Skip to content

Bump dependencies to address govulncheck reported vulnerabilities #248

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nywilken merged 1 commit into from
Jun 14, 2024
Merged

Bump dependencies to address govulncheck reported vulnerabilities #248

nywilken merged 1 commit into from
Jun 14, 2024

Conversation

@nywilken
Copy link
Contributor

@nywilken nywilken commented Jun 14, 2024

@nywilken nywilken added the dependencies Pull requests that update a dependency file label Jun 14, 2024
@nywilken nywilken requested a review from a team as a code owner June 14, 2024 09:44
@nywilken nywilken changed the title bump/vault api Bump dependencies to address govulncheck reported vulnerabilities Jun 14, 2024
Bump google.golang.org/[email protected]
8275bfc 
```
~>  govulncheck ./...
=== Symbol Results ===

Vulnerability #1: GO-2024-2611
    Infinite loop in JSON unmarshaling in google.golang.org/protobuf
  More info: https://pkg.go.dev/vuln/GO-2024-2611
  Module: google.golang.org/protobuf
    Found in: google.golang.org/[email protected]
    Fixed in: google.golang.org/[email protected]
    Example traces found:
      #1: sdk-internals/communicator/winrm/communicator.go:238:22: winrm.Base64Pipe.ReadFrom calls io.ReadAll, which eventually calls json.Decoder.Peek
      #2: sdk-internals/communicator/winrm/communicator.go:238:22: winrm.Base64Pipe.ReadFrom calls io.ReadAll, which eventually calls json.Decoder.Read
      #3: sdk-internals/communicator/winrm/communicator.go:238:22: winrm.Base64Pipe.ReadFrom calls io.ReadAll, which eventually calls protojson.Unmarshal
```
@nywilken nywilken merged commit da5ece9 into main Jun 14, 2024
@nywilken nywilken deleted the bump/vault-api branch June 14, 2024 19:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@JenGoldstrich JenGoldstrich JenGoldstrich approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nywilken @JenGoldstrich