Merge pull request #4187 from open-horizon/security_4184

Fix vulnerability CVE-2024-51744
open-horizon · Jan 8, 2025 · 6c6fca2 · 6c6fca2
2 parents a6898dd + e582bb2
commit 6c6fca2
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 4 deletions.
diff --git a/agreementbot/secret_updater_test.go b/agreementbot/secret_updater_test.go
@@ -5,9 +5,10 @@ package agreementbot
 
 import (
 	//"fmt"
+	"testing"
+
 	"github.com/open-horizon/anax/events"
 	"github.com/stretchr/testify/assert"
-	"testing"
 )
 
 // Ensure that the secret manager queueing is working.
@@ -29,7 +30,7 @@ func Test_SUM_Queue(t *testing.T) {
 	sus.AddSecretUpdate(su2)
 
 	// Now test the secret update manager.
-	sum := NewSecretUpdateManager()
+	sum := NewSecretUpdateManager(60, 60, 300, 30)
 	sum.SetUpdateEvent(sus)
 
 	assert.True(t, len(sum.PendingUpdates) == 1, "There should be 1 pending update")

diff --git a/go.mod b/go.mod
@@ -84,7 +84,7 @@ require (
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
 	github.com/go-openapi/swag v0.22.4 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.1 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/golang/snappy v0.0.1 // indirect

diff --git a/go.sum b/go.sum
@@ -136,8 +136,9 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
-github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo=
+github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang/glog v1.2.1 h1:OptwRhECazUx5ix5TTWC3EZhsZEHWcYWY4FQHTIubm4=
 github.com/golang/glog v1.2.1/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=