Skip to content

fix(deps): update all#319

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/all
Open

fix(deps): update all#319
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/all

Conversation

@renovate

@renovate renovate Bot commented Feb 9, 2022

Copy link
Copy Markdown

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Type Update Change Age Confidence
actions/cache action patch v2.1.7v2.1.8 age confidence
github.com/asaskevich/govalidator require digest f21760ca9d515a age confidence
github.com/dustin/go-humanize require patch v1.0.0v1.0.1 age confidence
github.com/gliderlabs/ssh require patch v0.3.3v0.3.8 age confidence
github.com/go-gormigrate/gormigrate/v2 require minor v2.0.0v2.1.6 age confidence
github.com/reiver/go-telnet require digest 9ff0b2a7da9ad7 age confidence
github.com/smartystreets/goconvey require minor v1.7.2v1.8.1 age confidence
github.com/tailscale/depaware require digest 720c4b4835d31c age confidence
github.com/urfave/cli require patch v1.22.5v1.22.17 age confidence
golang stage minor 1.18.01.26.4 age confidence
golang.org/x/crypto require minor v0.0.0-20220208050332-20e1d8d225abv0.53.0 age confidence
golang.org/x/tools require minor v0.1.10v0.47.0 age confidence
golangci/golangci-lint uses-with minor v1.50.1v1.64.8 age confidence
gorm.io/driver/mysql require minor v1.2.3v1.6.0 age confidence
gorm.io/driver/postgres require minor v1.2.3v1.6.0 age confidence
gorm.io/driver/sqlite require minor v1.2.6v1.6.0 age confidence
gorm.io/gorm require minor v1.22.5v1.31.2 age confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

actions/cache (actions/cache)

v2.1.8: Updating actions/core to version 1.10.0

Compare Source

The ::save-state and ::set-output are deprecated. The newer version of actions/core >1.10.0 uses the new syntax for save and set output. After this change, customers using actions/cache@​v2 won't see deprecation warning message.

dustin/go-humanize (github.com/dustin/go-humanize)

v1.0.1

Compare Source

gliderlabs/ssh (github.com/gliderlabs/ssh)

v0.3.8

Compare Source

This bumps x/crypto to 0.31.0 to resolve CVE-2024-45337. The API has not changed, which means there are still a number of ways you could be vulnerable if your code improperly uses the PublicKeyHandler.

Note that this may result in a performance regression, as the PublicKeyHandler may be called multiple times for the same key. The last time it is called will be the key the user is actually using.

Note that if you are using Permissions to pass information about the public key out of the handler, you need to make sure you always overwrite all relevant stored map keys in order to avoid being vulnerable.

Full Changelog: gliderlabs/ssh@v0.3.7...v0.3.8

v0.3.7

Compare Source

What's Changed

New Contributors

Full Changelog: gliderlabs/ssh@v0.3.6...v0.3.7

v0.3.6

Compare Source

v0.3.5

Compare Source

v0.3.4

Compare Source

go-gormigrate/gormigrate (github.com/go-gormigrate/gormigrate/v2)

v2.1.6

Compare Source

  • chore: bump go 1.25 => 1.26, update go deps
  • chore(ci): bump github actions
  • chore: bump db images for integration testing
    • postgres: 18 => 19
    • mariadb: 11 => 12
    • mssql/server: 2022 => 2025

v2.1.5

Compare Source

  • feat: log in case of error when closing rows
  • chore(ci): add 1.25 to integration-test go matrix
  • chore(integration-test): bump go to 1.25
  • chore: bump go deps

v2.1.4

Compare Source

v2.1.3

Compare Source

Changed
  • Update dependencies

v2.1.2

Compare Source

Added
Changed
  • Update dependencies

v2.1.1

Compare Source

Changed
  • Update dependencies

v2.1.0

Compare Source

Changed
  • Refactor plain sql mutation statements (create, insert, delete) into native gorm methods
  • Update dependencies

