Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): updated all dependencies to fix CVEs #3

Merged
merged 3 commits into from
Oct 24, 2023
Merged

fix(deps): updated all dependencies to fix CVEs #3

merged 3 commits into from
Oct 24, 2023

Conversation

malmor
Copy link
Contributor

@malmor malmor commented Aug 29, 2023

This PR updates all dependencies and bumps the Go version to 1.19.

This fixes multiple CVEs:
image

I also ran the linting - that's why a few smaller code changes are part of this PR.

@malmor
fix(deps): updated all dependencies to fix CVEs
e457f74 
Signed-off-by: malmor <62105800+malmor@users.noreply.github.com>
@malmor
fix(deps): bumped Go version in pipelines
3ac2522 
Signed-off-by: malmor <62105800+malmor@users.noreply.github.com>
@malmor
Copy link
Contributor Author

malmor commented Aug 29, 2023

Hey @manhtukhang,
I managed to compile a new version and it returned the expected This binary is a plugin. These are not meant to be executed directly..

But I was not able to test this inside a Vault instance. Can you take a look at it?

We would love to see a new version being released with these changes! 🚀
Looking forward to hearing from you.

Regards,
Malte

@malmor
fix(deps): downgraded vault/sdk to v0.9.1
e3a663d 
The unit tests failed because vault/sdk v0.9.2 introduced a new check
that I guess needs to be implemented - see [1]. By downgrading to
v0.9.1 this error can be fixed - but has to be addressed in the future.

This commit also fixes two linting errors and migrates the depguard
configuration to the new v2 schema. This is required because the
golangci-lint action bumped its dependency, see [2] and [3].

[1]: hashicorp/vault#22173
[2]: golangci/golangci-lint#3906
[3]: https://golangci-lint.run/usage/linters/#depguard

Signed-off-by: malmor <62105800+malmor@users.noreply.github.com>
@malmor
Copy link
Contributor Author

malmor commented Sep 8, 2023

Hey @manhtukhang,
I fixed the pipeline failures with the latest commit and managed to get a dev environment up and running.

I compiled a new plugin version based on the latest commit and was able to successfully install and use the plugin.

As far as I can tell this new version should be working and ready for review/release.
Looking forward to hearing from you on this.

Regards,
Malte

@malmor
Copy link
Contributor Author

malmor commented Sep 15, 2023

Hey @manhtukhang,
any ideas on when you might have the time to take a look at this PR?

Kind Regards,
Malte

@manhtukhang
Copy link
Owner

Hi @malmor,

Sorry for the late response! I can merge this PR.

Thank you for your contribution!

@manhtukhang manhtukhang merged commit 6f500be into manhtukhang:main Oct 24, 2023
2 checks passed
@malmor malmor deleted the update-dependencies branch June 18, 2024 09:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@malmor @manhtukhang