基础信息
项目名称:werf/werf
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1719694370940780544/1746783228540911616
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| prometheus client golang 资源管理错误漏洞 | 不加限制或调节的资源分配 | MPS-2021-37056 | CVE-2022-21698 | 高危 |
| rack 存在HTTP请求的解释不一致性(HTTP请求私运)漏洞 | HTTP请求走私 | MPS-2022-15297 | 中危 | |
| OpenTelemetry-Go Contrib 安全漏洞 | 不加限制或调节的资源分配 | MPS-83gr-xlom | CVE-2023-45142 | 高危 |
| CVE-2023-47108漏洞 | 不加限制或调节的资源分配 | MPS-lrfd-7kb6 | CVE-2023-47108 | 高危 |
| SSH协议前缀截断攻击(Terrapin攻击) | 安全相关信息的截断 | MPS-nv0f-qtib | CVE-2023-48795 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | v0.40.0 | 0.44.0 | 间接依赖 | 建议修复 |
| golang.org/x/crypto | v0.16.0 | 0.17.0 | 直接依赖 | 建议修复 |
| go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace | v0.29.0 | 0.44.0 | 间接依赖 | 可选修复 |
| go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | v0.40.0 | 0.46.0 | 间接依赖 | 可选修复 |
| rack | 3.0.8 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| BSD-3-Clause | 57 | 低 |
| MIT | 122 | 低 |
| 自定义许可证 | 9 | 低 |
| Apache-2.0 | 163 | 低 |
| BSD-2-Clause | 8 | 低 |
| CC-BY-SA-4.0 | 2 | 中 |
| MPL-2.0 | 6 | 低 |
| Unicode-DFS-2016 | 2 | 低 |
| Unlicense | 1 | 低 |
| ISC | 3 | 低 |
| GPL-3.0 | 2 | 中 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| gopkg.in/inf.v0 | v0.9.1 | 间接依赖 | go |
| chef-utils | 16.16.13 | 间接依赖 | bundler |
| github.com/BurntSushi/toml | v1.2.1 | 间接依赖 | go |
| ipaddress | 0.8.3 | 间接依赖 | bundler |
| github.com/xeipuuv/gojsonreference | v0.0.0-20180127040603-bd5ef7bd5415 | 间接依赖 | go |
| golang.org/x/text | v0.14.0 | 间接依赖 | go |
| github.com/tidwall/pretty | v1.2.1 | 间接依赖 | go |
| github.com/alessio/shellescape | v1.4.1 | 直接依赖 | go |
| wmi-lite | 1.0.5 | 间接依赖 | bundler |
| github.com/docker/go-connections | v0.4.1-0.20210727194412-58542c764a11 | 直接依赖 | go |
| github.com/cpuguy83/go-md2man/v2 | v2.0.2 | 间接依赖 | go |
| go.opentelemetry.io/otel/exporters/otlp/internal/retry | v1.14.0 | 间接依赖 | go |
| github.com/lann/ps | v0.0.0-20150810152359-62de8c46ede0 | 间接依赖 | go |
| yell | 2.2.2 | 间接依赖 | bundler |
| awesome_print | 1.9.2 | 间接依赖 | bundler |
| github.com/docker/docker-credential-helpers | v0.7.0 | 间接依赖 | go |
| rake | 13.1.0 | 间接依赖 | bundler |
| github.com/gogo/protobuf | v1.3.2 | 间接依赖 | go |
| public_suffix | 5.0.4 | 间接依赖 | bundler |
| github.com/google/gnostic | v0.6.9 | 间接依赖 | go |
| github.com/oklog/ulid | v1.3.1 | 间接依赖 | go |
| parallel | 1.24.0 | 间接依赖 | bundler |
| github.com/prashantv/gostub | v1.1.0 | 直接依赖 | go |
| sassc | 2.4.0 | 间接依赖 | bundler |
| github.com/dominikbraun/graph | v0.23.0 | 间接依赖 | go |
| github.com/gofrs/flock | v0.8.1 | 间接依赖 | go |
| github.com/sigstore/rekor | v1.2.0 | 间接依赖 | go |
| github.com/VividCortex/ewma | v1.2.0 | 间接依赖 | go |
| github.com/russross/blackfriday/v2 | v2.1.0 | 间接依赖 | go |
| github.com/go-openapi/jsonreference | v0.20.2 | 间接依赖 | go |
| github.com/go-git/go-git/v5 | v5.11.0 | 直接依赖 | go |
| typhoeus | 1.4.1 | 间接依赖 | bundler |
| ffi | 1.15.4 | 间接依赖 | bundler |
| http_parser.rb | 0.8.0 | 间接依赖 | bundler |
| go.opentelemetry.io/otel/exporters/otlp/otlptrace | v1.14.0 | 直接依赖 | go |
| go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | v0.40.0 | 间接依赖 | go |