v2.0.3

Compare Source

  • Upgrade dependencies

v2.0.2

Compare Source

  • Upgrade dependencies

v2.0.1

Compare Source

  • Upgrade dependencies
smartystreets/goconvey (github.com/smartystreets/goconvey)

v1.8.1

Compare Source

v1.8.0: - Updating to Go 1.18

Compare Source

What's Changed

New Contributors

Full Changelog: smartystreets/goconvey@v1.7.2...v1.8.0

urfave/cli (github.com/urfave/cli)

v1.22.17

Compare Source

What's Changed

Full Changelog: urfave/cli@v1.22.16...v1.22.17

v1.22.16

Compare Source

What's Changed

Full Changelog: urfave/cli@v1.22.15...v1.22.16

v1.22.15

Compare Source

What's Changed

Full Changelog: urfave/cli@v1.22.14...v1.22.15

v1.22.14

Compare Source

What's Changed

Full Changelog: urfave/cli@v1.22.13...v1.22.14

v1.22.13

Compare Source

What's Changed

Full Changelog: urfave/cli@v1.22.12...v1.22.13

v1.22.12

Compare Source

What's Changed

Full Changelog: urfave/cli@v1.22.11...v1.22.12

v1.22.11

Compare Source

What's Changed

Full Changelog: urfave/cli@v1.22.10...v1.22.11

v1.22.10

Compare Source

What's Changed

Full Changelog: urfave/cli@v1.22.9...v1.22.10

v1.22.9

Compare Source

What's Changed

Full Changelog: urfave/cli@v1.22.8...v1.22.9

v1.22.8

Compare Source

What's Changed

Full Changelog: urfave/cli@v1.22.7...v1.22.8

v1.22.7: Release 1.22.7

Compare Source

What's Changed

Full Changelog: urfave/cli@v1.22.6...v1.22.7

v1.22.6: Release 1.22.6

Compare Source

What's Changed

Full Changelog: urfave/cli@v1.22.5...v1.22.6

golangci/golangci-lint (golangci/golangci-lint)

v1.64.8

Compare Source

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

v1.64.7

Compare Source

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

  • 94946f3 build(deps): bump github.com/OpenPeeDeeP/depguard/v2 from 2.2.0 to 2.2.1 (#​5509)
  • 132365e build(deps): bump github.com/golangci/dupl from 3e9179a to f665c8d (#​5512)
  • bddd1bc build(deps): bump github.com/securego/gosec/v2 from 2.22.1 to 2.22.2 (#​5515)
  • 624fb4e build(deps): bump golang.org/x/mod from 0.23.0 to 0.24.0 (#​5507)
  • 8cffdb7 build(deps): bump golang.org/x/oauth2 from 0.27.0 to 0.28.0 in /scripts/gen_github_action_config in the scripts group (#​5521)
  • 7a3f3d7 build(deps): bump golang.org/x/tools from 0.30.0 to 0.31.0 (#​5508)
  • c13fd5b build(deps): bump honnef.co/go/tools from 0.6.0 to 0.6.1 (#​5510)

