Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update module github.com/go-jose/go-jose/v3 to v3.0.3 #4

Closed
wants to merge 1 commit into from
Closed

chore(deps): update module github.com/go-jose/go-jose/v3 to v3.0.3 #4

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Apr 22, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/go-jose/go-jose/v3 v3.0.0 -> v3.0.3 age adoption passing confidence

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score CVE Reachability
Medium Medium 6.5 WS-2023-0431
Medium Medium 4.3 CVE-2024-28180

Release Notes

go-jose/go-jose (github.com/go-jose/go-jose/v3)

v3.0.3: Version 3.0.3

Compare Source

Fixed
  • Limit decompression output size to prevent a DoS. Backport from v4.0.1.

v3.0.2

Compare Source

Fixed

  • DecryptMulti: handle decompression error (#​19)

Changed

  • jwe/CompactSerialize: improve performance (#​67)
  • Increase the default number of PBKDF2 iterations to 600k (#​48)
  • Return the proper algorithm for ECDSA keys (#​45)

Added

  • Add Thumbprint support for opaque signers (#​38)

v3.0.1

Compare Source

Fixed

  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Apr 22, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/github.com-go-jose-go-jose-v3-3.x branch from 791c14c to 188eb72 Compare April 23, 2024 12:12
@mend-for-github-com mend-for-github-com bot changed the title chore(deps): update module github.com/go-jose/go-jose/v3 to v3.0.1 chore(deps): update module github.com/go-jose/go-jose/v3 to v3.0.3 Apr 23, 2024
@amplify-self-hosted-runners
Copy link

Check Name Conclusion Summary Output
Mend Security Check failure Security Report output
Mend License Check failure License Report output
metrics_test_check success metrics_test_check output
changelog-check failure changelog-check output
dist-check success dist-check output
verify-ci-success success verify-ci-success output
backport-check failure backport-check output
Setup success Setup output
get-go-version / Determine Go toolchain version success get-go-version / Determine Go toolchain version output
check-go-mod / check-go-mod failure check-go-mod / check-go-mod output
build-distros-success failure build-distros-success output
Get files changed and conditionally skip CI success Get files changed and conditionally skip CI output
get-go-version / Determine Go toolchain version success get-go-version / Determine Go toolchain version output
Setup success Setup output
Generate Envoy Job Matrices failure Generate Envoy Job Matrices output
integration-test-with-deployer failure integration-test-with-deployer output
dev-build / build failure dev-build / build output
test-integrations-success failure test-integrations-success output
noop success noop output
Get files changed and conditionally skip CI success Get files changed and conditionally skip CI output
get-go-version / Determine Go toolchain version success get-go-version / Determine Go toolchain version output
Setup success Setup output
check-codegen failure check-codegen output
check-generated-protobuf failure check-generated-protobuf output
lint-container-test-deps failure lint-container-test-deps output
lint-enums failure lint-enums output
lint-consul-retry failure lint-consul-retry output
check-go-mod / check-go-mod failure check-go-mod / check-go-mod output
dev-build / build failure dev-build / build output
lint / lint failure lint / lint output
lint-32bit / lint failure lint-32bit / lint output
lint / lint api failure lint / lint api output
lint-32bit / lint api failure lint-32bit / lint api output
lint / lint sdk failure lint / lint sdk output
lint-32bit / lint sdk failure lint-32bit / lint sdk output
lint / lint envoyextensions failure lint / lint envoyextensions output
lint-32bit / lint envoyextensions failure lint-32bit / lint envoyextensions output
lint / lint troubleshoot failure lint / lint troubleshoot output
lint-32bit / lint troubleshoot failure lint-32bit / lint troubleshoot output
lint / lint test/integration/consul-container failure lint / lint test/integration/consul-container output
lint-32bit / lint test/integration/consul-container failure lint-32bit / lint test/integration/consul-container output
lint / lint test-integ failure lint / lint test-integ output
lint-32bit / lint test-integ failure lint-32bit / lint test-integ output
lint / lint testing/deployer failure lint / lint testing/deployer output
lint-32bit / lint testing/deployer failure lint-32bit / lint testing/deployer output
Get files changed and conditionally skip CI success Get files changed and conditionally skip CI output
get-go-version / Determine Go toolchain version success get-go-version / Determine Go toolchain version output
Setup success Setup output
scan failure scan output

