Skip to content

CVE fixes #159

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
martinbaillie merged 6 commits into from
Jul 10, 2025
Merged

CVE fixes #159

martinbaillie merged 6 commits into from
Jul 10, 2025

Conversation

@pkossyfas
Copy link
Contributor

@pkossyfas pkossyfas commented Jul 4, 2025
edited
Loading

This PR fixes CVEs that are present on the latest available version (v2.2.2).

  • It introduces the toolchain directive to pin go version to 1.23.10 for CI and building. go version 1.23.8 has a fix for critical vulnerability CVE-2025-22871 and version 1.23.10 has fixes for medium vulnerabilities CVE-2025-4673, CVE-2025-0913
  • library github.com/bradleyfalzon/ghinstallation is being upgraded to v2 to fix jwt leak vulnerability GO-2022-1178 (alias GHSA-h4q8-96p6-jcgr).
Unit tests: 
[vault-plugin-secrets-github]# unit
==> Unit testing
EMPTY .
PASS github.TestNewClient_WithProxy (0.00s)
PASS github.TestFactory/HappyPath (0.00s)
PASS github.TestBackend_PathConfigDelete/FieldValidation (0.00s)
PASS github.TestBackend_PathInfoRead (0.00s)
PASS github.TestBackend_Revoke/HappyPath (0.00s)
PASS github.TestFactory/NilConfig (0.00s)
PASS github.TestFactory (0.00s)
PASS github.TestBackend_PathConfigUpdate/FailedValidation (0.00s)
PASS github.TestBackend_Revoke/FailedOptionsParsing (0.00s)
PASS github.TestBackend_Revoke/FailedClient (0.00s)
PASS github.TestBackend_Revoke/FailedRevoke (0.00s)
PASS github.TestBackend_Revoke (0.00s)
PASS github.TestBackend_PathConfigDelete/HappyPath (0.00s)
PASS github.TestBackend_PathConfigDelete/FailedStorage (0.00s)
PASS github.TestBackend_PathConfigDelete/Empty (0.00s)
PASS github.TestBackend_PathConfigDelete (0.00s)
PASS github.TestBackend_PathConfigCreate/FailedValidation (0.00s)
PASS github.TestConfig_Update/Empty (0.00s)
PASS github.TestBackend_PathConfigUpdate/FailedStoragePersistOrganization (0.00s)
PASS github.TestBackend_Client/AllowConcurrentReads (0.00s)
PASS github.TestBackend_PathMetricsRead/HappyPath (0.00s)
PASS github.TestBackend_PathConfigUpdate/FailedStoragePersistInstallation (0.00s)
PASS github.TestBackend_PathConfigUpdate/FailedStorageRetrieve (0.00s)
PASS github.TestBackend_Config/Empty (0.00s)
PASS github.TestBackend_PathConfigUpdate/Empty (0.00s)
PASS github.TestBackend_PathConfigCreate/FailedValidation#01 (0.00s)
PASS github.TestBackend_PathConfigCreate/FailedStoragePersistOrganization (0.00s)
PASS github.TestBackend_PathConfigCreate/FailedStorageRetrieve (0.00s)
PASS github.TestBackend_PathConfigUpdate/ExistInstallation (0.00s)
PASS github.TestBackend_PathConfigUpdate/FailedValidation#01 (0.00s)
PASS github.TestConfig_Update/PrivateKeyInvalid (0.00s)
PASS github.TestConfig_Update/BaseURLInvalid (0.00s)
PASS github.TestConfig_Update/OverwritesAndAdds (0.00s)
PASS github.TestConfig_Update/Overwrites (0.00s)
PASS github.TestConfig_Update/Persists (0.00s)
PASS github.TestBackend_PathConfigCreate/FailedStoragePersistInstallation (0.00s)
PASS github.TestBackend_PathConfigCreate/ExistOrganization (0.00s)
PASS github.TestBackend_PathConfigCreate/Empty (0.00s)
PASS github.TestBackend_Config/FailedStorage (0.00s)
PASS github.TestBackend_Client/FailedStorage (0.00s)
PASS github.TestBackend_PathConfigCreate/ExistInstallation (0.00s)
PASS github.TestBackend_PathConfigCreate (0.00s)
PASS github.TestClient_RevokeToken/HappyPath (0.00s)
PASS github.TestBackend_PathMetricsRead/NoMetrics (0.00s)
PASS github.TestBackend_PathMetricsRead (0.00s)
PASS github.TestBackend_Config/HappyPath (0.00s)
PASS github.TestBackend_Client/ReusesExisting (0.00s)
PASS github.TestConfig_Update/PrivateKeyNotPEMEncoded (0.00s)
PASS github.TestConfig_Update (0.00s)
PASS github.TestBackend_Client/BadConfig (0.00s)
PASS github.TestBackend_Client (0.00s)
PASS github.TestBackend_PathConfigRead/FailedStorage (0.00s)
PASS github.TestClient_RevokeToken/NilContext (0.00s)
PASS github.TestBackend_PathConfigRead/HappyPath (0.00s)
PASS github.TestBackend_PathConfigUpdate/ExistOrganization (0.00s)
PASS github.TestBackend_PathConfigUpdate (0.00s)
PASS github.TestBackend_PathConfigRead/FieldValidation (0.00s)
PASS github.TestBackend_Config/FailedUnmarshal (0.00s)
PASS github.TestBackend_Config/Organization (0.00s)
PASS github.TestBackend_Config (0.00s)
PASS github.TestBackend_PathConfigRead/Empty (0.00s)
PASS github.TestBackend_PathConfigRead (0.00s)
PASS github.TestClient_RevokeToken/403Response (0.00s)
PASS github.TestBackend_PathTokenWriteRead/FailedClient (0.00s)
PASS github.TestBackend_PathTokenWriteRead/MissingInstallationID (0.00s)
PASS github.TestNewClient/Empty (0.00s)
PASS github.TestBackend_PathTokenWriteRead/FailedValidation (0.00s)
PASS github.TestNewClient/UnparseableBaseURL (0.00s)
PASS github.TestNewClient/InvalidPrvKey (0.00s)
PASS github.TestNewClient/HappyPath (0.00s)
PASS github.TestNewClient/InvalidBaseURL (0.00s)
PASS github.TestNewClient (0.00s)
PASS github.TestBackend_PathTokenPermissionSetWriteCreate/FailedValidation (0.00s)
PASS github.TestBackend_PathTokenWriteRead/FailedOptionsParsing (0.00s)
PASS github.TestBackend_PathTokenPermissionSetWriteCreate/FailedClient (0.00s)