v1.64.6

Compare Source

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

  • 3d28c57 Require type for oneOf mutual exclusion (#​5426)
  • 84ab753 build(deps): bump 4d63.com/gocheckcompilerdirectives from 1.2.1 to 1.3.0 (#​5485)
  • 9fddfc4 build(deps): bump github.com/4meepo/tagalign from 1.4.1 to 1.4.2 (#​5430)
  • 404916a build(deps): bump github.com/GaijinEntertainment/go-exhaustruct/v3 from 3.3.0 to 3.3.1 (#​5467)
  • 3b6b9da build(deps): bump github.com/catenacyber/perfsprint from 0.8.1 to 0.8.2 (#​5441)
  • 336b21b build(deps): bump github.com/kisielk/errcheck from 1.8.0 to 1.9.0 (#​5447)
  • baad5bb build(deps): bump github.com/kkHAIKE/contextcheck from 1.1.5 to 1.1.6 (#​5482)
  • 9e832c9 build(deps): bump github.com/ldez/exptostd from 0.4.1 to 0.4.2 (#​5456)
  • f2c6303 build(deps): bump github.com/mgechev/revive from 1.6.1 to 1.7.0 (#​5422)
  • 9a2423a build(deps): bump github.com/nunnatsa/ginkgolinter from 0.19.0 to 0.19.1 (#​5435)
  • 140d96e build(deps): bump github.com/rogpeppe/go-internal from 1.13.1 to 1.14.0 (#​5469)
  • 3eecab1 build(deps): bump github.com/rogpeppe/go-internal from 1.14.0 to 1.14.1 (#​5476)
  • d574f35 build(deps): bump github.com/shirou/gopsutil/v4 from 4.25.1 to 4.25.2 (#​5486)
  • 1a6b95b build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.0 (#​5421)
  • 69ed661 build(deps): bump github.com/spf13/cobra from 1.9.0 to 1.9.1 (#​5429)
  • 5e17a57 build(deps): bump github.com/tdakkota/asciicheck from 0.4.0 to 0.4.1 (#​5418)
  • 2c1d661 build(deps): bump github.com/tetafro/godot from 1.4.20 to 1.5.0 (#​5420)
  • 414f446 build(deps): bump golang.org/x/oauth2 from 0.26.0 to 0.27.0 in /scripts/gen_github_action_config in the scripts group (#​5471)
  • 042d640 build(deps): bump golangci/golangci-lint-action from 6.3.2 to 6.5.0 in the github-actions group (#​5419)
  • d4f4d16 build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5 in /pkg/golinters/protogetter/testdata in the linter-testdata group across 1 directory (#​5484)
  • f69da39 fix: use commit hash when version is v0.0.0 (#​5479)
  • 53d58e8 govet: skip fieldalignment test on 32bit platforms (#​5463)

v1.64.5

Compare Source

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

  • a43c84c build(deps): bump github.com/gostaticanalysis/forcetypeassert from 0.1.0 to 0.2.0 (#​5409)
  • 4be8bf8 build(deps): bump github.com/securego/gosec/v2 from 2.22.0 to 2.22.1 (#​5410)
  • e352220 build(deps): bump github.com/tdakkota/asciicheck from 0.3.0 to 0.4.0 (#​5411)
  • 0a603e4 fix: add missing new-from-merge-base flag (#​5412)

v1.64.4

Compare Source

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

v1.64.3

Compare Source

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

  • b8920dd build(deps): bump github.com/go-critic/go-critic from 0.11.5 to 0.12.0 (#​5400)
  • 1a0b85b build(deps): bump github.com/mgechev/revive from 1.6.0 to 1.6.1 (#​5399)
  • 750e1ab build(deps): bump github.com/nunnatsa/ginkgolinter from 0.18.4 to 0.19.0 (#​5404)
  • 08ae805 gci: fix standard packages list for go1.24 (#​5402)

