Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Features/CVE fix 20240829 #295

Open
wants to merge 10 commits into
base: release/1.2.11
Choose a base branch
from
Open

Features/CVE fix 20240829 #295

wants to merge 10 commits into from

Conversation

yusheng-guo
Copy link

@yusheng-guo yusheng-guo commented Aug 30, 2024
edited
Loading

What type of PR is this?
PR类型是什么?

/kind bug
/kind cleanup

What this PR does / why we need it:
这个PR解决了什么问题:

cve

Does this PR introduce a breaking change?:
PR带来的破坏性变更:

Update dependencies.

Test/Final result:
测试/最终运行结果:

$ govulncheck -show verbose ./...
Scanning your code and 759 packages across 105 dependent modules for known vulnerabilities...

Fetching vulnerabilities from the database...

Checking the code against the vulnerabilities...

=== Symbol Results ===

No vulnerabilities found.

=== Package Results ===

No other vulnerabilities found.

=== Module Results ===

Vulnerability #1: GO-2022-0646
    Use of risky cryptographic algorithm in github.com/aws/aws-sdk-go
  More info: https://pkg.go.dev/vuln/GO-2022-0646
  Module: github.com/aws/aws-sdk-go
    Found in: github.com/aws/[email protected]
    Fixed in: N/A

Your code is affected by 0 vulnerabilities.
This scan also found 0 vulnerabilities in packages you import and 1
vulnerability in modules you require, but your code doesn't appear to call these
vulnerabilities.

yusheng-guo and others added 10 commits August 30, 2024 10:23
@yusheng-guo
upgrade dependencies
d042e85
@yusheng-guo
untrack vendor directory
9ad6c57
@yusheng-guo
add: toolchain version
fbe66a4
@yusheng-guo
update: golang version of base image
7ab2e0d
@yusheng-guo
update dependencies by go get -u ./...
d3e13d8
@yusheng-guo
downgrade github.com/influxdata/influxdb
5dfebd1
@dependabot
Bump github.com/influxdata/influxdb from 1.8.0 to 1.11.6
c4aa367 
Bumps [github.com/influxdata/influxdb](https://github.com/influxdata/influxdb) from 1.8.0 to 1.11.6.
- [Release notes](https://github.com/influxdata/influxdb/releases)
- [Commits](influxdata/influxdb@1.8.0...v1.11.6)

---
updated-dependencies:
- dependency-name: github.com/influxdata/influxdb
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Merge pull request #3 from yusheng-guo/dependabot/go_modules/features…
98c637c 
…/cve-fix-20240829/github.com/influxdata/influxdb-1.11.6
@yusheng-guo
update indirect dependencies
cb2593a
@yusheng-guo
feat(influxdb): replace the deprecated github.com/influxdata/influxdb…
2bb7781 
…/client with v2

The Go client library now has a "v2" version, with the old version being deprecated. The new version can be imported at import "github.com/influxdata/influxdb/client/v2". It is not backwards-compatible.

BREAKING CHANGE:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@yusheng-guo