1 similar comment
@amplify-self-hosted-runners
Copy link

Check Name Conclusion Summary Output
Mend Security Check failure Security Report output
Mend License Check failure License Report output
metrics_test_check success metrics_test_check output
changelog-check failure changelog-check output
dist-check success dist-check output
verify-ci-success success verify-ci-success output
backport-check failure backport-check output
Setup success Setup output
get-go-version / Determine Go toolchain version success get-go-version / Determine Go toolchain version output
check-go-mod / check-go-mod failure check-go-mod / check-go-mod output
build-distros-success failure build-distros-success output
Get files changed and conditionally skip CI success Get files changed and conditionally skip CI output
get-go-version / Determine Go toolchain version success get-go-version / Determine Go toolchain version output
Setup success Setup output
Generate Envoy Job Matrices failure Generate Envoy Job Matrices output
integration-test-with-deployer failure integration-test-with-deployer output
dev-build / build failure dev-build / build output
test-integrations-success failure test-integrations-success output
noop success noop output
Get files changed and conditionally skip CI success Get files changed and conditionally skip CI output
get-go-version / Determine Go toolchain version success get-go-version / Determine Go toolchain version output
Setup success Setup output
check-codegen failure check-codegen output
check-generated-protobuf failure check-generated-protobuf output
lint-container-test-deps failure lint-container-test-deps output
lint-enums failure lint-enums output
lint-consul-retry failure lint-consul-retry output
check-go-mod / check-go-mod failure check-go-mod / check-go-mod output
dev-build / build failure dev-build / build output
lint / lint failure lint / lint output
lint-32bit / lint failure lint-32bit / lint output
lint / lint api failure lint / lint api output
lint-32bit / lint api failure lint-32bit / lint api output
lint / lint sdk failure lint / lint sdk output
lint-32bit / lint sdk failure lint-32bit / lint sdk output
lint / lint envoyextensions failure lint / lint envoyextensions output
lint-32bit / lint envoyextensions failure lint-32bit / lint envoyextensions output
lint / lint troubleshoot failure lint / lint troubleshoot output
lint-32bit / lint troubleshoot failure lint-32bit / lint troubleshoot output
lint / lint test/integration/consul-container failure lint / lint test/integration/consul-container output
lint-32bit / lint test/integration/consul-container failure lint-32bit / lint test/integration/consul-container output
lint / lint test-integ failure lint / lint test-integ output
lint-32bit / lint test-integ failure lint-32bit / lint test-integ output
lint / lint testing/deployer failure lint / lint testing/deployer output
lint-32bit / lint testing/deployer failure lint-32bit / lint testing/deployer output
Get files changed and conditionally skip CI success Get files changed and conditionally skip CI output
get-go-version / Determine Go toolchain version success get-go-version / Determine Go toolchain version output
Setup success Setup output
scan failure scan output

@github-actions GitHub Actions
Copy link

This pull request has been automatically flagged for inactivity because it has not been acted upon in the last 60 days. It will be closed if no new activity occurs in the next 30 days. Please feel free to re-open to resurrect the change if you feel this has happened by mistake. Thank you for your contributions.

@github-actions GitHub Actions
Copy link

Closing due to inactivity. If you feel this was a mistake or you wish to re-open at any time in the future, please leave a comment and it will be re-surfaced for the maintainers to review.

@github-actions github-actions bot closed this Jul 27, 2024
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/github.com-go-jose-go-jose-v3-3.x branch July 27, 2024 01:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
meta/stale security fix Security fix generated by Mend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants