mirror of
https://github.com/kubernetes/kubernetes.git
synced 2026-02-03 20:40:26 -05:00
5b478645cd
This PR updates several dependencies addressing security vulnerabilities,
stability fixes, and authentication improvements.
- golang.org/x/crypto: v0.46.0 -> v0.47.0
- Includes latest X509 root certificate bundle updates
- Security hardening for cryptographic operations
- Foundation dependency for TLS and authentication
- github.com/golang-jwt/jwt/v5: v5.2.2 -> v5.3.0
- IMPORTANT: v5.2.2 patched vulnerability GHSA-mh63-6h87-95cp (token
validation security issue) - this update ensures we have the fix
- Adds multiple audience validation support for JWT tokens
- Go 1.21 minimum requirement (code modernization)
- Replaced legacy interface{} with modern any keyword
- golang.org/x/net: v0.48.0 -> v0.49.0
- HTTP/2 priority scheduler improvements (RFC 9218)
- WebSocket security enhancements
- Network layer stability fixes
- go.uber.org/zap: v1.27.0 -> v1.27.1
- Fix: Prevent Object from panicking on nils (PR #1501)
- Fix: Race condition in WithLazy (PR #1511)
- Both fixes improve logging stability in concurrent scenarios
- github.com/godbus/dbus/v5: v5.2.0 -> v5.2.2
- Security: Disabled SHA1 authentication by default on non-Windows
platforms (v5.2.0 change now inherited)
- Performance: Multiple optimizations reducing memory allocations
- Fix: Alignment issues in decoder operations
- Fix: Allow more than 32 containers/struct fields in a signature
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
|
||
|---|---|---|
| .. | ||
| crypto | ||
| exp | ||
| mod | ||
| net | ||
| oauth2 | ||
| sync | ||
| sys | ||
| term | ||
| text | ||
| time | ||
| tools | ||