Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Features/CVE fix 20240829 #295

Open
wants to merge 10 commits into
base: release/1.2.11
Choose a base branch
from

Conversation

yusheng-guo
Copy link

@yusheng-guo yusheng-guo commented Aug 30, 2024

What type of PR is this?
PR类型是什么?

/kind bug
/kind cleanup

What this PR does / why we need it:
这个PR解决了什么问题:

cve

Does this PR introduce a breaking change?:
PR带来的破坏性变更:

Update dependencies.

Test/Final result:
测试/最终运行结果:

$ govulncheck -show verbose ./...
Scanning your code and 759 packages across 105 dependent modules for known vulnerabilities...

Fetching vulnerabilities from the database...

Checking the code against the vulnerabilities...

=== Symbol Results ===

No vulnerabilities found.

=== Package Results ===

No other vulnerabilities found.

=== Module Results ===

Vulnerability #1: GO-2022-0646
    Use of risky cryptographic algorithm in github.com/aws/aws-sdk-go
  More info: https://pkg.go.dev/vuln/GO-2022-0646
  Module: github.com/aws/aws-sdk-go
    Found in: github.com/aws/aws-sdk-go@v1.55.5
    Fixed in: N/A

Your code is affected by 0 vulnerabilities.
This scan also found 0 vulnerabilities in packages you import and 1
vulnerability in modules you require, but your code doesn't appear to call these
vulnerabilities.

yusheng-guo and others added 10 commits August 30, 2024 10:23
Bumps [github.com/influxdata/influxdb](https://github.com/influxdata/influxdb) from 1.8.0 to 1.11.6.
- [Release notes](https://github.com/influxdata/influxdb/releases)
- [Commits](influxdata/influxdb@1.8.0...v1.11.6)

---
updated-dependencies:
- dependency-name: github.com/influxdata/influxdb
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…/cve-fix-20240829/github.com/influxdata/influxdb-1.11.6
…/client with v2

The Go client library now has a "v2" version, with the old version being deprecated. The new version can be imported at import "github.com/influxdata/influxdb/client/v2". It is not backwards-compatible.

BREAKING CHANGE:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant