2020-08-24 21:18:39 +10:00
|
|
|
module github.com/distribution/distribution/v3
|
2019-06-06 08:40:29 +10:00
|
|
|
|
2022-05-05 18:20:56 +10:00
|
|
|
go 1.18
|
2019-06-06 08:40:29 +10:00
|
|
|
|
|
|
|
|
require (
|
2023-05-23 18:41:43 +10:00
|
|
|
cloud.google.com/go/storage v1.30.1
|
2022-11-13 04:44:12 +11:00
|
|
|
github.com/AdaLogics/go-fuzz-headers v0.0.0-20221103172237-443f56ff4ba8
|
2023-05-11 23:23:47 +10:00
|
|
|
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0
|
|
|
|
|
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
|
2020-02-21 14:58:17 +11:00
|
|
|
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0
|
2019-06-06 08:40:29 +10:00
|
|
|
github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d
|
2022-03-11 12:27:01 +11:00
|
|
|
github.com/aws/aws-sdk-go v1.43.16
|
2020-09-01 10:26:57 +10:00
|
|
|
github.com/bshuster-repo/logrus-logstash-hook v1.0.0
|
2019-06-06 08:40:29 +10:00
|
|
|
github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd
|
|
|
|
|
github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba
|
2018-03-14 11:08:11 +11:00
|
|
|
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c
|
2020-01-09 04:27:59 +11:00
|
|
|
github.com/docker/go-metrics v0.0.1
|
2019-06-06 08:40:29 +10:00
|
|
|
github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1
|
2020-09-01 10:15:02 +10:00
|
|
|
github.com/gomodule/redigo v1.8.2
|
2020-09-01 13:48:55 +10:00
|
|
|
github.com/gorilla/handlers v1.5.1
|
2020-08-28 04:09:06 +10:00
|
|
|
github.com/gorilla/mux v1.8.0
|
2022-07-13 10:42:48 +10:00
|
|
|
github.com/hashicorp/golang-lru v0.5.4
|
2023-05-04 21:17:34 +10:00
|
|
|
github.com/klauspost/compress v1.16.5
|
2019-06-20 15:39:19 +10:00
|
|
|
github.com/mitchellh/mapstructure v1.1.2
|
|
|
|
|
github.com/ncw/swift v1.0.47
|
2020-08-25 02:45:46 +10:00
|
|
|
github.com/opencontainers/go-digest v1.0.0
|
2021-11-18 08:23:15 +11:00
|
|
|
github.com/opencontainers/image-spec v1.0.2
|
2022-05-05 04:54:58 +10:00
|
|
|
github.com/prometheus/client_golang v1.12.1 // indirect; updated to latest
|
2021-04-22 22:36:56 +10:00
|
|
|
github.com/sirupsen/logrus v1.8.1
|
2022-11-03 05:48:45 +11:00
|
|
|
github.com/spf13/cobra v1.6.1
|
2019-06-06 08:40:29 +10:00
|
|
|
github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50
|
2023-05-11 23:23:47 +10:00
|
|
|
golang.org/x/crypto v0.7.0
|
2023-05-23 18:41:43 +10:00
|
|
|
golang.org/x/oauth2 v0.6.0
|
|
|
|
|
google.golang.org/api v0.114.0
|
2022-11-13 04:44:12 +11:00
|
|
|
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c
|
2021-04-22 22:31:11 +10:00
|
|
|
gopkg.in/yaml.v2 v2.4.0
|
2019-06-06 08:40:29 +10:00
|
|
|
)
|
go.mod: add replace rule to prevent unwanted updateds of grpc and jwt-go
This replace rule is to prevent unwanted updates of grpc and jwt-go. When updating
spf13/cobra, we noticed that google.golang.org/grpc got updated.
Doing a search to find which modules (note here that `go mod graph` only looks
at dependencies from a `go modules` perspective, and not all the (current version)
of our dependencies use go modules).
And I found that the only _modules_ depending on it are `github.com/spf13/viper`
and `github.com/grpc-ecosystem/grpc-gateway`:
```bash
$ go mod graph | grep ' google.golang.org/grpc'
github.com/spf13/viper@v1.4.0 google.golang.org/grpc@v1.21.0
github.com/grpc-ecosystem/grpc-gateway@v1.9.0 google.golang.org/grpc@v1.19.0
```
Of those, `github.com/grpc-ecosystem/grpc-gateway` is a dependency of
`github.com/spf13/viper`:
```bash
$ go mod graph | grep ' github.com/grpc-ecosystem/grpc-gateway'
github.com/spf13/viper@v1.4.0 github.com/grpc-ecosystem/grpc-gateway@v1.9.0
```
So looking at that one, it's a dependency of cobra:
```bash
$ go mod graph | grep ' github.com/spf13/viper@v1.4.0'
github.com/spf13/cobra@v1.0.0 github.com/spf13/viper@v1.4.0
```
Ironically, while both `github.com/spf13/viper` and `github.com/grpc-ecosystem/grpc-gateway`,
depend on `google.golang.org/grpc` and (through their `go.mod`) are responsible
for `go mod` to update the dependency version of grpc, none of them are used:
```bash
cat vendor/modules.txt | grep github.com/spf13/viper
cat vendor/modules.txt | grep github.com/grpc-ecosystem/grpc-gateway
```
Unfortunately, `go modules` looks at `go.mod` to determine the *minimum version*
required; _even if the parts of the modules specifying it in the `go.mod` are unused_.
