Skip to content

Fix dependabot reported security vulnerabilities#419

Merged
mithilarun merged 1 commit intomasterfrom
private/mithil/vulns
Jul 29, 2025
Merged

Fix dependabot reported security vulnerabilities#419
mithilarun merged 1 commit intomasterfrom
private/mithil/vulns

Conversation

@mithilarun
Copy link

@mithilarun mithilarun commented Jul 28, 2025
edited by bito-code-review bot
Loading

ISSUE(S):

https://platform9.atlassian.net/browse/PCD-2795

TESTING DONE

Automated

) make test
go test -v ./...
?       github.com/platform9/pf9ctl     [no test files]
?       github.com/platform9/pf9ctl/cmd [no test files]
?       github.com/platform9/pf9ctl/pkg/client  [no test files]
=== RUN   TestAmazonPermissions
--- PASS: TestAmazonPermissions (0.00s)
=== RUN   TestAzureRole
--- PASS: TestAzureRole (0.00s)
=== RUN   TestGoogleRoles
--- PASS: TestGoogleRoles (0.00s)
PASS
ok      github.com/platform9/pf9ctl/pkg/cloud_providers (cached)
?       github.com/platform9/pf9ctl/pkg/color   [no test files]
=== RUN   TestGetExecutor
--- PASS: TestGetExecutor (0.00s)
PASS
ok      github.com/platform9/pf9ctl/pkg/cmdexec (cached)
?       github.com/platform9/pf9ctl/pkg/config  [no test files]
=== RUN   TestGetServiceID
--- PASS: TestGetServiceID (0.00s)
=== RUN   TestGetEndpointForRegion
--- PASS: TestGetEndpointForRegion (0.00s)
PASS
ok      github.com/platform9/pf9ctl/pkg/keystone        (cached)
?       github.com/platform9/pf9ctl/pkg/log     [no test files]
?       github.com/platform9/pf9ctl/pkg/objects [no test files]
?       github.com/platform9/pf9ctl/pkg/platform        [no test files]
=== RUN   TestCPU
=== RUN   TestCPU/CheckPass
=== RUN   TestCPU/CheckFail
--- PASS: TestCPU (0.00s)
    --- PASS: TestCPU/CheckPass (0.00s)
    --- PASS: TestCPU/CheckFail (0.00s)
=== RUN   TestRAM
=== RUN   TestRAM/CheckPass
=== RUN   TestRAM/CheckFail
--- PASS: TestRAM (0.00s)
    --- PASS: TestRAM/CheckPass (0.00s)
    --- PASS: TestRAM/CheckFail (0.00s)
=== RUN   TestDisk
=== RUN   TestDisk/CheckPass
=== RUN   TestDisk/CheckFail
--- PASS: TestDisk (0.00s)
    --- PASS: TestDisk/CheckPass (0.00s)
    --- PASS: TestDisk/CheckFail (0.00s)
=== RUN   TestSudo
=== RUN   TestSudo/CheckPass
=== RUN   TestSudo/CheckFail
--- PASS: TestSudo (0.00s)
    --- PASS: TestSudo/CheckPass (0.00s)
    --- PASS: TestSudo/CheckFail (0.00s)
=== RUN   TestPort
=== RUN   TestPort/CheckPass
=== RUN   TestPort/CheckFail
--- PASS: TestPort (0.00s)
    --- PASS: TestPort/CheckPass (0.00s)
    --- PASS: TestPort/CheckFail (0.00s)
=== RUN   TestExistingInstallation
=== RUN   TestExistingInstallation/CheckPass
=== RUN   TestExistingInstallation/CheckFail
--- PASS: TestExistingInstallation (0.00s)
    --- PASS: TestExistingInstallation/CheckPass (0.00s)
    --- PASS: TestExistingInstallation/CheckFail (0.00s)
=== RUN   TestOSPackages
=== RUN   TestOSPackages/CheckPass
=== RUN   TestOSPackages/CheckFail
--- PASS: TestOSPackages (0.00s)
    --- PASS: TestOSPackages/CheckPass (0.00s)
    --- PASS: TestOSPackages/CheckFail (0.00s)
=== RUN   TestRemovePyCli
=== RUN   TestRemovePyCli/CheckPass
=== RUN   TestRemovePyCli/CheckFail
--- PASS: TestRemovePyCli (0.00s)
    --- PASS: TestRemovePyCli/CheckPass (0.00s)
    --- PASS: TestRemovePyCli/CheckFail (0.00s)
=== RUN   TestCheckKubernetesCluster
=== RUN   TestCheckKubernetesCluster/CheckPass
=== RUN   TestCheckKubernetesCluster/CheckFail
