.yaml.in/yaml/v3 v3.0.4 // indirect golang.org/x/mod v0.33.0 // indirect golang.org/x/sys v0.42.0 // indirect golang.org/x/text v0.35.0 // indirect @@ -319,7 +318,10 @@ require ( github.com/oklog/ulid/v2 v2.1.1 // indirect ) -require github.com/google/go-github/v84 v84.0.0 // indirect +require ( + github.com/google/go-github/v84 v84.0.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect +) replace ( github.com/golang/protobuf => github.com/golang/protobuf v1.5.4 @@ -329,9 +331,6 @@ replace ( // Avoid CVE-2022-3064 gopkg.in/yaml.v2 => gopkg.in/yaml.v2 v2.4.0 - // Avoid CVE-2022-28948 - gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.1 - k8s.io/api => k8s.io/api v0.34.0 k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.34.0 k8s.io/apimachinery => k8s.io/apimachinery v0.34.0 diff --git a/go.sum b/go.sum index e68d15aad2..c35d496789 100644 --- a/go.sum +++ b/go.sum @@ -1445,6 +1445,8 @@ gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/server/extension/extension.go b/server/extension/extension.go index b9abbf9dfe..e509f4617b 100644 --- a/server/extension/extension.go +++ b/server/extension/extension.go @@ -14,7 +14,7 @@ import ( "github.com/felixge/httpsnoop" log "github.com/sirupsen/logrus" - "gopkg.in/yaml.v3" + "go.yaml.in/yaml/v3" "github.com/argoproj/argo-cd/v3/util/rbac" diff --git a/test/e2e/fixture/admin/utils/backup.go b/test/e2e/fixture/admin/utils/backup.go index b5150bc678..fb17d0f2db 100644 --- a/test/e2e/fixture/admin/utils/backup.go +++ b/test/e2e/fixture/admin/utils/backup.go @@ -5,7 +5,7 @@ import ( "strings" "github.com/argoproj/argo-cd/gitops-engine/pkg/utils/kube" - yaml "gopkg.in/yaml.v3" + yaml "go.yaml.in/yaml/v3" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" )