Skip to content

Commit

Permalink
chore: update google.golang.org/protobuf to v1.33.0 (#40)
Browse files Browse the repository at this point in the history 
This is to move away from CVE-20204-24786: infinite loop vulnerability.

Signed-off-by: Edgar Hernández <23639005+israel-hdez@users.noreply.github.com>
  • Loading branch information
@israel-hdez
israel-hdez authored Mar 20, 2024
1 parent 4d8e991 commit 9ce55d4
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
4 changes: 2 additions & 2 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ require (
github.com/google/go-cmp v0.5.9
github.com/grpc-ecosystem/grpc-gateway/v2 v2.15.0
google.golang.org/grpc v1.56.3
google.golang.org/protobuf v1.32.0
google.golang.org/protobuf v1.33.0
sigs.k8s.io/controller-runtime v0.14.1
)

Expand Down Expand Up @@ -41,7 +41,7 @@ replace (
// Fixes CVE-2023-48795 - golang.org/x/crypto Authentication Bypass by Capture-replay
golang.org/x/crypto => golang.org/x/crypto v0.17.0
golang.org/x/net => golang.org/x/net v0.17.0

// Fixes github.com/elazarl/goproxy Denial of Service (DoS), the dependency was removed in v0.27.0
// Remove below when upgrading to controller-runtime 0.15.x or apimachinery to 0.27.x
k8s.io/apimachinery => k8s.io/apimachinery v0.27.0
Expand Down
2 changes: 2 additions & 0 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,8 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I=
google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
Expand Down

0 comments on commit 9ce55d4

Please sign in to comment.