--- PASS: TestCheckKubernetesCluster (0.00s)
    --- PASS: TestCheckKubernetesCluster/CheckPass (0.00s)
    --- PASS: TestCheckKubernetesCluster/CheckFail (0.00s)
=== RUN   TestCheckDocker
=== RUN   TestCheckDocker/CheckPass
=== RUN   TestCheckDocker/CheckFail
--- PASS: TestCheckDocker (0.00s)
    --- PASS: TestCheckDocker/CheckPass (0.00s)
    --- PASS: TestCheckDocker/CheckFail (0.00s)
=== RUN   TestDisableSwap
=== RUN   TestDisableSwap/CheckPass
=== RUN   TestDisableSwap/CheckFail
--- PASS: TestDisableSwap (0.00s)
    --- PASS: TestDisableSwap/CheckPass (0.00s)
    --- PASS: TestDisableSwap/CheckFail (0.00s)
=== RUN   TestPIDofSystemdCheck
=== RUN   TestPIDofSystemdCheck/CheckPass
=== RUN   TestPIDofSystemdCheck/CheckFail
--- PASS: TestPIDofSystemdCheck (0.00s)
    --- PASS: TestPIDofSystemdCheck/CheckPass (0.00s)
    --- PASS: TestPIDofSystemdCheck/CheckFail (0.00s)
=== RUN   TestCheckFirewalldService
=== RUN   TestCheckFirewalldService/CheckFail
=== RUN   TestCheckFirewalldService/CheckPass
--- PASS: TestCheckFirewalldService (0.00s)
    --- PASS: TestCheckFirewalldService/CheckFail (0.00s)
    --- PASS: TestCheckFirewalldService/CheckPass (0.00s)
PASS
ok      github.com/platform9/pf9ctl/pkg/platform/centos (cached)
=== RUN   TestCPU
=== RUN   TestCPU/CheckPass
=== RUN   TestCPU/CheckFail
--- PASS: TestCPU (0.00s)
    --- PASS: TestCPU/CheckPass (0.00s)
    --- PASS: TestCPU/CheckFail (0.00s)
=== RUN   TestRAM
=== RUN   TestRAM/CheckPass
=== RUN   TestRAM/CheckFail
--- PASS: TestRAM (0.00s)
    --- PASS: TestRAM/CheckPass (0.00s)
    --- PASS: TestRAM/CheckFail (0.00s)
=== RUN   TestSudo
=== RUN   TestSudo/CheckPass
=== RUN   TestSudo/CheckFail
--- PASS: TestSudo (0.00s)
    --- PASS: TestSudo/CheckPass (0.00s)
    --- PASS: TestSudo/CheckFail (0.00s)
=== RUN   TestPort
=== RUN   TestPort/CheckPass
=== RUN   TestPort/CheckFail
--- PASS: TestPort (0.00s)
    --- PASS: TestPort/CheckPass (0.00s)
    --- PASS: TestPort/CheckFail (0.00s)
=== RUN   TestDisk
=== RUN   TestDisk/CheckPass
=== RUN   TestDisk/CheckFail
--- PASS: TestDisk (0.00s)
    --- PASS: TestDisk/CheckPass (0.00s)
    --- PASS: TestDisk/CheckFail (0.00s)
=== RUN   TestExistingInstallation                                                                                                                                20:18:36 [37/9577]
=== RUN   TestExistingInstallation/CheckPass
=== RUN   TestExistingInstallation/CheckFail
--- PASS: TestExistingInstallation (0.00s)
    --- PASS: TestExistingInstallation/CheckPass (0.00s)
    --- PASS: TestExistingInstallation/CheckFail (0.00s)
=== RUN   TestOSPackages
=== RUN   TestOSPackages/CheckPass
=== RUN   TestOSPackages/CheckFail
--- PASS: TestOSPackages (0.00s)
    --- PASS: TestOSPackages/CheckPass (0.00s)
    --- PASS: TestOSPackages/CheckFail (0.00s)
=== RUN   TestRemovePyCli
=== RUN   TestRemovePyCli/CheckPass
=== RUN   TestRemovePyCli/CheckFail
--- PASS: TestRemovePyCli (0.00s)
    --- PASS: TestRemovePyCli/CheckPass (0.00s)
    --- PASS: TestRemovePyCli/CheckFail (0.00s)
=== RUN   TestCheckKubernetesCluster
=== RUN   TestCheckKubernetesCluster/CheckFail
=== RUN   TestCheckKubernetesCluster/CheckPass
--- PASS: TestCheckKubernetesCluster (0.00s)
    --- PASS: TestCheckKubernetesCluster/CheckFail (0.00s)
    --- PASS: TestCheckKubernetesCluster/CheckPass (0.00s)
=== RUN   TestCheckDocker
=== RUN   TestCheckDocker/CheckPass