| github.com/opencontainers/go-digest | v1.0.0 | 直接依赖 | go |
| github.com/mitchellh/mapstructure | v1.5.0 | 间接依赖 | go |
| github.com/containerd/console | v1.0.3 | 间接依赖 | go |
| github.com/aws/aws-sdk-go-v2/credentials | v1.13.22 | 间接依赖 | go |
| github.com/containers/libtrust | v0.0.0-20230121012942-c1716e8a8d01 | 间接依赖 | go |
| golang.org/x/crypto | v0.16.0 | 直接依赖 | go |
| github.com/grpc-ecosystem/grpc-gateway/v2 | v2.15.2 | 间接依赖 | go |
| github.com/tonistiigi/fsutil | v0.0.0-20230105215944-fb433841cbfa | 间接依赖 | go |
| github.com/wI2L/jsondiff | v0.4.0 | 间接依赖 | go |
| contracts | 0.16.1 | 间接依赖 | bundler |
| sigs.k8s.io/kustomize/kustomize/v4 | v4.5.7 | 间接依赖 | go |
| github.com/tidwall/sjson | v1.2.5 | 间接依赖 | go |
| github.com/werf/copy-recurse | v0.2.7 | 直接依赖 | go |
| github.com/moby/locker | v1.0.1 | 间接依赖 | go |
| go.opentelemetry.io/otel/trace | v1.14.0 | 直接依赖 | go |
| listen | 3.8.0 | 间接依赖 | bundler |
| github.com/klauspost/compress | v1.16.4 | 间接依赖 | go |
| sass-embedded | 1.63.6 | 间接依赖 | bundler |
| github.com/mitchellh/reflectwalk | v1.0.2 | 间接依赖 | go |
| toml-rb | 2.0.1 | 间接依赖 | bundler |
| ethon | 0.16.0 | 间接依赖 | bundler |
| golang.org/x/mod | v0.12.0 | 直接依赖 | go |
| golang.org/x/time | v0.3.0 | 间接依赖 | go |
| k8s.io/component-base | v0.26.6 | 间接依赖 | go |
| github.com/docker/go-units | v0.5.0 | 直接依赖 | go |
| rb-inotify | 0.10.1 | 间接依赖 | bundler |
| github.com/emicklei/go-restful/v3 | v3.10.2 | 间接依赖 | go |
| github.com/maorfr/helm-plugin-utils | v0.6.1-0.20230319074221-e61910f7f295 | 间接依赖 | go |
| github.com/lann/builder | v0.0.0-20180802200727-47ae307949d0 | 间接依赖 | go |
| github.com/AdaLogics/go-fuzz-headers | v0.0.0-20230106234847-43070de90fa1 | 间接依赖 | go |
| go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace | v0.29.0 | 间接依赖 | go |
| github.com/hashicorp/go-cty-funcs | v0.0.0-20200930094925-2721b1e36840 | 间接依赖 | go |
| rsc.io/letsencrypt | v0.0.3 | 间接依赖 | go |
| libyajl2 | 2.1.0 | 间接依赖 | bundler |
| k8s.io/metrics | v0.26.6 | 间接依赖 | go |
| github.com/apparentlymart/go-textseg/v13 | v13.0.0 | 间接依赖 | go |
| go.opentelemetry.io/proto/otlp | v0.19.0 | 间接依赖 | go |
| github.com/klauspost/pgzip | v1.2.6-0.20220930104621-17e8dac29df8 | 间接依赖 | go |
| github.com/sourcegraph/conc | v0.3.0 | 间接依赖 | go |
| github.com/go-logr/logr | v1.2.4 | 间接依赖 | go |
| github.com/modern-go/concurrent | v0.0.0-20180306012644-bacd9c7ef1dd | 间接依赖 | go |
| pedump | 0.6.2 | 间接依赖 | bundler |
| k8s.io/kubectl | v0.26.6 | 直接依赖 | go |
| google-protobuf | 3.25.2 | 间接依赖 | bundler |
| github.com/theupdateframework/notary | v0.6.1 | 间接依赖 | go |
| tzinfo | 2.0.6 | 间接依赖 | bundler |
| github.com/vbauerster/mpb/v8 | v8.3.0 | 间接依赖 | go |
| github.com/helm/helm-2to3 | v0.10.3 | 直接依赖 | go |
| github.com/chai2010/gettext-go | v1.0.2 | 间接依赖 | go |
| omnibus | 8.2.2 | 间接依赖 | bundler |
| jekyll-watch | 2.2.1 | 间接依赖 | bundler |
| github.com/google/go-containerregistry | v0.14.0 | 直接依赖 | go |
| github.com/Azure/go-ansiterm | v0.0.0-20210617225240-d185dfc1b5a1 | 间接依赖 | go |
| citrus | 3.0.2 | 间接依赖 | bundler |
| github.com/seccomp/libseccomp-golang | v0.10.0 | 间接依赖 | go |
| github.com/json-iterator/go | v1.1.12 | 间接依赖 | go |
| github.com/bmatcuk/doublestar | v1.3.4 | 直接依赖 | go |
