Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updated dependencies to fix govulncheck #24

Merged
merged 1 commit into from
Oct 16, 2023
Merged

Updated dependencies to fix govulncheck #24

merged 1 commit into from
Oct 16, 2023

Conversation

applejag
Copy link
Member

Changes:

  • Ran go get -u
  • Updated version in go.mod from 1.21.1 to 1.21.3

Fixes the following vulnerabilities:

$ govulncheck ./...
Using go1.21.1 and [email protected] with vulnerability data from https://vuln.go.dev (last modified 2023-10-12 16:23:05 +0000 UTC).

Scanning your code and 313 packages across 47 dependent modules for known vulnerabilities...

Vulnerability #1: GO-2023-2102
    HTTP/2 rapid reset can cause excessive work in net/http
  More info: https://pkg.go.dev/vuln/GO-2023-2102
  Module: golang.org/x/net
    Found in: golang.org/x/[email protected]
    Fixed in: golang.org/x/[email protected]
    Example traces found:
      #1: pkg/server/server.go:163:21: server.HTTPServer.Serve calls gin.Engine.Run, which eventually calls http2.Server.ServeConn

  Standard library
    Found in: net/[email protected]
    Fixed in: net/[email protected]
    Example traces found:
      #1: pkg/server/server.go:163:21: server.HTTPServer.Serve calls gin.Engine.Run, which calls http.ListenAndServe

Your code is affected by 1 vulnerability from 1 module and the Go standard library.

Share feedback at https://go.dev/s/govulncheck-feedback.

@applejag applejag requested a review from a team as a code owner October 16, 2023 09:45
@applejag applejag added the enhancement New feature or request label Oct 16, 2023
@applejag applejag requested review from jadolg and nicmr and removed request for a team October 16, 2023 09:45
@applejag applejag self-assigned this Oct 16, 2023
@applejag applejag merged commit 229540c into main Oct 16, 2023
4 checks passed
@applejag applejag deleted the feature/govulncheck-2023-10-16 branch October 16, 2023 15:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicmr nicmr nicmr approved these changes

@jadolg jadolg Awaiting requested review from jadolg jadolg is a code owner automatically assigned from RiskIdent/platform

Assignees

@applejag applejag

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@applejag @nicmr