Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): security update #12978

Open
wants to merge 1 commit into
base: release-2.7
Choose a base branch
from
Open

chore(deps): security update #12978

wants to merge 1 commit into from
+1 −3

Conversation

kumahq[bot]
Copy link
Contributor

@kumahq kumahq bot commented Feb 28, 2025

Scan output:

Before update:

OSV URL CVSS ECOSYSTEM PACKAGE VERSION SOURCE
https://osv.dev/GO-2024-3105 Go stdlib 1.23.0 go.mod
https://osv.dev/GO-2024-3106 Go stdlib 1.23.0 go.mod
https://osv.dev/GO-2024-3107 Go stdlib 1.23.0 go.mod
https://osv.dev/GO-2025-3373 Go stdlib 1.23.0 go.mod
https://osv.dev/GO-2025-3420 Go stdlib 1.23.0 go.mod
https://osv.dev/GO-2025-3447 Go stdlib 1.23.0 go.mod
------------------------------ ------ ----------- --------------------------- --------- --------
Uncalled vulnerabilities
------------------------------ ------ ----------- --------------------------- --------- --------
https://osv.dev/GO-2022-0635 Go github.com/aws/aws-sdk-go 1.49.6 go.mod
https://osv.dev/GO-2022-0646 Go github.com/aws/aws-sdk-go 1.49.6 go.mod

After update:

OSV URL CVSS ECOSYSTEM PACKAGE VERSION SOURCE
Uncalled vulnerabilities
------------------------------ ------ ----------- --------------------------- --------- --------
https://osv.dev/GO-2022-0635 Go github.com/aws/aws-sdk-go 1.49.6 go.mod
https://osv.dev/GO-2022-0646 Go github.com/aws/aws-sdk-go 1.49.6 go.mod

If a package is showing up in the scan but the script is not trying to update it then it might be because there is no fixed version yet.

@kumahq kumahq bot requested a review from a team as a code owner February 28, 2025 03:19
@kumahq kumahq bot added dependencies Pull requests that update a dependency file release-2.7 labels Feb 28, 2025
@kumahq kumahq bot requested review from slonka and Automaat February 28, 2025 03:19
Icarus9913
Icarus9913 requested changes Feb 28, 2025
View reviewed changes
Copy link
Contributor

@Icarus9913 Icarus9913 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Merge it once the 2.7.12 patch release done

@kumahq
chore(deps): security update
7810188 
Signed-off-by: kumahq[bot] <110050114+kumahq[bot]@users.noreply.github.com>
@kumahq kumahq bot force-pushed the chore/security-updates-release-2.7 branch from 3cc6b95 to 7810188 Compare March 3, 2025 03:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Icarus9913 Icarus9913 Icarus9913 requested changes

@bartsmykla bartsmykla bartsmykla approved these changes

@slonka slonka Awaiting requested review from slonka slonka is a code owner automatically assigned from kumahq/kuma-maintainers

@Automaat Automaat Awaiting requested review from Automaat Automaat is a code owner automatically assigned from kumahq/kuma-maintainers

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file release-2.7
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bartsmykla @Icarus9913