| nokogiri | 1.16.0 | 间接依赖 | bundler |
| github.com/moby/spdystream | v0.2.0 | 间接依赖 | go |
| concurrent-ruby | 1.2.2 | 间接依赖 | bundler |
| github.com/ncw/directio | v1.0.5 | 间接依赖 | go |
| i18n | 1.14.1 | 间接依赖 | bundler |
| github.com/ghodss/yaml | v1.0.1-0.20190212211648-25d852aebe32 | 直接依赖 | go |
| kramdown-parser-gfm | 1.1.0 | 间接依赖 | bundler |
| ffi | 1.16.3 | 间接依赖 | bundler |
| github.com/MakeNowJust/heredoc | v1.0.0 | 间接依赖 | go |
| jekyll-include-cache | 0.2.1 | 间接依赖 | bundler |
| go.mongodb.org/mongo-driver | v1.11.3 | 间接依赖 | go |
| github.com/mitchellh/go-wordwrap | v1.0.0 | 间接依赖 | go |
| github.com/Masterminds/semver | v1.5.0 | 直接依赖 | go |
| gopkg.in/oleiade/reflections.v1 | v1.0.0 | 直接依赖 | go |
| k8s.io/apimachinery | v0.27.3 | 直接依赖 | go |
| github.com/manifoldco/promptui | v0.9.0 | 间接依赖 | go |
| github.com/tonistiigi/vt100 | v0.0.0-20210615222946-8066bb97264f | 间接依赖 | go |
| github.com/google/gofuzz | v1.2.0 | 间接依赖 | go |
| github.com/avelino/slugify | v0.0.0-20180501145920-855f152bd774 | 间接依赖 | go |
| github.com/mitchellh/go-homedir | v1.1.0 | 间接依赖 | go |
| github.com/go-openapi/errors | v0.20.3 | 间接依赖 | go |
| go.opentelemetry.io/otel/sdk | v1.14.0 | 直接依赖 | go |
| github.com/werf/lockgate | v0.1.1 | 直接依赖 | go |
| go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | v0.40.0 | 间接依赖 | go |
| github.com/pelletier/go-toml | v1.9.5 | 间接依赖 | go |
| github.com/sigstore/sigstore | v1.6.4 | 间接依赖 | go |
| github.com/mistifyio/go-zfs/v3 | v3.0.0 | 间接依赖 | go |
| bou.ke/monkey | v1.0.2 | 直接依赖 | go |
| github.com/prometheus/client_golang | v1.15.1 | 间接依赖 | go |
| github.com/go-git/go-billy/v5 | v5.5.0 | 间接依赖 | go |
| github.com/go-task/slim-sprig | v0.0.0-20230315185526-52ccab3ef572 | 间接依赖 | go |
| github.com/google/shlex | v0.0.0-20191202100458-e7afc7fbc510 | 间接依赖 | go |
| github.com/peterbourgon/diskv | v2.0.1+incompatible | 间接依赖 | go |
| dario.cat/mergo | v1.0.0 | 间接依赖 | go |
| github.com/montanaflynn/stats | v0.7.0 | 间接依赖 | go |
| github.com/aws/aws-sdk-go-v2/service/sts | v1.18.11 | 间接依赖 | go |
| k8s.io/apiextensions-apiserver | v0.26.2 | 间接依赖 | go |
| jekyll-sass-converter | 3.0.0 | 间接依赖 | bundler |
| chef-config | 16.16.13 | 间接依赖 | bundler |
| thor | 0.20.3 | 间接依赖 | bundler |
| github.com/spf13/pflag | v1.0.5 | 直接依赖 | go |
| github.com/stretchr/testify | v1.8.4 | 间接依赖 | go |
| github.com/hashicorp/errwrap | v1.1.0 | 间接依赖 | go |
| rack | 3.0.8 | 间接依赖 | bundler |
| github.com/moby/term | v0.5.0 | 直接依赖 | go |
| rexml | 3.2.6 | 间接依赖 | bundler |
| github.com/Masterminds/squirrel | v1.5.3 | 间接依赖 | go |
| github.com/davecgh/go-spew | v1.1.1 | 间接依赖 | go |
| github.com/monochromegane/go-gitignore | v0.0.0-20200626010858-205db1a8cc00 | 间接依赖 | go |
| github.com/cenkalti/backoff/v4 | v4.2.0 | 间接依赖 | go |
| github.com/skeema/knownhosts | v1.2.1 | 间接依赖 | go |
| unicode-display_width | 2.5.0 | 间接依赖 | bundler |
| github.com/josharian/intern | v1.0.0 | 间接依赖 | go |
| github.com/otiai10/copy | v1.12.0 | 直接依赖 | go |
| github.com/cespare/xxhash/v2 | v2.2.0 | 间接依赖 | go |
| github.com/ostreedev/ostree-go | v0.0.0-20210805093236-719684c64e4f | 间接依赖 | go |
| go.etcd.io/bbolt | v1.3.7 | 间接依赖 | go |
| github.com/docker/cli | v23.0.6+incompatible | 直接依赖 | go |
