Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump golang.org/x/text and golang.org/x/net #2341

Merged
merged 1 commit into from
Nov 10, 2022
Merged

Bump golang.org/x/text and golang.org/x/net #2341

merged 1 commit into from
Nov 10, 2022

Conversation

peterdeme
Copy link
Contributor

@peterdeme peterdeme commented Oct 29, 2022
edited
Loading

Description

Bumping two packages

golang.org/x/text

CVE-2022-32149

While this vulnerability does not affect directly Terragrunt, we still see a red light 🚨 on our build by Docker vulnerability scanner tool (Trivy).

image

golang.org/x/net

CVE-2022-27664

This is an indirect dependency, so probably doesn't affect the software either.

image

TODOs

Read the Gruntwork contribution guidelines.

  • Update the docs.
  • Run the relevant tests successfully, including pre-commit checks.
  • Ensure any 3rd party code adheres with our license policy or delete this line if its not applicable.
  • Include release notes. If this PR is backward incompatible, include a migration guide.

Release Notes (draft)

  • Bump golang.org/x/text and golang.org/x/net

Migration Guide

@peterdeme peterdeme mentioned this pull request Oct 29, 2022
Merged
@zackproser
Copy link
Contributor

Thanks for the PR! I'm seeing the following failures in CircleCI:

To upgrade to the versions selected by go 1.16:
	go mod tidy -go=1.16 && go mod tidy -go=1.17
If reproducibility with go 1.16 is not needed:
	go mod tidy -compat=1.17
For other options, see:
	https://golang.org/doc/modules/pruning

@peterdeme
Copy link
Contributor Author

@zackproser updated

@denis256 denis256 merged commit a6e1948 into gruntwork-io:master Nov 10, 2022
@renovate renovate bot mentioned this pull request Dec 16, 2023
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@denis256 denis256 denis256 approved these changes

@zackproser zackproser Awaiting requested review from zackproser

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@peterdeme @zackproser @denis256