PASS github.TestBackend_PathTokenPermissionSetWriteCreate/MissingInstallationID (0.00s)
PASS github.TestClient_RevokeToken/ErrorInError (0.00s)
PASS github.TestClient_RevokeToken/401Response (0.00s)
PASS github.TestBackend_PathPermissionSetWriteUpdate/HappyPath (0.00s)
PASS github.TestBackend_PathTokenWriteRead/HappyPath (0.00s)
PASS github.TestBackend_PathPermissionSetList/HappyPath (0.00s)
PASS github.TestBackend_PathPermissionSetList/ListFail (0.00s)
PASS github.TestBackend_PathPermissionSetList (0.00s)
PASS github.TestPathValidateFields/HappyPath (0.00s)
PASS github.TestClient_RevokeToken/FailedRoundTrip (0.01s)
PASS github.TestClient_RevokeToken (0.00s)
PASS github.TestClient_Token/HappyPath (0.00s)
PASS github.TestBackend_PathPermissionSetDelete/DeleteNonExistent (0.00s)
PASS github.TestBackend_PathTokenPermissionSetWriteUpdate/FailedValidation (0.00s)
PASS github.TestBackend_PathPermissionSetWriteCreate/HappyPath (0.00s)
PASS github.TestBackend_PathTokenPermissionSetWriteCreate/FailedCreate (0.00s)
PASS github.TestBackend_PathPermissionSetWriteUpdate/CreateFail (0.00s)
PASS github.TestBackend_PathPermissionSetWriteUpdate (0.00s)
PASS github.TestBackend_PathPermissionSetDelete/HappyPath (0.00s)
PASS github.TestBackend_PermissionSet/ValidateNameEmpty (0.00s)
PASS github.TestBackend_PathTokenWriteRead/FailedCreate (0.00s)
PASS github.TestBackend_PathTokenWriteRead (0.00s)
PASS github.TestClient_Token/OrgNameFailedRoundTrip (0.00s)
PASS github.TestBackend_PathPermissionSetDelete/DeleteFail (0.00s)
PASS github.TestBackend_PathPermissionSetDelete (0.00s)
PASS github.TestBackend_PathTokenPermissionSetWriteCreate/HappyPath (0.01s)
PASS github.TestBackend_PathTokenPermissionSetWriteCreate (0.00s)
PASS github.TestClient_Token/OrgNameErrorInError (0.00s)
PASS github.TestClient_Token/OrgNameForbidden (0.00s)
PASS github.TestClient_Token/NilContext (0.00s)
PASS github.TestClient_Token/UnparseableAccessTokenURL (0.00s)
PASS github.TestClient_Token/FailedRoundTrip (0.00s)
PASS github.TestClient_Token/MissingTokenReq (0.00s)
PASS github.TestClient_Token/OrgNameEmptyResponse (0.00s)
PASS github.TestBackend_PathTokenWriteUpdate/FailedValidation (0.00s)
PASS github.TestPathValidateFields/UnknownFields (0.00s)
PASS github.TestPathValidateFields/UnknownField (0.00s)
PASS github.TestPathValidateFields/Empty (0.00s)
PASS github.TestPathValidateFields (0.00s)
PASS github.TestClient_Token/4xxResponse (0.00s)
PASS github.TestClient_Token/OrgNameNotInstalled (0.00s)
PASS github.TestClient_Token/ErrorInError (0.00s)
PASS github.TestBackend_PathTokenPermissionSetWriteUpdate/MissingInstallationID (0.00s)
PASS github.TestClient_Token/EOFResponse (0.00s)
PASS github.TestBackend_PathTokenPermissionSetWriteUpdate/FailedClient (0.00s)
PASS github.TestBackend_PermissionSet/ValidateGetPermissionSet (0.00s)
PASS github.TestBackend_PermissionSet/FailSave (0.00s)
PASS github.TestBackend_PermissionSet/ValidateTokenRequestEmpty (0.00s)
PASS github.TestBackend_PermissionSet (0.00s)
PASS github.TestBackend_PathPermissionSetWriteCreate/CreateFail (0.00s)
PASS github.TestBackend_PathPermissionSetWriteCreate (0.00s)
PASS github.TestBackend_PathTokenWriteUpdate/FailedOptionsParsing (0.00s)
PASS github.TestBackend_PathTokenPermissionSetWriteUpdate/FailedCreate (0.00s)
PASS github.TestClient_Token/EmptyResponse (0.00s)
PASS github.TestClient_Token/HappyPathWithTokenConstraints (0.00s)
PASS github.TestBackend_PathTokenWriteUpdate/MissingInstallationID (0.00s)
PASS github.TestBackend_PathTokenWriteUpdate/FailedClient (0.00s)
PASS github.TestBackend_PathInstallationsRead/FailedClient (0.00s)
PASS github.TestBackend_PathTokenWriteCreate/FailedValidation (0.00s)
PASS github.TestBackend_PathInstallationsRead/FailedInstallationsRequest (0.00s)
PASS github.TestBackend_PathTokenWriteCreate/FailedOptionsParsing (0.00s)
PASS github.TestBackend_PathTokenWriteCreate/MissingInstallationID (0.00s)
PASS github.TestBackend_PathTokenPermissionSetWriteUpdate/HappyPath (0.01s)
PASS github.TestBackend_PathTokenWriteCreate/FailedClient (0.00s)
PASS github.TestBackend_PathTokenPermissionSetWriteUpdate (0.00s)
PASS github.TestBackend_PathTokenWriteUpdate/FailedCreate (0.00s)
PASS github.TestBackend_PathPermissionSetRead/HappyPath (0.00s)
PASS github.TestBackend_PathInstallationsRead/HappyPath (0.00s)
PASS github.TestBackend_PathPermissionSetRead/NonExistenceCheck (0.00s)
PASS github.TestBackend_PathTokenWriteUpdate/HappyPath (0.00s)
PASS github.TestBackend_PathTokenWriteUpdate (0.00s)
PASS github.TestBackend_PathPermissionSetRead/ReadFail (0.00s)
PASS github.TestBackend_PathPermissionSetRead (0.00s)
PASS github.TestBackend_PathTokenWriteCreate/FailedCreate (0.00s)
PASS github.TestClient_Token/OrgNameExtraLookupHappyPath (0.01s)
PASS github.TestClient_Token (0.00s)
PASS github.TestBackend_PathInstallationsRead/Pagination (0.01s)
PASS github.TestBackend_PathInstallationsRead (0.00s)
PASS github.TestBackend_PathTokenWriteCreate/HappyPath (0.00s)
PASS github.TestBackend_PathTokenWriteCreate (0.00s)
PASS github (cached)