| jekyll-sanity | 1.6.0 | 间接依赖 | bundler |
| mixlib-versioning | 1.2.12 | 间接依赖 | bundler |
| github.com/jmoiron/sqlx | v1.3.5 | 间接依赖 | go |
| go.uber.org/multierr | v1.11.0 | 间接依赖 | go |
| github.com/tidwall/match | v1.1.1 | 间接依赖 | go |
| github.com/go-gorp/gorp/v3 | v3.0.5 | 间接依赖 | go |
| ohai | 16.13.0 | 间接依赖 | bundler |
| gopkg.in/go-jose/go-jose.v2 | v2.6.1 | 间接依赖 | go |
| github.com/gookit/color | v1.5.3 | 直接依赖 | go |
| github.com/go-openapi/strfmt | v0.21.7 | 直接依赖 | go |
| github.com/moby/patternmatcher | v0.5.0 | 间接依赖 | go |
| github.com/gregjones/httpcache | v0.0.0-20190611155906-901d90724c79 | 间接依赖 | go |
| github.com/moby/sys/mountinfo | v0.6.2 | 间接依赖 | go |
| github.com/containerd/typeurl | v1.0.2 | 间接依赖 | go |
| colorator | 1.1.0 | 间接依赖 | bundler |
| github.com/lithammer/dedent | v1.1.0 | 间接依赖 | go |
| github.com/moby/sys/signal | v0.7.0 | 间接依赖 | go |
| github.com/deislabs/oras | v0.12.0 | 直接依赖 | go |
| github.com/containers/buildah | v1.30.0 | 直接依赖 | go |
| github.com/container-orchestrated-devices/container-device-interface | v0.5.4 | 间接依赖 | go |
| github.com/inconshreveable/mousetrap | v1.1.0 | 间接依赖 | go |
| gopkg.in/square/go-jose.v2 | v2.6.0 | 间接依赖 | go |
| github.com/acarl005/stripansi | v0.0.0-20180116102854-5a71ef0e047d | 直接依赖 | go |
| github.com/aws/aws-sdk-go-v2/internal/ini | v1.3.34 | 间接依赖 | go |
| github.com/mailru/easyjson | v0.7.7 | 间接依赖 | go |
| plist | 3.6.0 | 间接依赖 | bundler |
| github.com/jinzhu/gorm | v1.9.12 | 间接依赖 | go |
| aws-sdk-s3 | 1.103.0 | 间接依赖 | bundler |
| github.com/agext/levenshtein | v1.2.3 | 间接依赖 | go |
| github.com/onsi/gomega | v1.27.10 | 直接依赖 | go |
| aws-sdk-kms | 1.49.0 | 间接依赖 | bundler |
| aws-sdk-core | 3.121.1 | 间接依赖 | bundler |
| rb-fsevent | 0.11.2 | 间接依赖 | bundler |
| github.com/aws/smithy-go | v1.13.5 | 间接依赖 | go |
| aws-partitions | 1.514.0 | 间接依赖 | bundler |
| github.com/pjbgf/sha1cd | v0.3.0 | 间接依赖 | go |
| github.com/gophercloud/gophercloud | v1.4.0 | 直接依赖 | go |
| github.com/emirpasic/gods | v1.18.1 | 间接依赖 | go |
| github.com/modern-go/reflect2 | v1.0.2 | 间接依赖 | go |
| k8s.io/component-helpers | v0.26.6 | 间接依赖 | go |
| extras | 0.3.0 | 间接依赖 | bundler |
| github.com/google/pprof | v0.0.0-20230309165930-d61513b1440d | 间接依赖 | go |
| gopkg.in/yaml.v2 | v2.4.0 | 直接依赖 | go |
| github.com/hashicorp/go-version | v1.6.0 | 直接依赖 | go |
| github.com/vbatts/tar-split | v0.11.3 | 间接依赖 | go |
| github.com/chzyer/readline | v1.5.1 | 间接依赖 | go |
| github.com/spf13/cast | v1.5.0 | 间接依赖 | go |
| github.com/docker/go | v1.5.1-1.0.20160303222718-d30aec9fd63c | 间接依赖 | go |
| go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc | v1.14.0 | 间接依赖 | go |
| sigs.k8s.io/structured-merge-diff/v4 | v4.2.3 | 间接依赖 | go |
| k8s.io/client-go | v0.27.3 | 直接依赖 | go |
| addressable | 2.8.0 | 间接依赖 | bundler |
| github.com/Masterminds/sprig/v3 | v3.2.3 | 直接依赖 | go |
| github.com/containers/image/v5 | v5.25.0 | 直接依赖 | go |
| github.com/zclconf/go-cty | v1.10.0 | 间接依赖 | go |
| mercenary | 0.4.0 | 间接依赖 | bundler |
| github.com/tidwall/gjson | v1.14.2 | 间接依赖 | go |
| mixlib-log | 3.0.9 | 间接依赖 | bundler |
| gopkg.in/warnings.v0 | v0.1.2 | 间接依赖 | go |
| github.com/onsi/ginkgo/v2 | v2.11.0 | 直接依赖 | go |
