Fix vulnerabilities in buildkit and src-d go-git/v4 packages

go.list

@@ -0,0 +1,201 @@
+cloud.google.com/go v0.110.0
+cloud.google.com/go/compute/metadata v0.2.3
+cloud.google.com/go/containeranalysis v0.9.0
+cloud.google.com/go/grafeas v0.2.0
+cloud.google.com/go/iam v0.13.0
+cloud.google.com/go/storage v1.28.1
+dario.cat/mergo v1.0.0
+github.com/Azure/azure-sdk-for-go v56.3.0+incompatible
+github.com/Azure/go-autorest/autorest v0.11.24
+github.com/Azure/go-autorest/autorest/adal v0.9.18
+github.com/Azure/go-autorest/autorest/azure/auth v0.4.2
+github.com/Azure/go-autorest/autorest/azure/cli v0.4.2
+github.com/Azure/go-autorest/autorest/date v0.3.0
+github.com/Azure/go-autorest/autorest/validation v0.3.1
+github.com/Azure/go-autorest/logger v0.2.1
+github.com/Azure/go-autorest/tracing v0.6.0
+github.com/BurntSushi/toml v0.4.1
+github.com/GoogleCloudPlatform/docker-credential-gcr v2.0.5+incompatible
+github.com/Masterminds/goutils v1.1.1
+github.com/Masterminds/semver/v3 v3.1.1
+github.com/Masterminds/sprig/v3 v3.2.2
+github.com/OneOfOne/xxhash v1.2.8
+github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371
+github.com/PuerkitoBio/purell v1.1.1
+github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578
+github.com/VerbalExpressions/GoVerbalExpressions v0.0.0-20200410162751-4d76a1099a6e
+github.com/agext/levenshtein v1.2.3
+github.com/agnivade/levenshtein v1.1.1
+github.com/apparentlymart/go-textseg/v13 v13.0.0
+github.com/apparentlymart/go-versions v1.0.1
+github.com/aws/aws-sdk-go v1.44.193
+github.com/aws/aws-sdk-go-v2 v1.17.6
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10
+github.com/aws/aws-sdk-go-v2/config v1.18.16
+github.com/aws/aws-sdk-go-v2/credentials v1.13.16
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.24
+github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.56
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.30
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.24
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.31
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.22
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.25
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.24
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.24
+github.com/aws/aws-sdk-go-v2/service/s3 v1.30.6
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.5
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.5
+github.com/aws/aws-sdk-go-v2/service/sts v1.18.6
+github.com/aws/smithy-go v1.13.5
+github.com/awslabs/goformation/v7 v7.0.5
+github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d
+github.com/cloudflare/circl v1.3.3
+github.com/containerd/typeurl/v2 v2.1.1
+github.com/cyphar/filepath-securejoin v0.2.4
+github.com/davecgh/go-spew v1.1.1
+github.com/dimchansky/utfbom v1.1.1
+github.com/docker/cli v24.0.4+incompatible
+github.com/docker/distribution v2.8.2+incompatible
+github.com/docker/docker v24.0.0-rc.2.0.20230718135204-8e51b8b59cb8+incompatible
+github.com/docker/docker-credential-helpers v0.7.0
+github.com/docker/go-connections v0.4.0
+github.com/docker/go-units v0.5.0
+github.com/emirpasic/gods v1.18.1
+github.com/evanphx/json-patch v4.11.0+incompatible
+github.com/fatih/color v1.9.0
+github.com/felixge/httpsnoop v1.0.3
+github.com/fsnotify/fsnotify v1.6.0
+github.com/ghodss/yaml v1.0.0
+github.com/go-errors/errors v1.0.1
+github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376
+github.com/go-git/go-billy/v5 v5.5.0
+github.com/go-git/go-git/v5 v5.11.0
+github.com/go-logr/logr v1.2.4
+github.com/go-openapi/jsonpointer v0.19.5
+github.com/go-openapi/jsonreference v0.19.5
+github.com/go-openapi/swag v0.19.14
+github.com/gobwas/glob v0.2.3
+github.com/gogo/protobuf v1.3.2
+github.com/golang-jwt/jwt/v4 v4.4.2
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
+github.com/golang/protobuf v1.5.3
+github.com/google/go-cmp v0.6.0
+github.com/google/go-containerregistry v0.5.1
+github.com/google/gofuzz v1.2.0
+github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
+github.com/google/uuid v1.3.0
+github.com/googleapis/enterprise-certificate-proxy v0.2.3
+github.com/googleapis/gax-go/v2 v2.7.1
+github.com/googleapis/gnostic v0.5.5
+github.com/gorilla/handlers v1.5.1