=== RUN   TestCheckDocker/CheckFail
--- PASS: TestCheckDocker (0.00s)
    --- PASS: TestCheckDocker/CheckPass (0.00s)
    --- PASS: TestCheckDocker/CheckFail (0.00s)
=== RUN   TestDisableSwap
=== RUN   TestDisableSwap/CheckPass
=== RUN   TestDisableSwap/CheckFail
--- PASS: TestDisableSwap (0.00s)
    --- PASS: TestDisableSwap/CheckPass (0.00s)
    --- PASS: TestDisableSwap/CheckFail (0.00s)
=== RUN   TestDpkgLockCheck
=== RUN   TestDpkgLockCheck/CheckPass
=== RUN   TestDpkgLockCheck/CheckFail
--- PASS: TestDpkgLockCheck (0.00s)
    --- PASS: TestDpkgLockCheck/CheckPass (0.00s)
    --- PASS: TestDpkgLockCheck/CheckFail (0.00s)
=== RUN   TestAptLockCheck
=== RUN   TestAptLockCheck/CheckPass
=== RUN   TestAptLockCheck/CheckFail
--- PASS: TestAptLockCheck (0.00s)
    --- PASS: TestAptLockCheck/CheckPass (0.00s)
    --- PASS: TestAptLockCheck/CheckFail (0.00s)
=== RUN   TestPIDofSystemdCheck
=== RUN   TestPIDofSystemdCheck/CheckPass
=== RUN   TestPIDofSystemdCheck/CheckFail
--- PASS: TestPIDofSystemdCheck (0.00s)
    --- PASS: TestPIDofSystemdCheck/CheckPass (0.00s)
    --- PASS: TestPIDofSystemdCheck/CheckFail (0.00s)
=== RUN   TestCheckFirewalldService
=== RUN   TestCheckFirewalldService/CheckPass
=== RUN   TestCheckFirewalldService/CheckFail
--- PASS: TestCheckFirewalldService (0.00s)
    --- PASS: TestCheckFirewalldService/CheckPass (0.00s)
    --- PASS: TestCheckFirewalldService/CheckFail (0.00s)
PASS
ok      github.com/platform9/pf9ctl/pkg/platform/debian (cached)
?       github.com/platform9/pf9ctl/pkg/qbert   [no test files]
?       github.com/platform9/pf9ctl/pkg/ssh     [no test files]
=== RUN   TestNewClient
=== RUN   TestNewClient/CheckPass
--- PASS: TestNewClient (0.00s)
    --- PASS: TestNewClient/CheckPass (0.00s)
=== RUN   TestOpenOSReleaseFile
=== RUN   TestOpenOSReleaseFile/CheckFail
=== RUN   TestOpenOSReleaseFile/CheckPass
--- PASS: TestOpenOSReleaseFile (0.00s)
    --- PASS: TestOpenOSReleaseFile/CheckFail (0.00s)
    --- PASS: TestOpenOSReleaseFile/CheckPass (0.00s)
=== RUN   TestGetHostIDFromConf
=== RUN   TestGetHostIDFromConf/Success
=== RUN   TestGetHostIDFromConf/ErrorGrep
=== RUN   TestGetHostIDFromConf/EmptyOutput
=== RUN   TestGetHostIDFromConf/InvalidFormat
=== RUN   TestGetHostIDFromConf/NoValue
--- PASS: TestGetHostIDFromConf (0.00s)
    --- PASS: TestGetHostIDFromConf/Success (0.00s)
    --- PASS: TestGetHostIDFromConf/ErrorGrep (0.00s)
    --- PASS: TestGetHostIDFromConf/EmptyOutput (0.00s)
    --- PASS: TestGetHostIDFromConf/InvalidFormat (0.00s)
    --- PASS: TestGetHostIDFromConf/NoValue (0.00s)
PASS
ok      github.com/platform9/pf9ctl/pkg/pmk     (cached)
?       github.com/platform9/pf9ctl/pkg/test_utils      [no test files]
?       github.com/platform9/pf9ctl/pkg/util    [no test files]
=== RUN   TestRetryHTTP
Send the request now--- PASS: TestRetryHTTP (0.16s)
PASS
ok      github.com/platform9/pf9ctl/pkg/resmgr  (cached)
=== RUN   TestFsTabEdit
=== RUN   TestFsTabEdit/CheckFail
=== RUN   TestFsTabEdit/CheckPass
--- PASS: TestFsTabEdit (0.00s)
    --- PASS: TestFsTabEdit/CheckFail (0.00s)
    --- PASS: TestFsTabEdit/CheckPass (0.00s)
=== RUN   TestSwapOff
=== RUN   TestSwapOff/CheckPass
=== RUN   TestSwapOff/CheckFail
--- PASS: TestSwapOff (0.00s)
    --- PASS: TestSwapOff/CheckPass (0.00s)
    --- PASS: TestSwapOff/CheckFail (0.00s)
PASS
ok      github.com/platform9/pf9ctl/pkg/swapoff (cached)