| go.starlark.net | v0.0.0-20200306205701-8dd3e2ee1dd5 | 间接依赖 | go |
| helm.sh/helm/v3 | v3.11.2 | 直接依赖 | go |
| minitest | 5.20.0 | 间接依赖 | bundler |
| github.com/gofrs/uuid | v4.4.0+incompatible | 间接依赖 | go |
| github.com/gorilla/mux | v1.8.0 | 间接依赖 | go |
| github.com/beorn7/perks | v1.0.1 | 间接依赖 | go |
| gopkg.in/errgo.v2 | v2.1.0 | 直接依赖 | go |
| github.com/mattn/go-isatty | v0.0.17 | 间接依赖 | go |
| github.com/go-openapi/validate | v0.22.1 | 直接依赖 | go |
| github.com/containerd/typeurl/v2 | v2.1.1 | 间接依赖 | go |
| json | 2.5.1 | 间接依赖 | bundler |
| github.com/sylabs/sif/v2 | v2.11.1 | 间接依赖 | go |
| github.com/apparentlymart/go-cidr | v1.0.1 | 间接依赖 | go |
| github.com/openshift/imagebuilder | v1.2.5-0.20230315213933-1693aaac1009 | 间接依赖 | go |
| github.com/aws/aws-sdk-go-v2/service/ssooidc | v1.14.10 | 间接依赖 | go |
| github.com/docker/docker | v23.0.6+incompatible | 直接依赖 | go |
| net-scp | 3.0.0 | 间接依赖 | bundler |
| k8s.io/cli-runtime | v0.26.6 | 直接依赖 | go |
| github.com/go-git/gcfg | v1.5.1-0.20230307220236-3a3c6141e376 | 间接依赖 | go |
| terminal-table | 3.0.2 | 间接依赖 | bundler |
| golang.org/x/sys | v0.15.0 | 间接依赖 | go |
| mini_portile2 | 2.8.5 | 间接依赖 | bundler |
| google.golang.org/grpc | v1.55.0 | 间接依赖 | go |
| github.com/shopspring/decimal | v1.2.0 | 间接依赖 | go |
| github.com/cyberphone/json-canonicalization | v0.0.0-20220623050100-57a0ce2678a7 | 间接依赖 | go |
| github.com/moby/sys/symlink | v0.2.0 | 间接依赖 | go |
| ffi-yajl | 2.4.0 | 间接依赖 | bundler |
| github.com/apparentlymart/go-textseg/v12 | v12.0.0 | 间接依赖 | go |
| github.com/lib/pq | v1.10.7 | 间接依赖 | go |
| github.com/xlab/treeprint | v1.1.0 | 间接依赖 | go |
| rouge | 4.2.0 | 间接依赖 | bundler |
| liquid | 4.0.4 | 间接依赖 | bundler |
| github.com/morikuni/aec | v1.0.0 | 间接依赖 | go |
| rainbow | 3.1.1 | 间接依赖 | bundler |
| github.com/golang/groupcache | v0.0.0-20210331224755-41bb18bfe9da | 间接依赖 | go |
| github.com/matttproud/golang_protobuf_extensions | v1.0.4 | 间接依赖 | go |
| github.com/gobwas/glob | v0.2.3 | 间接依赖 | go |
| golang.org/x/sync | v0.3.0 | 间接依赖 | go |
| github.com/werf/kubedog | v0.11.0 | 直接依赖 | go |
| racc | 1.7.3 | 间接依赖 | bundler |
| github.com/samber/lo | v1.38.1 | 直接依赖 | go |
| liquid-tag-parser | 2.0.2 | 间接依赖 | bundler |
| github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 | v2.4.27 | 间接依赖 | go |
| github.com/Microsoft/hcsshim | v0.10.0-rc.8 | 间接依赖 | go |
| github.com/docker/buildx | v0.10.4 | 直接依赖 | go |
| github.com/stefanberger/go-pkcs11uri | v0.0.0-20201008174630-78d3cae3a980 | 间接依赖 | go |
| github.com/proglottis/gpgme | v0.1.3 | 间接依赖 | go |
| github.com/aws/aws-sdk-go-v2/internal/configsources | v1.1.33 | 间接依赖 | go |
| github.com/mitchellh/copystructure | v1.2.0 | 直接依赖 | go |
| mixlib-config | 3.0.9 | 间接依赖 | bundler |
| github.com/jonboulle/clockwork | v0.3.0 | 间接依赖 | go |
| oras.land/oras-go | v1.2.3 | 直接依赖 | go |
| k8s.io/helm | v2.17.0+incompatible | 直接依赖 | go |
| github.com/werf/nelm | v0.0.0-00010101000000-000000000000 | 直接依赖 | go |
| github.com/containers/common | v0.52.0 | 直接依赖 | go |
| golang.org/x/term | v0.15.0 | 间接依赖 | go |
| tomlrb | 1.3.0 | 间接依赖 | bundler |
| github.com/containernetworking/plugins | v1.2.0 | 间接依赖 | go |
| github.com/fsnotify/fsnotify | v1.6.0 | 间接依赖 | go |