This patch adds a `replace` rule in go.mod to prevent updating grpc based on
other dependencies that _declare_ `google.golang.org/grpc` as a dependency,
but are not used and, hence, should not influence the minumum version.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-24 02:34:53 +10:00
|
|
|
|
2022-05-05 18:20:56 +10:00
|
|
|
require (
|
2023-05-23 18:41:43 +10:00
|
|
|
cloud.google.com/go v0.110.0 // indirect
|
2023-05-11 23:23:47 +10:00
|
|
|
github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
|
|
|
|
|
github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 // indirect
|
2022-05-05 18:20:56 +10:00
|
|
|
github.com/beorn7/perks v1.0.1 // indirect
|
|
|
|
|
github.com/bitly/go-simplejson v0.5.0 // indirect
|
|
|
|
|
github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b // indirect
|
|
|
|
|
github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 // indirect
|
2023-05-23 18:41:43 +10:00
|
|
|
github.com/cespare/xxhash/v2 v2.2.0 // indirect
|
2022-11-13 04:44:12 +11:00
|
|
|
github.com/cyphar/filepath-securejoin v0.2.3 // indirect
|
2022-05-05 18:20:56 +10:00
|
|
|
github.com/felixge/httpsnoop v1.0.1 // indirect
|
2023-05-11 23:23:47 +10:00
|
|
|
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
|
2022-05-05 04:54:58 +10:00
|
|
|
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
|
|
|
|
|
github.com/golang/protobuf v1.5.2 // indirect
|
2023-05-11 23:23:47 +10:00
|
|
|
github.com/google/uuid v1.3.0 // indirect
|
2023-05-23 18:41:43 +10:00
|
|
|
github.com/googleapis/gax-go/v2 v2.7.1 // indirect
|
2022-11-03 05:48:45 +11:00
|
|
|
github.com/inconshreveable/mousetrap v1.0.1 // indirect
|
2022-05-05 18:20:56 +10:00
|
|
|
github.com/jmespath/go-jmespath v0.4.0 // indirect
|
2022-11-13 04:44:12 +11:00
|
|
|
github.com/kr/pretty v0.2.1 // indirect
|
|
|
|
|
github.com/kr/text v0.2.0 // indirect
|
2020-02-21 14:58:17 +11:00
|
|
|
github.com/kylelemons/godebug v1.1.0 // indirect
|
2022-05-05 18:20:56 +10:00
|
|
|
github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
|
|
|
|
|
github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f // indirect
|
2023-05-11 23:23:47 +10:00
|
|
|
github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
|
2022-05-05 04:54:58 +10:00
|
|
|
github.com/prometheus/client_model v0.2.0 // indirect
|
|
|
|
|
github.com/prometheus/common v0.32.1 // indirect
|
|
|
|
|
github.com/prometheus/procfs v0.7.3 // indirect
|
2022-11-03 05:48:45 +11:00
|
|
|
github.com/spf13/pflag v1.0.5 // indirect
|
2022-05-05 18:20:56 +10:00
|
|
|
github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 // indirect
|
|
|
|
|
github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f // indirect
|
2023-05-23 18:41:43 +10:00
|
|
|
go.opencensus.io v0.24.0 // indirect
|
2023-05-11 23:23:47 +10:00
|
|
|
golang.org/x/net v0.8.0 // indirect; updated for CVE-2022-27664, CVE-2022-41717
|
|
|
|
|
golang.org/x/sys v0.6.0 // indirect
|
|
|
|
|
golang.org/x/text v0.8.0 // indirect
|
2023-05-23 18:41:43 +10:00
|
|
|
google.golang.org/appengine v1.6.7 // indirect
|
|
|
|
|
google.golang.org/genproto v0.0.0-20230320184635-7606e756e683 // indirect
|
|
|
|
|
google.golang.org/grpc v1.53.0 // indirect
|
|
|
|
|
google.golang.org/protobuf v1.29.1 // indirect
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
require (
|
|
|
|
|
cloud.google.com/go/compute v1.18.0 // indirect
|
|
|
|
|
cloud.google.com/go/compute/metadata v0.2.3 // indirect
|
|
|
|
|
cloud.google.com/go/iam v0.12.0 // indirect
|
|
|
|
|
github.com/google/go-cmp v0.5.9 // indirect
|
|
|
|
|
github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
|
|
|
|
|
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
|
2022-05-05 18:20:56 +10:00
|
|
|
)
|