v1.64.2

Compare Source

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

  • 07019ee build(deps): bump honnef.co/go/tools from 0.5.1 to 0.6.0 (#​5391)
  • 474fdaf go1.24 support (#​5224)
  • e21ee9a build(deps): bump github.com/ldez/exptostd from 0.4.0 to 0.4.1 (#​5390)
  • 8e1d5f4 build(deps): bump golang.org/x/tools from 0.29.0 to 0.30.0 (#​5389)
  • 23eafd5 build(deps): bump github.com/catenacyber/perfsprint from 0.8.0 to 0.8.1 (#​5386)
  • 71445ee build(deps): bump go-simpler.org/sloglint from 0.7.2 to 0.9.0 (#​5384)
  • 9ce9097 build(deps): bump 4d63.com/gochecknoglobals from 0.2.1 to 0.2.2 (#​5380)
  • 1200be2 build(deps): bump github.com/catenacyber/perfsprint from 0.7.1 to 0.8.0 (#​5382)
  • 2b24c4e build(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0 (#​5376)
  • fbc663d build(deps): bump golang.org/x/mod from 0.22.0 to 0.23.0 (#​5375)
  • 0284fa9 tenv: deprecation (#​5373)
  • a2ef9ee build(deps): bump github.com/polyfloyd/go-errorlint from 1.7.0 to 1.7.1 (#​5368)
  • a7da404 build(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6 (#​5367)
  • 72a1b33 build(deps): bump github.com/shirou/gopsutil/v4 from 4.24.12 to 4.25.1 (#​5366)
  • 10c03d7 feat: use run.relative-path-mode for output format paths (#​5363)
  • fc94060 build(deps): bump the linter-testdata group across 2 directories with 4 updates (#​5365)
  • 192e98b feat: add new issues.new-from-merge-base option (#​5362)
  • 980a911 fix: sanitize severities by output format (#​5359)
  • 4b05170 build(deps): bump github.com/matoous/godox from 0.0.0-20230222163458-006bad1f9d26 to 1.1.0 (#​5355)
  • 98c110b feat: new linter exclusions system (#​5339)
  • d1e9da0 fix: fallback on unknown severities for code climate (#​5350)
  • 2637593 build(deps): bump github.com/mgechev/revive from 1.5.1 to 1.6.0 (#​5346)
  • 23641e3 build(deps): bump github.com/golangci/revgrep from 0.6.1 to 0.7.0 (#​5337)
  • a10bfc5 build(deps): bump github.com/golangci/revgrep from 0.6.0 to 0.6.1 (#​5336)
  • 2084a50 build(deps): bump github.com/Crocmagnon/fatcontext from 0.6.0 to 0.7.1 (#​5335)
  • ac95a23 build(deps): bump github.com/ldez/exptostd from 0.3.1 to 0.4.0 (#​5330)
  • 20e4b1e build(deps): bump github.com/Crocmagnon/fatcontext from 0.5.3 to 0.6.0 (#​5332)
  • 29eaf2d build(deps): bump github.com/ldez/gomoddirectives from 0.6.0 to 0.6.1 (#​5329)
  • 5a7c7e6 fix: spancheck default StartSpanMatchersSlice values (#​5324)
  • 019bde5 build(deps): bump github.com/golangci/revgrep from 0.5.3 to 0.6.0 (#​5319)
  • 2502d20 build(deps): bump github.com/mattn/go-colorable from 0.1.13 to 0.1.14 (#​5318)
  • 8f187ff build(deps): bump github.com/securego/gosec/v2 from 2.21.4 to 2.22.0 (#​5311)
  • e24c18c build(deps): bump github.com/karamaru-alpha/copyloopvar from 1.1.0 to 1.2.1 (#​5307)
  • ace35f0 fix: avoid panic with plugin without description (#​5312)
  • 09489d5 build(deps): bump github.com/uudashr/iface from 1.3.0 to 1.3.1 (#​5308)
  • c07dc97 build(deps): bump github.com/ghostiam/protogetter from 0.3.8 to 0.3.9 (#​5306)
  • 555fb5c build(deps): bump github.com/alingse/nilnesserr from 0.1.1 to 0.1.2 (#​5305)
  • b7fd295 build(deps): bump golang.org/x/tools from 0.28.0 to 0.29.0 (#​5309)
  • b747025 build(deps): bump github.com/ldez/grignotin from 0.7.0 to 0.8.0 (#​5295)
  • d516da9 build(deps): bump golang.org/x/sys from 0.28.0 to 0.29.0 (#​5293)