+github.com/gorilla/mux v1.8.0
+github.com/hashicorp/errwrap v1.1.0
+github.com/hashicorp/go-cleanhttp v0.5.2
+github.com/hashicorp/go-getter v1.7.0
+github.com/hashicorp/go-hclog v0.15.0
+github.com/hashicorp/go-multierror v1.1.1
+github.com/hashicorp/go-retryablehttp v0.7.2
+github.com/hashicorp/go-safetemp v1.0.0
+github.com/hashicorp/go-version v1.6.0
+github.com/hashicorp/hcl v1.0.0
+github.com/hashicorp/hcl/v2 v2.10.1
+github.com/hashicorp/terraform v0.15.3
+github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734
+github.com/huandu/xstrings v1.3.2
+github.com/iancoleman/strcase v0.1.3
+github.com/imdario/mergo v0.3.12
+github.com/itchyny/gojq v0.12.1
+github.com/itchyny/timefmt-go v0.1.1
+github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99
+github.com/jmespath/go-jmespath v0.4.0
+github.com/josharian/intern v1.0.0
+github.com/json-iterator/go v1.1.12
+github.com/kevinburke/ssh_config v1.2.0
+github.com/klauspost/compress v1.17.2
+github.com/mailru/easyjson v0.7.6
+github.com/mattn/go-colorable v0.1.6
+github.com/mattn/go-isatty v0.0.12
+github.com/mitchellh/copystructure v1.1.1
+github.com/mitchellh/go-homedir v1.1.0
+github.com/mitchellh/go-testing-interface v1.14.1
+github.com/mitchellh/go-wordwrap v1.0.0
+github.com/mitchellh/panicwrap v1.0.0
+github.com/mitchellh/reflectwalk v1.0.1
+github.com/moby/buildkit v0.12.5
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
+github.com/modern-go/reflect2 v1.0.2
+github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00
+github.com/nxadm/tail v1.4.8
+github.com/onsi/ginkgo v1.16.4
+github.com/onsi/gomega v1.27.10
+github.com/open-policy-agent/opa v0.46.1
+github.com/opencontainers/go-digest v1.0.0
+github.com/opencontainers/image-spec v1.1.0-rc3
+github.com/owenrumney/go-sarif/v2 v2.1.2
+github.com/pelletier/go-toml v1.9.5
+github.com/pjbgf/sha1cd v0.3.0
+github.com/pkg/errors v0.9.1
+github.com/pmezard/go-difflib v1.0.0
+github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475
+github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0
+github.com/sanathkr/go-yaml v0.0.0-20170819195128-ed9d249f429b
+github.com/sanathkr/yaml v0.0.0-20170819201035-0056894fa522
+github.com/sergi/go-diff v1.1.0
+github.com/shopspring/decimal v1.2.0
+github.com/sirupsen/logrus v1.9.0
+github.com/skeema/knownhosts v1.2.1
+github.com/spf13/afero v1.6.0
+github.com/spf13/cast v1.3.1
+github.com/spf13/cobra v1.6.1
+github.com/spf13/pflag v1.0.5
+github.com/stretchr/testify v1.8.4
+github.com/tchap/go-patricia/v2 v2.3.1
+github.com/ulikunitz/xz v0.5.10
+github.com/xanzy/ssh-agent v0.3.3
+github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415
+github.com/xeipuuv/gojsonschema v1.2.0
+github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca
+github.com/yashtewari/glob-intersection v0.1.0
+github.com/zclconf/go-cty v1.10.0
+go.opencensus.io v0.24.0
+go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5
+go.uber.org/atomic v1.7.0
+go.uber.org/multierr v1.6.0
+go.uber.org/zap v1.17.0
+golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b
+golang.org/x/mod v0.12.0
+golang.org/x/net v0.19.0
+golang.org/x/oauth2 v0.7.0
+golang.org/x/sync v0.3.0
+golang.org/x/sys v0.15.0
+golang.org/x/term v0.15.0
+golang.org/x/text v0.14.0
+golang.org/x/time v0.3.0
+golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2
+google.golang.org/api v0.114.0
+google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1
+google.golang.org/grpc v1.56.3
+google.golang.org/protobuf v1.30.0
+gopkg.in/inf.v0 v0.9.1
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7
+gopkg.in/warnings.v0 v0.1.2
+gopkg.in/yaml.v2 v2.4.0
+gopkg.in/yaml.v3 v3.0.1
+helm.sh/helm/v3 v3.6.1
+k8s.io/api v0.19.0
+k8s.io/apiextensions-apiserver v0.21.0
+k8s.io/apimachinery v0.19.0
+k8s.io/client-go v0.19.0
+k8s.io/klog/v2 v2.30.0
+k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c
+k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b
+modernc.org/libc v1.9.11
+modernc.org/mathutil v1.4.0
+modernc.org/memory v1.0.4
+modernc.org/sqlite v1.11.1
+sigs.k8s.io/kustomize/api v0.8.11
+sigs.k8s.io/kustomize/kyaml v0.11.0
+sigs.k8s.io/structured-merge-diff/v4 v4.1.2
+sigs.k8s.io/yaml v1.2.0