Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Enhancement]: Bump go dependency for security issues #31986

Closed
1 task done
congqixia opened this issue Apr 8, 2024 · 1 comment
Closed
1 task done

[Enhancement]: Bump go dependency for security issues #31986

congqixia opened this issue Apr 8, 2024 · 1 comment
Labels
kind/enhancement Issues or changes related to enhancement stale indicates no udpates for 30 days

Comments

@congqixia
Copy link
Contributor

Is there an existing issue for this?

  • I have searched the existing issues

What would you like to be added?

We shall use dependency with no security alerts

Why is this needed?

No response

Anything else?

This issue shall be linked for PR bump Go dependencies for security alert
@congqixia congqixia added the kind/enhancement Issues or changes related to enhancement label Apr 8, 2024
@congqixia congqixia mentioned this issue Apr 8, 2024
Merged
sre-ci-robot pushed a commit that referenced this issue Apr 9, 2024
@congqixia
enhance: Bump google.golang.org/grpc to 1.57.1 (#31985)
a860bf6 
See also #31986
See dependency alert for "gRPC-Go HTTP/2 Rapid Reset vulnerability"

Signed-off-by: Congqi Xia <[email protected]>
congqixia added a commit to congqixia/milvus that referenced this issue Apr 9, 2024
@congqixia
enhance: Bump otel lib & jose2go for security alerts
ce39f23 
See also milvus-io#31986

Signed-off-by: Congqi Xia <[email protected]>
congqixia added a commit to congqixia/milvus that referenced this issue Apr 9, 2024
@congqixia
enhance: Bump otel lib & jose2go for security alerts
39ecaeb 
See also milvus-io#31986

Signed-off-by: Congqi Xia <[email protected]>
@congqixia congqixia mentioned this issue Apr 9, 2024
Merged
congqixia added a commit to congqixia/milvus that referenced this issue Apr 9, 2024
@congqixia
enhance: Bump otel lib & jose2go for security alerts
9468c5d 
See also milvus-io#31986

Signed-off-by: Congqi Xia <[email protected]>
congqixia added a commit to congqixia/milvus that referenced this issue Apr 9, 2024
@congqixia
enhance: Bump jose2go for security alerts
6cf2ebf 
See also milvus-io#31986

jose2go vulnerable to denial of service via large p2c value

Signed-off-by: Congqi Xia <[email protected]>
congqixia added a commit to congqixia/milvus that referenced this issue Apr 9, 2024
@congqixia
enhance: Bump jose2go for security alerts
38a23ad 
See also milvus-io#31986

- jose2go vulnerable to denial of service via large p2c value

Signed-off-by: Congqi Xia <[email protected]>
sre-ci-robot pushed a commit that referenced this issue Apr 10, 2024
@congqixia
enhance: Bump jose2go for security alerts (#32040)
9d16aa0 
See also #31986

- jose2go vulnerable to denial of service via large p2c value

Signed-off-by: Congqi Xia <[email protected]>
congqixia added a commit to congqixia/milvus that referenced this issue Apr 10, 2024
@congqixia
enhance: [Cherry-pick] Bump grpc & jose2go dependency
c510280 
Cherry-pick from master
pr: milvus-io#31985 milvus-io#32040
See also milvus-io#31986

Signed-off-by: Congqi Xia <[email protected]>
@congqixia congqixia mentioned this issue Apr 10, 2024
Merged
sre-ci-robot pushed a commit that referenced this issue Apr 11, 2024
@congqixia
enhance: [Cherry-pick] Bump grpc & jose2go dependency (#32126)
5256f3d 
Cherry-pick from master
pr: #31985 #32040
See also #31986

Signed-off-by: Congqi Xia <[email protected]>
@stale Stale
Copy link

stale bot commented May 8, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Rotten issues close after 30d of inactivity. Reopen the issue with /reopen.

@stale stale bot added the stale indicates no udpates for 30 days label May 8, 2024
@stale stale bot closed this as completed May 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement Issues or changes related to enhancement stale indicates no udpates for 30 days
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@congqixia