DONE 155 tests in 0.223s
Integration tests: 
[vault-plugin-secrets-github]# integration
==> Integration testing
==> Integration server
==> Vault server configuration:

Administrative Namespace:
             Api Address: http://127.0.0.1:8200
                     Cgo: disabled
         Cluster Address: https://127.0.0.1:8201
   Environment Variables: DEVSHELL_DIR, GIT_SSL_CAINFO, HOME, HOSTNAME, IN_NIX_SHELL, MANPATH, NIXPKGS_PATH, NIX_GCROOT, NIX_PATH, NIX_SSL_CERT_FILE, OLDPWD, PATH, PRJ_DATA_DIR, PRJ_ROOT, PWD, SHELL, SHLVL, SSL_CERT_FILE, TERM, USER, VAULT_ADDR, XDG_DATA_DIRS, _, name
              Go Version: go1.23.3
              Listener 1: tcp (addr: "127.0.0.1:8200", cluster address: "127.0.0.1:8201", disable_request_limiter: "false", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
               Log Level: error
                   Mlock: supported: true, enabled: false
           Recovery Mode: false
                 Storage: inmem
                 Version: Vault v1.18.3, built 2024-12-16T14:00:53Z
             Version Sha: 7ae4eca5403bf574f142cd8f987b8d83bafcd1de

==> Vault server started! Log data will stream in below:

WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.

You may need to set the following environment variables:

    $ export VAULT_ADDR='http://127.0.0.1:8200'

The unseal key and root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.

Unseal Key: 6ro66pHxhL2M+d70ThkNRkcHHVcTKpxwngy+vjb++JM=
Root Token: root

The following dev plugins are registered in the catalog:
    - vault-plugin-secrets-github

Development mode should NOT be used in production installations!

