Skip to content

Commit 1fc86cb

Browse files
panman90panman90
authored
version update for go-jose/v3 & go-jose/v4, cve suppression for linux… (#23440)
version update for go-jose/v3 & go-jose/v4, cve suppression for linux alpine
1 parent 5c06bf7 commit 1fc86cb

File tree

7 files changed

+30
-20
lines changed

7 files changed

+30
-20
lines changed

.release/security-scan.hcl

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,17 @@ container {
3838
# periodically cleaned up to remove items that are no longer found by the scanner.
3939
triage {
4040
suppress {
41-
vulnerabilities = []
41+
vulnerabilities = [
42+
"CVE-2026-3805",
43+
"CVE-2026-3784",
44+
"CVE-2026-3783",
45+
"CVE-2026-1965",
46+
"CVE-2025-14017",
47+
"CVE-2025-14524",
48+
"CVE-2025-14819",
49+
"CVE-2025-30258",
50+
"CVE-2026-27171"
51+
]
4252

4353
paths = [
4454
"internal/tools/proto-gen-rpc-glue/e2e/consul/*",
@@ -87,7 +97,7 @@ binary {
8797
# periodically cleaned up to remove items that are no longer found by the scanner.
8898
triage {
8999
suppress {
90-
vulnerabilities = []
100+
vulnerabilities = [ "GO-2026-4923" ]
91101

92102
paths = [
93103
"internal/tools/proto-gen-rpc-glue/e2e/consul/*",

go.mod

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ require (
2626
github.com/aws/aws-sdk-go-v2/credentials v1.19.6
2727
github.com/aws/aws-sdk-go-v2/service/acmpca v1.46.6
2828
github.com/aws/smithy-go v1.24.0
29-
github.com/coreos/go-oidc/v3 v3.11.0
29+
github.com/coreos/go-oidc/v3 v3.18.0
3030
github.com/deckarep/golang-set/v2 v2.3.1
3131
github.com/docker/go-connections v0.4.0
3232
github.com/envoyproxy/go-control-plane v0.14.0
@@ -37,7 +37,7 @@ require (
3737
github.com/fatih/color v1.18.0
3838
github.com/fsnotify/fsnotify v1.6.0
3939
github.com/fullstorydev/grpchan v1.1.1
40-
github.com/go-jose/go-jose/v3 v3.0.4
40+
github.com/go-jose/go-jose/v3 v3.0.5
4141
github.com/go-viper/mapstructure/v2 v2.4.0
4242
github.com/golang-jwt/jwt/v5 v5.2.2
4343
github.com/google/go-cmp v0.7.0
@@ -116,7 +116,7 @@ require (
116116
golang.org/x/crypto v0.48.0
117117
golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa
118118
golang.org/x/net v0.51.0
119-
golang.org/x/oauth2 v0.35.0
119+
golang.org/x/oauth2 v0.36.0
120120
golang.org/x/sync v0.19.0
121121
golang.org/x/sys v0.41.0
122122
golang.org/x/time v0.14.0
@@ -186,7 +186,7 @@ require (
186186
github.com/emicklei/go-restful/v3 v3.10.1 // indirect
187187
github.com/envoyproxy/protoc-gen-validate v1.3.0 // indirect
188188
github.com/felixge/httpsnoop v1.0.4 // indirect
189-
github.com/go-jose/go-jose/v4 v4.1.3 // indirect
189+
github.com/go-jose/go-jose/v4 v4.1.4 // indirect
190190
github.com/go-logr/logr v1.4.3 // indirect
191191
github.com/go-logr/stdr v1.2.2 // indirect
192192
github.com/go-ole/go-ole v1.2.6 // indirect

