diff --git a/cmd/clair/config.go b/cmd/clair/config.go index 3a8e853b0..81a44c072 100644 --- a/cmd/clair/config.go +++ b/cmd/clair/config.go @@ -24,7 +24,7 @@ import ( "github.com/stackrox/scanner/database" "github.com/stackrox/scanner/pkg/analyzer" "github.com/stackrox/scanner/pkg/updater" - "gopkg.in/yaml.v2" + "go.yaml.in/yaml/v3" ) // File represents a YAML configuration file that namespaces all diff --git a/database/pgsql/pgsql.go b/database/pgsql/pgsql.go index 8c31e0b1e..9688af224 100644 --- a/database/pgsql/pgsql.go +++ b/database/pgsql/pgsql.go @@ -31,7 +31,7 @@ import ( "github.com/stackrox/scanner/database/metrics" "github.com/stackrox/scanner/database/pgsql/migrations" "github.com/stackrox/scanner/pkg/commonerr" - "gopkg.in/yaml.v2" + "go.yaml.in/yaml/v3" ) const ( diff --git a/ext/vulnsrc/alpine/alpine.go b/ext/vulnsrc/alpine/alpine.go index 03e4fd273..0012b7776 100644 --- a/ext/vulnsrc/alpine/alpine.go +++ b/ext/vulnsrc/alpine/alpine.go @@ -30,7 +30,7 @@ import ( "github.com/stackrox/scanner/ext/versionfmt/apk" "github.com/stackrox/scanner/ext/vulnsrc" "github.com/stackrox/scanner/pkg/fsutil" - "gopkg.in/yaml.v2" + "go.yaml.in/yaml/v3" ) const ( diff --git a/go.mod b/go.mod index 5837e505e..59d366427 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,6 @@ require ( github.com/distribution/reference v0.6.0 github.com/docker/distribution v2.8.3+incompatible github.com/facebookincubator/nvdtools v0.1.5 - github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 github.com/go-git/go-billy/v5 v5.6.2 github.com/go-git/go-git/v5 v5.16.2 github.com/google/go-cmp v0.7.0 @@ -47,6 +46,7 @@ require ( go.etcd.io/bbolt v1.4.0 go.uber.org/goleak v1.3.0 go.uber.org/ratelimit v0.3.1 + go.yaml.in/yaml/v3 v3.0.3 golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 golang.org/x/sys v0.33.0 google.golang.org/api v0.238.0 @@ -54,7 +54,7 @@ require ( google.golang.org/grpc v1.73.0 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 google.golang.org/protobuf v1.36.6 - gopkg.in/yaml.v2 v2.4.0 + sigs.k8s.io/yaml v1.4.0 ) require ( @@ -93,6 +93,7 @@ require ( github.com/evanphx/json-patch v5.7.0+incompatible // indirect github.com/facebookincubator/flog v0.0.0-20190930132826-d2511d0ce33c // indirect github.com/felixge/httpsnoop v1.0.4 // indirect + github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-jose/go-jose/v4 v4.0.5 // indirect github.com/go-logr/logr v1.4.2 // indirect @@ -178,6 +179,7 @@ require ( google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/api v0.29.3 // indirect k8s.io/apimachinery v0.29.3 // indirect @@ -188,7 +190,6 @@ require ( nhooyr.io/websocket v1.8.11 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect - sigs.k8s.io/yaml v1.4.0 // indirect ) // @stackrox/scanner diff --git a/go.sum b/go.sum index 9c6cf185a..bcf8ea577 100644 --- a/go.sum +++ b/go.sum @@ -759,6 +759,8 @@ go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/ratelimit v0.3.1 h1:K4qVE+byfv/B3tC+4nYWP7v/6SimcO7HzHekoMNBma0= go.uber.org/ratelimit v0.3.1/go.mod h1:6euWsTB6U/Nb3X++xEUXA8ciPJvr19Q/0h1+oDcJhRk= +go.yaml.in/yaml/v3 v3.0.3 h1:bXOww4E/J3f66rav3pX3m8w6jDE4knZjGOw8b5Y6iNE= +go.yaml.in/yaml/v3 v3.0.3/go.mod h1:tBHosrYAkRZjRAOREWbDnBXUf08JOwYq++0QNwQiWzI= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= diff --git a/pkg/vulnloader/istioloader/yaml.go b/pkg/vulnloader/istioloader/yaml.go index 805df3303..e7404156a 100644 --- a/pkg/vulnloader/istioloader/yaml.go +++ b/pkg/vulnloader/istioloader/yaml.go @@ -3,9 +3,9 @@ package istioloader import ( "io" - "github.com/ghodss/yaml" "github.com/pkg/errors" "github.com/stackrox/istio-cves/types" + "sigs.k8s.io/yaml" ) // LoadYAMLFileFromReader loads the Istio CVE feed from the given io.Reader. diff --git a/pkg/vulnloader/k8sloader/yaml.go b/pkg/vulnloader/k8sloader/yaml.go index ae6c4b3e8..0702d6e2f 100644 --- a/pkg/vulnloader/k8sloader/yaml.go +++ b/pkg/vulnloader/k8sloader/yaml.go @@ -3,9 +3,9 @@ package k8sloader import ( "io" - "github.com/ghodss/yaml" "github.com/pkg/errors" "github.com/stackrox/k8s-cves/pkg/validation" + "sigs.k8s.io/yaml" ) // LoadYAMLFileFromReader loads the Kubernetes CVE feed from the given io.Reader. diff --git a/pkg/vulnloader/nvdloader/enricher.go b/pkg/vulnloader/nvdloader/enricher.go index 4f8dd9292..9c6c89065 100644 --- a/pkg/vulnloader/nvdloader/enricher.go +++ b/pkg/vulnloader/nvdloader/enricher.go @@ -5,12 +5,12 @@ import ( "path/filepath" "github.com/facebookincubator/nvdtools/vulndb" - "github.com/ghodss/yaml" "github.com/go-git/go-billy/v5/memfs" "github.com/go-git/go-git/v5" "github.com/go-git/go-git/v5/storage/memory" "github.com/pkg/errors" "github.com/stackrox/dotnet-scraper/types" + "sigs.k8s.io/yaml" ) const (