Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: bumps libraries to solve issues #545

Merged
merged 2 commits into from
Jan 17, 2025
Merged

fix: bumps libraries to solve issues #545

merged 2 commits into from
Jan 17, 2025

Conversation

luispresuelVenafi
Copy link
Contributor

bumps libraries to solve:

Common Vulnerabilities and Exposures:

CVE-2024-45337

Other Vulnerabilities in Go database:

=== Package Results ===

Vulnerability #1: GO-2024-3321
    Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in
    golang.org/x/crypto
  More info: https://pkg.go.dev/vuln/GO-2024-3321
  Module: golang.org/x/crypto
    Found in: golang.org/x/[email protected]
    Fixed in: golang.org/x/[email protected]

=== Module Results ===

Vulnerability #1: GO-2024-3333
    Non-linear parsing of case-insensitive content in golang.org/x/net/html
  More info: https://pkg.go.dev/vuln/GO-2024-3333
  Module: golang.org/x/net
    Found in: golang.org/x/[email protected]
    Fixed in: golang.org/x/[email protected]

Vulnerability #2: GO-2024-2920
    Denial of service vulnerability via the parseDirectives function in
    github.com/vektah/gqlparser
  More info: https://pkg.go.dev/vuln/GO-2024-2920
  Module: github.com/vektah/gqlparser/v2
    Found in: github.com/vektah/gqlparser/[email protected]
    Fixed in: github.com/vektah/gqlparser/[email protected]

closes VC-38150

marcos-albornoz
marcos-albornoz approved these changes Jan 17, 2025
View reviewed changes
Copy link
Contributor

@marcos-albornoz marcos-albornoz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving but I think the update on the testify lib is not required for this purpose

@luispresuelVenafi luispresuelVenafi merged commit 5438100 into master Jan 17, 2025
3 checks passed
@luispresuelVenafi luispresuelVenafi deleted the bump-fix branch January 17, 2025 15:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@angelmoo angelmoo angelmoo approved these changes

@marcos-albornoz marcos-albornoz marcos-albornoz approved these changes

@EduardoVV EduardoVV Awaiting requested review from EduardoVV

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@luispresuelVenafi @angelmoo @marcos-albornoz