Skip to content

Commit

Permalink
🐛 Prevent CVE-2023-44487 (#50)
Browse files Browse the repository at this point in the history 
* 🐛 Prevent CVE-2023-44487

https://osv.dev/vulnerability/GO-2023-2102
Signed-off-by: Christian Zunker <[email protected]>

* 🧹 update minimal go version and direct dependencies

---------

Signed-off-by: Christian Zunker <[email protected]>
Co-authored-by: Christoph Hartmann <[email protected]>
  • Loading branch information
@czunker @chris-rock
czunker and chris-rock authored Oct 12, 2023
1 parent d169692 commit b880282
Show file tree
Hide file tree
Showing 5 changed files with 91 additions and 294 deletions.
1 change: 1 addition & 0 deletions .github/env
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
golang-version=1.21.3
5 changes: 4 additions & 1 deletion .github/workflows/go.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,13 @@ jobs:
steps:
- uses: actions/checkout@v4

- name: Import environment variables from file
run: cat ".github/env" >> $GITHUB_ENV

- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.18
go-version: ">=${{ env.golang-version }}"

- name: Build
run: go build -v ./...
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/goreleaser.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,12 @@ jobs:
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Import environment variables from file
run: cat ".github/env" >> $GITHUB_ENV
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.18
go-version: ">=${{ env.golang-version }}"
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v4
with:
Expand Down
48 changes: 25 additions & 23 deletions go.mod
View file
Original file line number Diff line number Diff line change
@@ -1,50 +1,52 @@
module go.mondoo.com/ranger-rpc

go 1.18
go 1.21

require (
github.com/cockroachdb/errors v1.9.0
github.com/cockroachdb/errors v1.11.1
github.com/go-openapi/spec v0.20.6
github.com/google/go-cmp v0.5.9
github.com/google/uuid v1.3.0
github.com/google/uuid v1.3.1
github.com/lyft/protoc-gen-star v0.6.2
github.com/rs/zerolog v1.27.0
github.com/stretchr/testify v1.8.0
go.opentelemetry.io/otel v1.10.0
golang.org/x/crypto v0.0.0-20220919173607-35f4265a4bc0
google.golang.org/genproto v0.0.0-20220715211116-798f69b842b9
google.golang.org/protobuf v1.28.0
github.com/rs/zerolog v1.31.0
github.com/stretchr/testify v1.8.4
go.opentelemetry.io/otel v1.19.0
golang.org/x/crypto v0.14.0
google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97
google.golang.org/protobuf v1.31.0
gopkg.in/square/go-jose.v2 v2.6.0
moul.io/http2curl v1.0.0
)

require (
github.com/cockroachdb/logtags v0.0.0-20211118104740-dabe8e521a4f // indirect
github.com/cockroachdb/redact v1.1.3 // indirect
github.com/cockroachdb/logtags v0.0.0-20230118201751-21c54148d20b // indirect
github.com/cockroachdb/redact v1.1.5 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/getsentry/sentry-go v0.13.0 // indirect
github.com/go-logr/logr v1.2.3 // indirect
github.com/getsentry/sentry-go v0.18.0 // indirect
github.com/go-logr/logr v1.2.4 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/jsonpointer v0.19.5 // indirect
github.com/go-openapi/jsonreference v0.20.0 // indirect
github.com/go-openapi/swag v0.21.1 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/kr/pretty v0.3.0 // indirect
github.com/kr/pretty v0.3.1 // indirect
github.com/kr/text v0.2.0 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-colorable v0.1.12 // indirect
github.com/mattn/go-isatty v0.0.14 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.19 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/rogpeppe/go-internal v1.8.1 // indirect
github.com/rogpeppe/go-internal v1.9.0 // indirect
github.com/smartystreets/goconvey v1.8.1 // indirect
github.com/spf13/afero v1.9.0 // indirect
go.opentelemetry.io/otel/trace v1.10.0 // indirect
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect
golang.org/x/text v0.3.8 // indirect
golang.org/x/tools v0.1.12 // indirect
go.opentelemetry.io/otel/metric v1.19.0 // indirect
go.opentelemetry.io/otel/trace v1.19.0 // indirect
golang.org/x/mod v0.9.0 // indirect
golang.org/x/sys v0.13.0 // indirect
golang.org/x/text v0.13.0 // indirect
golang.org/x/tools v0.7.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)
Loading

0 comments on commit b880282

Please sign in to comment.