Bump dependencies to address govulncheck reported vulnerabilities #248

nywilken · 2024-06-14T09:44:18Z

Bump google.golang.org/[email protected]
Bump github.com/hashicorp/vault/[email protected]

``` ~> govulncheck ./... === Symbol Results === Vulnerability #1: GO-2024-2611 Infinite loop in JSON unmarshaling in google.golang.org/protobuf More info: https://pkg.go.dev/vuln/GO-2024-2611 Module: google.golang.org/protobuf Found in: google.golang.org/[email protected] Fixed in: google.golang.org/[email protected] Example traces found: #1: sdk-internals/communicator/winrm/communicator.go:238:22: winrm.Base64Pipe.ReadFrom calls io.ReadAll, which eventually calls json.Decoder.Peek #2: sdk-internals/communicator/winrm/communicator.go:238:22: winrm.Base64Pipe.ReadFrom calls io.ReadAll, which eventually calls json.Decoder.Read #3: sdk-internals/communicator/winrm/communicator.go:238:22: winrm.Base64Pipe.ReadFrom calls io.ReadAll, which eventually calls protojson.Unmarshal ```

nywilken added the dependencies Pull requests that update a dependency file label Jun 14, 2024

nywilken requested a review from a team as a code owner June 14, 2024 09:44

nywilken changed the title ~~bump/vault api~~ Bump dependencies to address govulncheck reported vulnerabilities Jun 14, 2024

nywilken force-pushed the bump/vault-api branch from eabd030 to cfeb6ff Compare June 14, 2024 09:48

nywilken force-pushed the bump/vault-api branch from cfeb6ff to 8275bfc Compare June 14, 2024 19:09

JenGoldstrich approved these changes Jun 14, 2024

View reviewed changes

nywilken merged commit da5ece9 into main Jun 14, 2024
9 checks passed

nywilken deleted the bump/vault-api branch June 14, 2024 19:26

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump dependencies to address govulncheck reported vulnerabilities #248

Bump dependencies to address govulncheck reported vulnerabilities #248

nywilken commented Jun 14, 2024

Bump dependencies to address govulncheck reported vulnerabilities #248

Bump dependencies to address govulncheck reported vulnerabilities #248

Conversation

nywilken commented Jun 14, 2024