Skip to content

Update packages listed by govuncheck #7415

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jjngx merged 3 commits into from
Feb 27, 2025
Merged

Update packages listed by govuncheck #7415

jjngx merged 3 commits into from
Feb 27, 2025

Conversation

@jjngx
Copy link
Contributor

@jjngx jjngx commented Feb 27, 2025
edited
Loading

Proposed changes

Update two indirect dependencies to make govulncheck happy.

Scan:

govulncheck -show verbose ./...
Fetching vulnerabilities from the database...

Checking the code against the vulnerabilities...

...

=== Symbol Results ===

No vulnerabilities found.

=== Package Results ===

No other vulnerabilities found.

=== Module Results ===

Vulnerability #1: GO-2025-3488
    Unexpected memory consumption during token parsing in golang.org/x/oauth2
  More info: https://pkg.go.dev/vuln/GO-2025-3488
  Module: golang.org/x/oauth2
    Found in: golang.org/x/[email protected]
    Fixed in: golang.org/x/[email protected]

Vulnerability #2: GO-2025-3487
    Potential denial of service in golang.org/x/crypto
  More info: https://pkg.go.dev/vuln/GO-2025-3487
  Module: golang.org/x/crypto
    Found in: golang.org/x/[email protected]
    Fixed in: golang.org/x/[email protected]

Your code is affected by 0 vulnerabilities.
This scan also found 0 vulnerabilities in packages you import and 2
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.

Update:

➜  kubernetes-ingress git:(main) go get -u golang.org/x/[email protected]
go: upgraded golang.org/x/oauth2 v0.25.0 => v0.27.0
➜  kubernetes-ingress git:(main) ✗ go get golang.org/x/[email protected]
go: upgraded golang.org/x/crypto v0.32.0 => v0.35.0
go: upgraded golang.org/x/sync v0.10.0 => v0.11.0
go: upgraded golang.org/x/sys v0.29.0 => v0.30.0
go: upgraded golang.org/x/term v0.28.0 => v0.29.0
go: upgraded golang.org/x/text v0.21.0 => v0.22.0

After:

govulncheck ./...
No vulnerabilities found.

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto main
  • I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

@github-actions github-actions bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Feb 27, 2025
@codecov
Copy link

codecov bot commented Feb 27, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 53.10%. Comparing base (46fcf92) to head (cc28464).
Report is 2 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #7415   +/-   ##
=======================================
  Coverage   53.10%   53.10%           
=======================================
  Files          89       89           
  Lines       21074    21074           
=======================================
  Hits        11192    11192           
  Misses       9419     9419           
  Partials      463      463

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@jjngx jjngx marked this pull request as ready for review February 27, 2025 12:58
@jjngx jjngx requested a review from a team as a code owner February 27, 2025 12:58
@jjngx jjngx merged commit 67ea414 into main Feb 27, 2025
82 checks passed
@jjngx jjngx deleted the chore/go-pkg-update branch February 27, 2025 15:08
nginx-bot pushed a commit that referenced this pull request Feb 27, 2025
@jjngx @web-flow
Update packages listed by govuncheck (#7415)
a88b783
jjngx added a commit that referenced this pull request Feb 28, 2025
@jjngx
Update packages listed by govuncheck (#7415)
410fb1d
jjngx added a commit that referenced this pull request Feb 28, 2025
@jjngx
Cherry-pick updated packages (#7424)
bd1e834 
Update packages listed by govuncheck (#7415)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vepatel vepatel vepatel approved these changes

@pdabelf5 pdabelf5 pdabelf5 approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jjngx @vepatel @pdabelf5