CVE reported for golang protobuf, crypto, and net (CVE-2024-24786, CVE-2024-45337, CVE-2023-45288, CVE-2024-45338) #96
Description
Multiple CVE have been reported for these dependencies:
- CVE-2024-24786 (medium) : golang protobuf (1.32.0) (fixed in 1.33.0) (see PR Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 #82)
- CVE-2024-45337 (high) : golang/x/crypto (0.19.0) (fixed in 0.31.0) (see PR Bump golang.org/x/crypto from 0.17.0 to 0.31.0 #80)
- CVE-2023-45288 (medium) : golang/x/net (0.20.0) (fixed in 0.23.0)
- CVE-2024-45338 (medium) : golang/x/net (0.20.0) (fixed in 0.23.0)
Affected version: code-marketplace 2.3.0
Is it possible to update these dependencies and build a new version of code-marketplace?