| iostruct | 0.0.4 | 间接依赖 | bundler |
| golang.org/x/net | v0.19.0 | 直接依赖 | go |
| go.opentelemetry.io/otel/metric | v0.37.0 | 间接依赖 | go |
| github.com/go-openapi/jsonpointer | v0.19.6 | 间接依赖 | go |
| safe_yaml | 1.0.5 | 间接依赖 | bundler |
| github.com/sirupsen/logrus | v1.9.3 | 直接依赖 | go |
| license_scout | 1.2.13 | 间接依赖 | bundler |
| github.com/liggitt/tabwriter | v0.0.0-20181228230101-89fcab3d43de | 间接依赖 | go |
| k8s.io/apiserver | v0.26.2 | 间接依赖 | go |
| github.com/ulikunitz/xz | v0.5.11 | 间接依赖 | go |
| forwardable-extended | 2.6.0 | 间接依赖 | bundler |
| sigs.k8s.io/kustomize/api | v0.12.1 | 间接依赖 | go |
| ruby-progressbar | 1.11.0 | 间接依赖 | bundler |
| github.com/cloudflare/circl | v1.3.3 | 间接依赖 | go |
| github.com/google/uuid | v1.3.0 | 直接依赖 | go |
| github.com/minio/minio | v0.0.0-20210311070216-f92b7a562103 | 直接依赖 | go |
| go.opentelemetry.io/otel | v1.14.0 | 直接依赖 | go |
| github.com/ProtonMail/go-crypto | v0.0.0-20230828082145-3c4c8a2d2371 | 间接依赖 | go |
| github.com/go-openapi/swag | v0.22.3 | 间接依赖 | go |
| github.com/grpc-ecosystem/go-grpc-middleware | v1.4.0 | 间接依赖 | go |
| github.com/miekg/pkcs11 | v1.1.1 | 间接依赖 | go |
| github.com/go-openapi/loads | v0.21.2 | 间接依赖 | go |
| github.com/Masterminds/vcs | v1.13.3 | 间接依赖 | go |
| sprockets | 4.2.1 | 间接依赖 | bundler |
| github.com/dustin/go-humanize | v1.0.1 | 直接依赖 | go |
| github.com/spaolacci/murmur3 | v1.1.0 | 直接依赖 | go |
| em-websocket | 0.5.3 | 间接依赖 | bundler |
| github.com/kevinburke/ssh_config | v1.2.0 | 间接依赖 | go |
| github.com/gogo/googleapis | v1.4.1 | 间接依赖 | go |
| github.com/aymanbagabas/go-udiff | v0.1.3 | 间接依赖 | go |
| github.com/jmespath/go-jmespath | v0.4.0 | 间接依赖 | go |
| github.com/google/go-cmp | v0.6.0 | 间接依赖 | go |
| aws-eventstream | 1.2.0 | 间接依赖 | bundler |
| golang.org/x/oauth2 | v0.7.0 | 间接依赖 | go |
| github.com/aws/aws-sdk-go-v2/service/sso | v1.12.10 | 间接依赖 | go |
| github.com/aws/aws-sdk-go-v2 | v1.18.0 | 间接依赖 | go |
| github.com/sergi/go-diff | v1.2.0 | 间接依赖 | go |
| github.com/containerd/continuity | v0.4.1 | 间接依赖 | go |
| go.opencensus.io | v0.24.0 | 间接依赖 | go |
| multipart-post | 2.1.1 | 间接依赖 | bundler |
| kramdown | 2.4.0 | 间接依赖 | bundler |
| github.com/xo/terminfo | v0.0.0-20220910002029-abceb7e1c41e | 间接依赖 | go |
| github.com/disiqueira/gotree/v3 | v3.0.2 | 间接依赖 | go |
| github.com/prometheus/procfs | v0.9.0 | 间接依赖 | go |
| github.com/go-logr/stdr | v1.2.2 | 间接依赖 | go |
| github.com/rodaine/table | v1.1.0 | 直接依赖 | go |
| github.com/hashicorp/hcl/v2 | v2.8.2 | 间接依赖 | go |
| github.com/munnerz/goautoneg | v0.0.0-20191010083416-a7dc8b61c822 | 间接依赖 | go |
| github.com/syndtr/gocapability | v0.0.0-20200815063812-42c35b437635 | 间接依赖 | go |
| gopkg.in/ini.v1 | v1.67.0 | 直接依赖 | go |
| github.com/mattn/go-colorable | v0.1.13 | 间接依赖 | go |
| github.com/docker/go-metrics | v0.0.1 | 间接依赖 | go |
| github.com/jinzhu/copier | v0.3.5 | 间接依赖 | go |
| github.com/opencontainers/runc | v1.1.5 | 间接依赖 | go |
| github.com/theupdateframework/go-tuf | v0.5.2 | 间接依赖 | go |
| github.com/go-errors/errors | v1.0.1 | 间接依赖 | go |
| github.com/fluxcd/flagger | v1.31.0 | 直接依赖 | go |
| github.com/agl/ed25519 | v0.0.0-20170116200512-5312a6153412 | 间接依赖 | go |