Success! Data written to: sys/plugins/catalog/vault-plugin-secrets-github
Success! Enabled the vault-plugin-secrets-github secrets engine at: github/
==> Unit testing
EMPTY .
PASS github.TestNewClient_WithProxy (0.00s)
PASS github.TestFactory/HappyPath (0.00s)
PASS github.TestBackend_PathInfoRead (0.00s)
PASS github.TestBackend_PathTokenWriteUpdate/FailedValidation (0.00s)
PASS github.TestBackend_PathTokenWriteCreate/FailedValidation (0.00s)
PASS github.TestBackend_PathConfigDelete/FieldValidation (0.00s)
PASS github.TestBackend_PathTokenWriteRead/FailedValidation (0.00s)
PASS github.TestBackend_Revoke/HappyPath (0.00s)
PASS github.TestBackend_PathTokenWriteCreate/FailedOptionsParsing (0.00s)
PASS github.TestBackend_PathTokenWriteCreate/MissingInstallationID (0.00s)
PASS github.TestBackend_PathTokenWriteCreate/FailedClient (0.00s)
PASS github.TestBackend_PathTokenWriteUpdate/HappyPath (0.00s)
PASS github.TestBackend_PathTokenWriteUpdate/FailedClient (0.00s)
PASS github.TestBackend_PathTokenWriteUpdate/FailedOptionsParsing (0.00s)
PASS github.TestBackend_PathTokenWriteRead/FailedOptionsParsing (0.00s)
PASS github.TestBackend_PathTokenWriteRead/FailedClient (0.00s)
PASS github.TestBackend_PathTokenWriteUpdate/MissingInstallationID (0.00s)
PASS github.TestBackend_PathMetricsRead/HappyPath (0.01s)
PASS github.TestBackend_PathMetricsRead/NoMetrics (0.00s)
PASS github.TestBackend_PathMetricsRead (0.01s)
PASS github.TestBackend_PathTokenWriteRead/MissingInstallationID (0.00s)
PASS github.TestFactory/NilConfig (0.00s)
PASS github.TestFactory (0.00s)
PASS github.TestBackend_PathTokenWriteCreate/HappyPath (0.00s)
PASS github.TestBackend_Revoke/FailedClient (0.00s)
PASS github.TestBackend_PathConfigUpdate/FailedValidation (0.00s)
PASS github.TestBackend_Revoke/FailedOptionsParsing (0.00s)
PASS github.TestBackend_PathConfigDelete/FailedStorage (0.00s)
PASS github.TestBackend_PathPermissionSetWriteUpdate/HappyPath (0.00s)
PASS github.TestBackend_PathTokenWriteUpdate/FailedCreate (0.01s)
PASS github.TestBackend_PathTokenWriteUpdate (0.00s)
PASS github.TestBackend_PathTokenWriteCreate/FailedCreate (0.01s)
PASS github.TestBackend_PathTokenWriteCreate (0.00s)
PASS github.TestBackend_PathConfigDelete/Empty (0.00s)
PASS github.TestBackend_PathConfigDelete/HappyPath (0.00s)
PASS github.TestBackend_PathConfigDelete (0.00s)
PASS github.TestBackend_PathConfigUpdate/FailedValidation#01 (0.00s)
PASS github.TestBackend_PathConfigUpdate/FailedStoragePersistOrganization (0.00s)
PASS github.TestBackend_PathConfigUpdate/FailedStorageRetrieve (0.00s)
PASS github.TestBackend_PathConfigUpdate/FailedStoragePersistInstallation (0.00s)
PASS github.TestBackend_Revoke/FailedRevoke (0.00s)
PASS github.TestBackend_Revoke (0.00s)
PASS github.TestBackend_PathPermissionSetWriteCreate/HappyPath (0.00s)
PASS github.TestBackend_PathConfigUpdate/Empty (0.00s)
PASS github.TestBackend_PathTokenWriteRead/FailedCreate (0.01s)
PASS github.TestBackend_PathPermissionSetDelete/HappyPath (0.00s)
PASS github.TestBackend_PathConfigUpdate/ExistInstallation (0.00s)
PASS github.TestBackend_PathConfigUpdate/ExistOrganization (0.00s)
PASS github.TestBackend_PathConfigUpdate (0.00s)
PASS github.TestBackend_PathPermissionSetRead/HappyPath (0.00s)
PASS github.TestBackend_PathPermissionSetWriteCreate/CreateFail (0.00s)
PASS github.TestBackend_PathPermissionSetWriteCreate (0.00s)
