Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump go packages to fix vuln CVE-2024-8421 #2314

Merged
merged 2 commits into from
Sep 11, 2024
Merged

Bump go packages to fix vuln CVE-2024-8421 #2314

merged 2 commits into from
Sep 11, 2024

Commits on Sep 5, 2024

  1. Bump go packages to fix vuln CWE-400 

    `golang.org/x/net` is the one with the vuln CWE-400 bumped  from `v0.26.0` to `v0.29.0`.

Other packages update is just to keep dependency tree in sync.

Vuln consist of golang.org/x/net is subject to Denial of Service (DoS), more details here
https://ossindex.sonatype.org/vulnerability/CVE-2024-8421?component-type=golang&component-name=golang.org%2Fx%2Fnet&utm_source=nancy-client&utm_medium=integration&utm_content=1.0.46

Signed-off-by: pjuarezd <pjuarezd@users.noreply.github.com>
    @pjuarezd
    pjuarezd committed Sep 5, 2024
    Configuration menu
    Copy the full SHA
    98c0938 View commit details
    Browse the repository at this point in the history

Commits on Sep 10, 2024

  1. ignore CVE-2024-8421

    @pjuarezd
    pjuarezd committed Sep 10, 2024
    Configuration menu
    Copy the full SHA
    7394af5 View commit details
    Browse the repository at this point in the history