| html-proofer | 3.19.4 | 间接依赖 | bundler |
| public_suffix | 4.0.6 | 间接依赖 | bundler |
| k8s.io/api | v0.27.3 | 直接依赖 | go |
| rainbow | 3.0.0 | 间接依赖 | bundler |
| sigs.k8s.io/json | v0.0.0-20221116044647-bc3834ca7abd | 间接依赖 | go |
| github.com/docker/cli-docs-tool | v0.5.1 | 间接依赖 | go |
| github.com/go-openapi/analysis | v0.21.4 | 间接依赖 | go |
| github.com/werf/logboek | v0.6.1 | 直接依赖 | go |
| github.com/aws/aws-sdk-go-v2/service/internal/presigned-url | v1.9.27 | 间接依赖 | go |
| github.com/containers/ocicrypt | v1.1.7 | 间接依赖 | go |
| github.com/djherbis/buffer | v1.2.0 | 直接依赖 | go |
| github.com/fsouza/go-dockerclient | v1.9.7 | 间接依赖 | go |
| github.com/cloudflare/cfssl | v1.4.1 | 间接依赖 | go |
| github.com/titanous/rocacheck | v0.0.0-20171023193734-afe73141d399 | 间接依赖 | go |
| github.com/go-openapi/runtime | v0.26.0 | 间接依赖 | go |
| github.com/pmezard/go-difflib | v1.0.1-0.20181226105442-5d4384ee4fb2 | 间接依赖 | go |
| fuzzyurl | 0.9.0 | 间接依赖 | bundler |
| github.com/sigstore/fulcio | v1.2.0 | 间接依赖 | go |
| github.com/huandu/xstrings | v1.3.3 | 间接依赖 | go |
| github.com/golang/protobuf | v1.5.3 | 间接依赖 | go |
| github.com/spf13/cobra | v1.7.0 | 直接依赖 | go |
| github.com/fatih/camelcase | v1.0.0 | 间接依赖 | go |
| net-ssh | 6.1.0 | 间接依赖 | bundler |
| github.com/vishvananda/netns | v0.0.0-20210104183010-2eb08e3e575f | 间接依赖 | go |
| jmespath | 1.6.1 | 间接依赖 | bundler |
| webrick | 1.8.1 | 间接依赖 | bundler |
| github.com/google/btree | v1.0.1 | 间接依赖 | go |
| github.com/moby/sys/sequential | v0.5.0 | 间接依赖 | go |
| train-core | 3.8.1 | 间接依赖 | bundler |
| github.com/daviddengcn/go-colortext | v1.0.0 | 间接依赖 | go |
| github.com/letsencrypt/boulder | v0.0.0-20230213213521-fdfea0d469b6 | 间接依赖 | go |
| chef-cleanroom | 1.0.4 | 间接依赖 | bundler |
| golang.org/x/exp | v0.0.0-20230321023759-10a507213a29 | 间接依赖 | go |
| github.com/containerd/cgroups | v1.1.0 | 间接依赖 | go |
| github.com/jellydator/ttlcache/v3 | v3.1.0 | 间接依赖 | go |
| github.com/mattn/go-runewidth | v0.0.14 | 间接依赖 | go |
| github.com/compose-spec/compose-go | v1.6.0 | 间接依赖 | go |
| sigs.k8s.io/yaml | v1.3.0 | 直接依赖 | go |
| github.com/evanphx/json-patch | v5.6.0+incompatible | 间接依赖 | go |
| activesupport | 6.1.7.6 | 间接依赖 | bundler |
| gopkg.in/yaml.v3 | v3.0.1 | 直接依赖 | go |
| go.mozilla.org/pkcs7 | v0.0.0-20210826202110-33d05740a352 | 间接依赖 | go |
| mixlib-shellout | 3.2.5 | 间接依赖 | bundler |
| go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp | v1.14.0 | 直接依赖 | go |
| k8s.io/klog/v2 | v2.100.1 | 直接依赖 | go |
| github.com/prometheus/client_model | v0.4.0 | 间接依赖 | go |
| github.com/exponent-io/jsonpath | v0.0.0-20151013193312-d6023ce2651d | 间接依赖 | go |
| github.com/imdario/mergo | v0.3.15 | 间接依赖 | go |
| github.com/oleiade/reflections | v1.0.1 | 间接依赖 | go |
| github.com/go-openapi/spec | v0.20.9 | 直接依赖 | go |
| k8s.io/klog | v1.0.0 | 直接依赖 | go |
| github.com/mattn/go-sqlite3 | v2.0.1+incompatible | 间接依赖 | go |
| github.com/containerd/containerd | v1.7.2 | 直接依赖 | go |
| github.com/Masterminds/goutils | v1.1.1 | 直接依赖 | go |
| google.golang.org/genproto | v0.0.0-20230410155749-daa745c078e1 | 间接依赖 | go |
| github.com/xeipuuv/gojsonpointer | v0.0.0-20190905194746-02993c407bfb | 间接依赖 | go |