PASS github.TestPathValidateFields/HappyPath (0.00s)
PASS github.TestBackend_PermissionSet/ValidateNameEmpty (0.00s)
PASS github.TestBackend_PathPermissionSetWriteUpdate/CreateFail (0.00s)
PASS github.TestBackend_PathConfigCreate/FailedValidation#01 (0.00s)
PASS github.TestBackend_PathPermissionSetWriteUpdate (0.00s)
PASS github.TestBackend_PathTokenPermissionSetWriteUpdate/FailedValidation (0.00s)
PASS github.TestBackend_PathConfigCreate/FailedStorageRetrieve (0.00s)
PASS github.TestBackend_PathConfigCreate/FailedStoragePersistOrganization (0.00s)
PASS github.TestBackend_PathConfigCreate/FailedStoragePersistInstallation (0.00s)
PASS github.TestBackend_PathConfigCreate/ExistInstallation (0.00s)
PASS github.TestBackend_PathConfigCreate/Empty (0.00s)
PASS github.TestBackend_PathPermissionSetDelete/DeleteNonExistent (0.00s)
PASS github.TestBackend_PathPermissionSetDelete/DeleteFail (0.00s)
PASS github.TestBackend_PathPermissionSetDelete (0.00s)
PASS github.TestBackend_PathTokenPermissionSetWriteCreate/FailedValidation (0.00s)
PASS github.TestBackend_PathConfigCreate/ExistOrganization (0.00s)
PASS github.TestBackend_PathTokenPermissionSetWriteUpdate/FailedClient (0.00s)
PASS github.TestBackend_PathTokenPermissionSetWriteUpdate/FailedCreate (0.00s)
PASS github.TestBackend_PathTokenPermissionSetWriteUpdate/MissingInstallationID (0.00s)
PASS github.TestBackend_PathPermissionSetRead/ReadFail (0.00s)
PASS github.TestBackend_PathConfigCreate/FailedValidation (0.00s)
PASS github.TestBackend_PathConfigCreate (0.00s)
PASS github.TestBackend_PathTokenPermissionSetWriteCreate/FailedClient (0.00s)
PASS github.TestBackend_PathPermissionSetRead/NonExistenceCheck (0.00s)
PASS github.TestBackend_PathPermissionSetRead (0.00s)
PASS github.TestBackend_PathPermissionSetList/HappyPath (0.00s)
PASS github.TestPathValidateFields/UnknownFields (0.00s)
PASS github.TestPathValidateFields/UnknownField (0.00s)
PASS github.TestPathValidateFields/Empty (0.00s)
PASS github.TestPathValidateFields (0.00s)
PASS github.TestBackend_PermissionSet/FailSave (0.00s)
PASS github.TestBackend_PermissionSet/ValidateTokenRequestEmpty (0.00s)
PASS github.TestBackend_PathTokenPermissionSetWriteCreate/MissingInstallationID (0.00s)
PASS github.TestBackend_PermissionSet/ValidateGetPermissionSet (0.00s)
PASS github.TestBackend_PermissionSet (0.00s)
PASS github.TestBackend_PathInstallationsRead/FailedClient (0.00s)
PASS github.TestIntegration/WriteConfig (0.01s)
PASS github.TestBackend_PathTokenPermissionSetWriteCreate/FailedCreate (0.00s)
PASS github.TestBackend_PathPermissionSetList/ListFail (0.00s)
PASS github.TestBackend_PathPermissionSetList (0.00s)
PASS github.TestBackend_PathConfigRead/FieldValidation (0.00s)
PASS github.TestBackend_PathConfigRead/FailedStorage (0.00s)
PASS github.TestConfig_Update/Empty (0.00s)
PASS github.TestConfig_Update/PrivateKeyInvalid (0.00s)
PASS github.TestConfig_Update/PrivateKeyNotPEMEncoded (0.00s)
PASS github.TestConfig_Update/BaseURLInvalid (0.00s)
PASS github.TestBackend_PathTokenWriteRead/HappyPath (0.01s)
PASS github.TestBackend_PathTokenWriteRead (0.00s)
PASS github.TestConfig_Update/Overwrites (0.00s)
PASS github.TestConfig_Update/Persists (0.00s)
PASS github.TestBackend_PathConfigRead/Empty (0.00s)
PASS github.TestConfig_Update/OverwritesAndAdds (0.00s)
PASS github.TestConfig_Update (0.00s)
PASS github.TestBackend_PathTokenPermissionSetWriteCreate/HappyPath (0.00s)