v1.63.4

Compare Source

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

v1.63.3

Compare Source

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

v1.63.2

Compare Source

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

v1.63.1

Compare Source

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

v1.63.0

Compare Source

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

  • 0640d3f Add UseTesting linter (#​5170)
  • aa0450c Add exptostd linter (#​5259)
  • 1467bc0 Add nilnesserr linter (#​5240)
  • 6a20504 build(deps): bump github.com/shirou/gopsutil to v4.24.10 (#​5167)
  • a6c26ee build(deps): bump github.com/4meepo/tagalign from 1.3.4 to 1.4.1 (#​5255)
  • e85310c build(deps): bump github.com/Antonboom/nilnil from 1.0.0 to 1.0.1 (#​5233)
  • c751e5c build(deps): bump github.com/alecthomas/go-check-sumtype from 0.2.0 to 0.3.1 (#​5230)
  • c882e89 build(deps): bump github.com/ashanbrown/makezero from 1.1.1 to 1.2.0 (#​5181)
  • acfb3be build(deps): bump github.com/bombsimon/wsl/v4 from 4.4.1 to 4.5.0 (#​5262)
  • 321e03f build(deps): bump github.com/butuzov/ireturn from 0.3.0 to 0.3.1 (#​5188)
  • 72bbc45 build(deps): bump github.com/butuzov/mirror from 1.2.0 to 1.3.0 (#​5178)
  • 06ffc05 build(deps): bump github.com/ckaznocha/intrange from 0.2.1 to 0.3.0 (#​5203)
  • a92ccc7 build(deps): bump github.com/curioswitch/go-reassign from 0.2.0 to 0.3.0 (#​5176)
  • 043275f build(deps): bump github.com/go-xmlfmt/xmlfmt from 1.1.2 to 1.1.3 (#​5177)
  • c8cf7a4 build(deps): bump github.com/jjti/go-spancheck from 0.6.2 to 0.6.4 (#​5174)
  • dafd655 build(deps): bump github.com/julz/importas from 0.1.0 to b26b8fc (#​5219)
  • b322a16 build(deps): bump github.com/julz/importas from 0.1.1-0.20241016092914-b26b8fc96f8a to 0.2.0 (#​5256)
  • d40b6da build(deps): bump github.com/ldez/gomoddirectives from 0.2.4 to 0.4.2 (#​5175)
  • 794a340 build(deps): bump github.com/ldez/gomoddirectives from 0.4.2 to 0.5.0 (#​5187)
  • 67825fe build(deps): bump github.com/ldez/gomoddirectives from 0.5.0 to 0.6.0 (#​5196)
  • 0c6bccb build(deps): bump github.com/ldez/grignotin from 0.6.0 to 0.7.0 (#​5248)
  • d74f1ae build(deps): bump github.com/ldez/tagliatelle from 0.5.0 to 0.6.0 (#​5164)
  • 59f05b5 build(deps): bump github.com/ldez/tagliatelle from 0.6.0 to 0.7.1 (#​5204)
  • 9686758 build(deps): bump github.com/ldez/usetesting from 0.2.0 to 0.2.1 (#​5189)
  • fc650e4 build(deps): bump github.com/ldez/usetesting from 0.2.1 to 0.2.2 (#​5198)
  • cf4c529 build(deps): bump github.com/ldez/usetesting from 0.2.2 to 0.3.0 ([#​5261](ht

