Skip to content

vendor: update some dependencies #639

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

vendor: update some dependencies #639

wants to merge 3 commits into from

Conversation

@thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented Jan 16, 2024

vendor: github.com/sirupsen/logrus v1.9.3

  • Fix a potential denial of service vulnerability in logrus.Writer() that could
    be triggered by logging text longer than 64kb without newline.
  • Fix panic in Writer

full diff: sirupsen/logrus@v1.9.0...v1.9.3

vendor: golang.org/x/crypto v0.17.0

update to address GO-2023-2402 / CVE-2023-48795

full diff: golang/crypto@v0.9.0...v0.17.0

vendor: golang.org/x/net v0.17.0

update to address GO-2023-2102 / CVE-2023-39325

vendor: github.com/labstack/echo v4.11.4

  • Upgrade golang.org/x/crypto to v0.17.0 to fix vulnerability
  • Update deps and mark Go version to 1.18 as this is what golang.org/x/* use
  • Request logger: add example for Slog

full diff: labstack/echo@v4.10.2...v4.11.4

@thaJeztah
vendor: github.com/sirupsen/logrus v1.9.3
4a251be 
- Fix a potential denial of service vulnerability in logrus.Writer() that could
  be triggered by logging text longer than 64kb without newline.
- Fix panic in Writer

full diff: sirupsen/logrus@v1.9.0...v1.9.3

Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
vendor: golang.org/x/crypto v0.17.0
5a0bc85 
update to address [GO-2023-2402] / [CVE-2023-48795]

full diff: golang/crypto@v0.9.0...v0.17.0

[GO-2023-2402]: https://pkg.go.dev/vuln/GO-2023-2402
[CVE-2023-48795]: https://www.cve.org/CVERecord?id=CVE-2023-48795

Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
vendor: golang.org/x/net v0.17.0
bb270e6 
update to address [GO-2023-2102] / [CVE-2023-39325]

[GO-2023-2102]: https://pkg.go.dev/vuln/GO-2023-2102
[CVE-2023-39325]: https://www.cve.org/CVERecord?id=CVE-2023-39325

Signed-off-by: Sebastiaan van Stijn <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@thaJeztah