PASS github.TestBackend_PathTokenPermissionSetWriteUpdate/HappyPath (0.00s)
PASS github.TestBackend_PathTokenPermissionSetWriteCreate (0.00s)
PASS github.TestBackend_PathTokenPermissionSetWriteUpdate (0.00s)
PASS github.TestNewClient/Empty (0.00s)
PASS github.TestBackend_PathConfigRead/HappyPath (0.00s)
PASS github.TestBackend_PathConfigRead (0.00s)
PASS github.TestClient_Token/OrgNameFailedRoundTrip (0.00s)
PASS github.TestIntegration/ReadConfig (0.00s)
PASS github.TestBackend_PathInstallationsRead/FailedInstallationsRequest (0.00s)
PASS github.TestClient_Token/HappyPath (0.00s)
PASS github.TestClient_Token/OrgNameErrorInError (0.00s)
PASS github.TestIntegration/WritePermissionSet (0.00s)
PASS github.TestClient_Token/OrgNameEmptyResponse (0.00s)
PASS github.TestIntegration/ReadPermissionSet (0.00s)
PASS github.TestClient_Token/OrgNameNotInstalled (0.00s)
PASS github.TestClient_RevokeToken/HappyPath (0.01s)
PASS github.TestClient_Token/4xxResponse (0.00s)
PASS github.TestClient_Token/OrgNameForbidden (0.01s)
PASS github.TestClient_Token/OrgNameExtraLookupHappyPath (0.00s)
PASS github.TestBackend_PathInstallationsRead/HappyPath (0.01s)
PASS github.TestClient_Token/UnparseableAccessTokenURL (0.00s)
PASS github.TestClient_Token/NilContext (0.00s)
PASS github.TestClient_Token/MissingTokenReq (0.00s)
PASS github.TestBackend_Client/AllowConcurrentReads (0.00s)
PASS github.TestClient_RevokeToken/FailedRoundTrip (0.00s)
PASS github.TestIntegration/ListPermissionSets (0.00s)
PASS github.TestClient_RevokeToken/403Response (0.00s)
PASS github.TestClient_RevokeToken/401Response (0.00s)
PASS github.TestClient_Token/FailedRoundTrip (0.00s)
PASS github.TestClient_RevokeToken/NilContext (0.00s)
PASS github.TestClient_Token/EmptyResponse (0.00s)
PASS github.TestBackend_Config/Empty (0.00s)
PASS github.TestNewClient/UnparseableBaseURL (0.00s)
PASS github.TestNewClient/InvalidBaseURL (0.00s)
PASS github.TestNewClient/InvalidPrvKey (0.00s)
PASS github.TestBackend_Client/BadConfig (0.00s)
PASS github.TestNewClient/HappyPath (0.00s)
PASS github.TestBackend_Client/FailedStorage (0.00s)
PASS github.TestBackend_Config/FailedUnmarshal (0.00s)
PASS github.TestBackend_Config/FailedStorage (0.00s)
PASS github.TestBackend_PathInstallationsRead/Pagination (0.01s)
PASS github.TestBackend_Config/Organization (0.00s)
PASS github.TestBackend_Config/HappyPath (0.00s)
PASS github.TestBackend_Client/ReusesExisting (0.00s)
PASS github.TestNewClient (0.00s)
PASS github.TestBackend_PathInstallationsRead (0.00s)
PASS github.TestBackend_Config (0.00s)
PASS github.TestBackend_Client (0.00s)
PASS github.TestClient_RevokeToken/ErrorInError (0.00s)
PASS github.TestClient_RevokeToken (0.00s)
PASS github.TestClient_Token/ErrorInError (0.00s)
PASS github.TestClient_Token/EOFResponse (0.00s)
PASS github.TestClient_Token/HappyPathWithTokenConstraints (0.00s)
PASS github.TestClient_Token (0.00s)
PASS github.TestIntegration/CreateTokenByInstallationID (0.00s)
PASS github.TestIntegration/CreateTokenByOrgName (0.00s)
PASS github.TestIntegration/RevokeTokens (0.00s)
PASS github.TestIntegration/CreateTokenWithConstraints (0.00s)
PASS github.TestIntegration/WriteReadConfigPermissionSetCreateTokenWithRacyness (2.26s)
PASS github.TestIntegration/DeletePermissionSet (0.00s)
PASS github.TestIntegration/DeleteConfig (0.00s)
PASS github.TestIntegration (2.29s)
PASS github