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@auto-add-label auto-add-label Bot added the bug label Feb 9, 2022
@trafico-bot trafico-bot Bot added the 🔍 Ready for Review Pull Request is not reviewed yet label Feb 9, 2022
@renovate renovate Bot changed the title fix(deps): update golang.org/x/crypto commit hash to bba287d fix(deps): update golang.org/x/crypto commit hash to dad3315 Feb 9, 2022
@renovate renovate Bot changed the title fix(deps): update golang.org/x/crypto commit hash to dad3315 fix(deps): update golang.org/x/crypto commit hash to db63837 Feb 9, 2022
@renovate renovate Bot changed the title fix(deps): update golang.org/x/crypto commit hash to db63837 fix(deps): update golang.org/x/crypto commit hash to f4118a5 Feb 10, 2022
@renovate renovate Bot changed the title fix(deps): update golang.org/x/crypto commit hash to f4118a5 chore(deps): update all docker tags Feb 11, 2022
@auto-add-label auto-add-label Bot added dependencies and removed bug labels Feb 11, 2022
@renovate renovate Bot changed the title chore(deps): update all docker tags chore(deps): update golang docker tag to v1.17.7 Feb 13, 2022
@renovate renovate Bot changed the title chore(deps): update golang docker tag to v1.17.7 chore(deps): update all docker tags Feb 13, 2022
@renovate renovate Bot changed the title chore(deps): update all docker tags chore(deps): update all Feb 14, 2022
@renovate renovate Bot force-pushed the renovate/all branch 4 times, most recently from cb00655 to f43cfe7 Compare February 19, 2022 17:17
@renovate renovate Bot force-pushed the renovate/all branch 3 times, most recently from 41f4efb to f1cf282 Compare March 8, 2022 00:36
@renovate renovate Bot force-pushed the renovate/all branch 6 times, most recently from 7c324a8 to e684342 Compare March 18, 2022 13:55
@renovate renovate Bot changed the title chore(deps): update all fix(deps): update all Apr 21, 2022
@auto-add-label auto-add-label Bot added bug and removed dependencies labels Apr 21, 2022
@renovate renovate Bot force-pushed the renovate/all branch 5 times, most recently from b57a58c to af6d109 Compare April 28, 2022 13:21
@renovate renovate Bot force-pushed the renovate/all branch 5 times, most recently from a1bdb10 to 72b1efe Compare May 11, 2022 20:44
@renovate renovate Bot force-pushed the renovate/all branch 5 times, most recently from 3a73794 to 5bcea1f Compare May 18, 2022 06:15
@renovate renovate Bot force-pushed the renovate/all branch 3 times, most recently from a9e11be to 9bab928 Compare May 28, 2022 17:09
@renovate renovate Bot force-pushed the renovate/all branch 2 times, most recently from 7aac983 to a02dae4 Compare June 2, 2022 00:55
@renovate renovate Bot force-pushed the renovate/all branch 2 times, most recently from 119e774 to 6c3c508 Compare June 8, 2022 16:31
Comment thread go.mod
github.com/dustin/go-humanize v1.0.0
github.com/gliderlabs/ssh v0.3.3
github.com/go-gormigrate/gormigrate/v2 v2.0.0
github.com/dustin/go-humanize v1.0.1

@semgrep-app semgrep-app Bot Jun 6, 2023

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Risk: github.com/docker/docker versions >= 23.0.0 before 23.0.3, >= 1.12.0 before 20.10.24 are vulnerable to Unprotected Alternate Channel / Not Failing Securely ('Failing Open'). Affected configurations silently accept cleartext VXLAN datagrams, enabling attackers to inject arbitrary Ethernet frames into the encrypted network. This can result in denial of service attacks or further escalations,

Fix: Upgrade this library to at least version 20.10.24 at sshportal/go.mod:7.

Reference(s): GHSA-232p-vwff-86mp, CVE-2023-28840

Ignore this finding from ssc-6c040726-d493-4854-b380-987107b4c1bb.

@socket-security

socket-security Bot commented Apr 14, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn Critical
Critical CVE: pgx contains memory-safety vulnerability in golang github.com/jackc/pgx/v5

CVE: GHSA-xgrm-4fwx-7qm8 pgx contains memory-safety vulnerability (CRITICAL)

Affected versions: < 5.9.0

Patched version: 5.9.0

From: ?golang/gorm.io/driver/postgres@v1.6.0golang/github.com/jackc/pgx/v5@v5.6.0

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/jackc/pgx/v5@v5.6.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Critical
Critical CVE: Memory-safety vulnerability in golang github.com/jackc/pgx/v5.

CVE: GHSA-9jj7-4m8r-rfcm Memory-safety vulnerability in github.com/jackc/pgx/v5. (CRITICAL)

Affected versions: < 5.9.0

Patched version: 5.9.0

From: ?golang/gorm.io/driver/postgres@v1.6.0golang/github.com/jackc/pgx/v5@v5.6.0

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/jackc/pgx/v5@v5.6.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: golang golang.org/x/tools is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: go.modgolang/golang.org/x/tools@v0.47.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/golang.org/x/tools@v0.47.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies 🔍 Ready for Review Pull Request is not reviewed yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants