Update go.mod replace directives (#10054)

Removed old `replace` directives in `go.mod` that are no longer required, and updated the entry for `containerd` to address [ CVE-2022-23471](https://github.com/linkerd/linkerd2/security/dependabot/37)
linkerd · Feb 3, 2023 · 9c8ef83 · 9c8ef83
1 parent ed5dda0
commit 9c8ef83
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 33 deletions.
diff --git a/go.mod b/go.mod
@@ -116,7 +116,7 @@ require (
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/mailru/easyjson v0.7.6 // indirect
 	github.com/mattn/go-colorable v0.1.12 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/locker v1.0.1 // indirect
@@ -154,7 +154,7 @@ require (
 	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
 	google.golang.org/api v0.62.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368 // indirect
+	google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/cli-runtime v0.24.2 // indirect
@@ -168,17 +168,6 @@ require (
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 )
 
-// to avoid the `github.com/golang/protobuf/protoc-gen-go/generator` deprecation warning
-// (see https://github.com/golang/protobuf/issues/1104)
-replace github.com/grpc-ecosystem/grpc-gateway => github.com/grpc-ecosystem/grpc-gateway v1.14.8
-
-// avoids scanners hitting the alert described in https://github.com/helm/helm/issues/7846
-// this should be removed when helm upgrades that dependency on runc
-replace github.com/opencontainers/runc => github.com/opencontainers/runc v1.0.3
-
-// Addresses https://github.com/advisories/GHSA-crp2-qrr5-8pq7,
-// https://github.com/advisories/GHSA-5ffw-gxpp-mxpf
-replace github.com/containerd/containerd => github.com/containerd/containerd v1.6.6
-
-// Addresses https://github.com/advisories/GHSA-qq97-vm5h-rrhg
-replace github.com/docker/distribution => github.com/docker/distribution v2.8.1+incompatible
+// Addresses https://github.com/linkerd/linkerd2/security/dependabot/37
+// (CVE-2022-23471)
+replace github.com/containerd/containerd => github.com/containerd/containerd v1.6.14