| github.com/moby/buildkit | v0.11.6 | 直接依赖 | go |
| github.com/opencontainers/runtime-spec | v1.1.0-rc.3 | 直接依赖 | go |
| github.com/hashicorp/go-multierror | v1.1.1 | 直接依赖 | go |
| github.com/felixge/httpsnoop | v1.0.3 | 间接依赖 | go |
| github.com/pkg/errors | v0.9.1 | 直接依赖 | go |
| github.com/opencontainers/image-spec | v1.1.0-rc2.0.20221005185240-3a7f492d3f1b | 直接依赖 | go |
| github.com/fvbommel/sortorder | v1.0.1 | 间接依赖 | go |
| golang.org/x/tools | v0.13.0 | 间接依赖 | go |
| k8s.io/kube-openapi | v0.0.0-20230501164219-8b0f38b5fd1f | 间接依赖 | go |
| github.com/tchap/go-patricia/v2 | v2.3.1 | 间接依赖 | go |
| github.com/jbenet/go-context | v0.0.0-20150711004518-d14ea06fba99 | 间接依赖 | go |
| github.com/aws/aws-sdk-go-v2/feature/ec2/imds | v1.13.3 | 间接依赖 | go |
| k8s.io/utils | v0.0.0-20230406110748-d93618cff8a2 | 直接依赖 | go |
| google.golang.org/appengine | v1.6.7 | 间接依赖 | go |
| addressable | 2.8.6 | 间接依赖 | bundler |
| github.com/distribution/distribution/v3 | v3.0.0-20221208165359-362910506bc2 | 间接依赖 | go |
| github.com/google/go-intervals | v0.0.2 | 间接依赖 | go |
| github.com/bugsnag/bugsnag-go | v1.5.3 | 间接依赖 | go |
| github.com/rivo/uniseg | v0.4.4 | 间接依赖 | go |
| github.com/opencontainers/runtime-tools | v0.9.1-0.20230317050512-e931285f4b69 | 间接依赖 | go |
| github.com/xanzy/ssh-agent | v0.3.3 | 间接依赖 | go |
| github.com/fatih/color | v1.14.1 | 间接依赖 | go |
| eventmachine | 1.2.7 | 间接依赖 | bundler |
| mixlib-cli | 2.1.8 | 间接依赖 | bundler |
| pathutil | 0.16.2 | 间接依赖 | bundler |
| github.com/docker/distribution | v2.8.2+incompatible | 直接依赖 | go |
| zhexdump | 0.0.2 | 间接依赖 | bundler |
| github.com/containernetworking/cni | v1.1.2 | 间接依赖 | go |
| github.com/cyphar/filepath-securejoin | v0.2.4 | 间接依赖 | go |
| sigs.k8s.io/kustomize/kyaml | v0.13.9 | 间接依赖 | go |
| aws-sigv4 | 1.4.0 | 间接依赖 | bundler |
| zeitwerk | 2.6.12 | 间接依赖 | bundler |
| github.com/asaskevich/govalidator | v0.0.0-20230301143203-a9d515a09cc2 | 间接依赖 | go |
| github.com/mxk/go-flowrate | v0.0.0-20140419014527-cca7078d478f | 间接依赖 | go |
| github.com/opencontainers/selinux | v1.11.0 | 间接依赖 | go |
| github.com/djherbis/nio/v3 | v3.0.1 | 直接依赖 | go |
| github.com/aws/aws-sdk-go-v2/config | v1.18.23 | 间接依赖 | go |
| mvdan.cc/xurls | v1.1.0 | 直接依赖 | go |
| github.com/chanced/caps | v1.0.1 | 间接依赖 | go |
| github.com/containers/storage | v1.46.1 | 直接依赖 | go |
| jekyll | 4.3.3 | 间接依赖 | bundler |
| github.com/Masterminds/semver/v3 | v3.2.1 | 间接依赖 | go |
| github.com/containerd/ttrpc | v1.2.2 | 间接依赖 | go |
| github.com/containerd/stargz-snapshotter/estargz | v0.14.3 | 间接依赖 | go |
| github.com/rubenv/sql-migrate | v1.2.0 | 间接依赖 | go |
| github.com/mattn/go-shellwords | v1.0.12 | 间接依赖 | go |
| github.com/gosuri/uitable | v0.0.4 | 直接依赖 | go |
| github.com/tonistiigi/units | v0.0.0-20180711220420-6950e57a87ea | 间接依赖 | go |
| github.com/mvdan/xurls | v1.1.0 | 间接依赖 | go |
| github.com/Microsoft/go-winio | v0.6.1 | 间接依赖 | go |
| github.com/xeipuuv/gojsonschema | v1.2.0 | 间接依赖 | go |
| github.com/aws/aws-sdk-go | v1.44.289 | 直接依赖 | go |
| github.com/prometheus/common | v0.42.0 | 间接依赖 | go |
| github.com/vishvananda/netlink | v1.2.1-beta.2 | 间接依赖 | go |
| google.golang.org/protobuf | v1.30.0 | 间接依赖 | go |