go.sum

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -197,8 +197,8 @@ github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc
197197
github.com/coreos/etcd v3.3.27+incompatible h1:QIudLb9KeBsE5zyYxd1mjzRSkzLg9Wf9QlRwFgd6oTA=
198198
github.com/coreos/etcd v3.3.27+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
199199
github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
200-
github.com/coreos/go-oidc/v3 v3.11.0 h1:Ia3MxdwpSw702YW0xgfmP1GVCMA9aEFWu12XUZ3/OtI=
201-
github.com/coreos/go-oidc/v3 v3.11.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0=
200+
github.com/coreos/go-oidc/v3 v3.18.0 h1:V9orjXynvu5wiC9SemFTWnG4F45v403aIcjWo0d41+A=
201+
github.com/coreos/go-oidc/v3 v3.18.0/go.mod h1:DYCf24+ncYi+XkIH97GY1+dqoRlbaSI26KVTCI9SrY4=
202202
github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
203203
github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
204204
github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU=
@@ -276,10 +276,10 @@ github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkPro
276276
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
277277
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
278278
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
279-
github.com/go-jose/go-jose/v3 v3.0.4 h1:Wp5HA7bLQcKnf6YYao/4kpRpVMp/yf6+pJKV8WFSaNY=
280-
github.com/go-jose/go-jose/v3 v3.0.4/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
281-
github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs=
282-
github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08=
279+
github.com/go-jose/go-jose/v3 v3.0.5 h1:BLLJWbC4nMZOfuPVxoZIxeYsn6Nl2r1fITaJ78UQlVQ=
280+
github.com/go-jose/go-jose/v3 v3.0.5/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
281+
github.com/go-jose/go-jose/v4 v4.1.4 h1:moDMcTHmvE6Groj34emNPLs/qtYXRVcd6S7NHbHz3kA=
282+
github.com/go-jose/go-jose/v4 v4.1.4/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08=
283283
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
284284
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
285285
github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
@@ -1053,8 +1053,8 @@ golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ
10531053
golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
10541054
golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
10551055
golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
1056-
golang.org/x/oauth2 v0.35.0 h1:Mv2mzuHuZuY2+bkyWXIHMfhNdJAdwW3FuWeCPYN5GVQ=
1057-
golang.org/x/oauth2 v0.35.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
1056+
golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs=
1057+
golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q=
10581058
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
10591059
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
10601060
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=

test-integ/go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ require (
4343
github.com/docker/go-units v0.5.0 // indirect
4444
github.com/evanphx/json-patch v4.12.0+incompatible // indirect
4545
github.com/fatih/color v1.18.0 // indirect
46-
github.com/go-jose/go-jose/v3 v3.0.4 // indirect
46+
github.com/go-jose/go-jose/v3 v3.0.5 // indirect
4747
github.com/go-test/deep v1.1.0 // indirect
4848
github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
4949
github.com/gogo/protobuf v1.3.2 // indirect

test-integ/go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -71,8 +71,8 @@ github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQL
7171
github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
7272
github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
7373
github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
74-
github.com/go-jose/go-jose/v3 v3.0.4 h1:Wp5HA7bLQcKnf6YYao/4kpRpVMp/yf6+pJKV8WFSaNY=
75-
github.com/go-jose/go-jose/v3 v3.0.4/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
74+
github.com/go-jose/go-jose/v3 v3.0.5 h1:BLLJWbC4nMZOfuPVxoZIxeYsn6Nl2r1fITaJ78UQlVQ=
75+
github.com/go-jose/go-jose/v3 v3.0.5/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
7676
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
7777
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
7878
github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=

test/integration/consul-container/go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ require (
88
github.com/docker/docker v24.0.5+incompatible
99
github.com/docker/go-connections v0.4.0
1010
github.com/evanphx/json-patch v4.12.0+incompatible
11-
github.com/go-jose/go-jose/v3 v3.0.4
11+
github.com/go-jose/go-jose/v3 v3.0.5
1212
github.com/go-viper/mapstructure/v2 v2.4.0
1313
github.com/hashicorp/consul v1.16.1
1414
github.com/hashicorp/consul/api v1.33.4

test/integration/consul-container/go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -75,8 +75,8 @@ github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQL
7575
github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
7676
github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
7777
github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
78-
github.com/go-jose/go-jose/v3 v3.0.4 h1:Wp5HA7bLQcKnf6YYao/4kpRpVMp/yf6+pJKV8WFSaNY=
79-
github.com/go-jose/go-jose/v3 v3.0.4/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
78+
github.com/go-jose/go-jose/v3 v3.0.5 h1:BLLJWbC4nMZOfuPVxoZIxeYsn6Nl2r1fITaJ78UQlVQ=
79+
github.com/go-jose/go-jose/v3 v3.0.5/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
8080
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
8181
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
8282
github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=

0 commit comments

Comments
 (0)