Summary by Bito

This pull request updates dependency versions in go.mod to address security vulnerabilities reported by dependabot. Changes include upgrading the Go toolchain version and various direct and indirect dependencies such as Azure SDK packages and JWT libraries to mitigate security risks while maintaining stability.

@bito-code-review
Copy link
Contributor

bito-code-review bot commented Jul 28, 2025
edited
Loading

Code Review Agent Run #4786f8

Actionable Suggestions - 0
Security Concerns - 2
  • Vulnerability 1
    • Dependency Name: github.com/aws/aws-sdk-go
    • Dependency Version: None
    • Vulnerability Name: GO-2022-0635
    • Vulnerability Description: Vulnerability in AWS S3 Crypto SDK for GoLang versions prior to V2 allows attackers with write access to change encryption algorithms, potentially revealing authentication keys.
    • Fixed in Version: V2
    • Code Suggestion: 
      
@@ -1,1 +1,1 @@
- github.com/aws/aws-sdk-go vX.X.X
+ github.com/aws/aws-sdk-go/v2 vX.X.X
  • Vulnerability 2
    • Dependency Name: github.com/aws/aws-sdk-go
    • Dependency Version: None
    • Vulnerability Name: GO-2022-0646
    • Vulnerability Description: Padding oracle vulnerability in AWS S3 Crypto SDK for GoLang versions prior to V2 allows attackers to reconstruct plaintext when they have write access to S3 bucket.
    • Fixed in Version: V2
    • Code Suggestion: 
      
@@ -1,1 +1,1 @@
- github.com/aws/aws-sdk-go vX.X.X
+ github.com/aws/aws-sdk-go/v2 vX.X.X
Review Details
  • Files reviewed - 1 · Commit Range: a098b15..a098b15
    • go.mod
  • Files skipped - 1
    • go.sum - Reason: Filter setting
  • Tools
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful
    • GOVULNCHECK (Security Vulnerability) - ✔︎ Successful
    • SNYK (Security Vulnerability) - ✔︎ Successful
    • OWASP (Security Vulnerability) - ✔︎ Successful
Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

  • /review - Manually triggers a full AI review.

  • /pause - Pauses automatic reviews on this pull request.

  • /resume - Resumes automatic reviews.

  • /resolve - Marks all Bito-posted review comments as resolved.

  • /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Default Agent You can customize the agent settings here or contact your Bito workspace admin at mithil@platform9.com.

Documentation & Help

AI Code Review powered by Bito Logo

@bito-code-review
Copy link
Contributor

bito-code-review bot commented Jul 28, 2025

Changelist by Bito

This pull request implements the following key changes.

Key Change Files Impacted
Bug Fix - Security Dependency Updates

go.mod - Upgraded the Go toolchain and multiple dependency versions in go.mod to fix reported security vulnerabilities.

@mithilarun mithilarun merged commit 26fd979 into master Jul 29, 2025
8 checks passed
@mithilarun mithilarun deleted the private/mithil/vulns branch July 29, 2025 18:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AnirudhPokala AnirudhPokala AnirudhPokala approved these changes

@coderchirag-pf9 coderchirag-pf9 coderchirag-pf9 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mithilarun @AnirudhPokala @coderchirag-pf9