go.mod: Upgrade go-licenses to tip

There's an open CVE on a transitive dependency from the license-checker code. This change upgrades go-licenses to avoid the dependency. https://github.com/cockroachdb/field-eng-powertools/security/dependabot/1 https://github.com/cockroachdb/field-eng-powertools/security/dependabot/2
cockroachdb · May 28, 2024 · acce7e7 · acce7e7
1 parent ad759f3
commit acce7e7
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 674 deletions.
diff --git a/.github/workflows/go-tests.yaml b/.github/workflows/go-tests.yaml
@@ -63,7 +63,7 @@ jobs:
       # through the licenses subcommand.
       - name: License Checks
         if: ${{ !cancelled() }}
-        run: go run github.com/google/go-licenses check .
+        run: go run github.com/google/go-licenses check ./...
 
   tests:
     name: Go Tests

diff --git a/go.mod b/go.mod
@@ -5,7 +5,7 @@ go 1.22.1
 require (
 	github.com/cockroachdb/crlfmt v0.1.0
 	github.com/google/addlicense v1.1.1
-	github.com/google/go-licenses v1.6.0
+	github.com/google/go-licenses v1.6.1-0.20230903011517-706b9c60edd4
 	github.com/stretchr/testify v1.9.0
 	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
 	golang.org/x/tools v0.21.0
@@ -14,37 +14,26 @@ require (
 
 require (
 	github.com/BurntSushi/toml v1.4.0 // indirect
-	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/bmatcuk/doublestar/v4 v4.6.1 // indirect
 	github.com/cockroachdb/gostdlib v1.19.0 // indirect
 	github.com/cockroachdb/ttycolor v0.0.0-20210902133924-c7d7dcdde4e8 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/google/licenseclassifier v0.0.0-20221004142553-c1ed8fcf4bab // indirect
+	github.com/google/licenseclassifier/v2 v2.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
-	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/otiai10/copy v1.14.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/sergi/go-diff v1.3.1 // indirect
 	github.com/spf13/cobra v1.8.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/src-d/gcfg v1.4.0 // indirect
-	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	golang.org/x/crypto v0.23.0 // indirect
 	golang.org/x/exp/typeparams v0.0.0-20240525044651-4c93da0ed11d // indirect
 	golang.org/x/mod v0.17.0 // indirect
 	golang.org/x/net v0.25.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
 	golang.org/x/sys v0.20.0 // indirect
 	golang.org/x/text v0.15.0 // indirect
-	gopkg.in/src-d/go-billy.v4 v4.3.2 // indirect
-	gopkg.in/src-d/go-git.v4 v4.13.1 // indirect
-	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/klog/v2 v2.120.1 // indirect
 )