DONE 168 tests in 3.294s

Fixes #158

pkossyfas added 6 commits July 4, 2025 17:42
@pkossyfas
Pin Go toolchain version to 1.23.10
1e41f2e 
- Using the toolchain directive ensures that go version 1.23.10 will
be used for building the binary.
- go version 1.23.8 fixes vulnerability CVE-2025-22871
- go version 1.23.10 fixes vulnerabilities CVE-2025-4673, CVE-2025-0913
@pkossyfas
Upgrade library github.com/bradleyfalzon/ghinstallation to v2
6211f41 
Latest v1 ghinstallation library includes jwt leak vulnerability
GO-2022-1178 (alias CVE-2022-39304).
Latest v2 version fixes this vulnerability.
@pkossyfas
Upgrade indirect library golang.org/x/crypto
7159bb0 
Fixes vulnerability CVE-2025-22869
@pkossyfas
Upgrade github.com/go-jose/go-jose/v4 library
c89e504 
Fixes CVE-2025-27144
@pkossyfas
Upgrade golang.org/x/net library
76aa481 
Fixes CVE-2025-22870 and CVE-2025-22872
@pkossyfas
Update vendor hash
a5ff033
@pkossyfas
Copy link
Contributor Author

pkossyfas commented Jul 9, 2025

Hey @martinbaillie 👋🏼 just pinging you for visibility for approving the workflows to run!
Let me know if there is anything else you need from my side for this PR, happy to contribute on maintaining and keeping up-to-date this really helpful project!

@dekimsey
Copy link
Contributor

dekimsey commented Jul 9, 2025

Hah! I ran into the same problem with the open CVEs, but I ended up taking a bit of a different approach. In particular around the Go version needing to be updated, which also meant updating the nix environment. And created a release pipeline to facilitate builds. Would the project be interested in a PR for those bits?

@martinbaillie
Copy link
Owner

martinbaillie commented Jul 10, 2025

Thanks for the contribution @pkossyfas.

@dekimsey yes would be glad to look at a PR for those bits. I'm traveling at the
moment but should have some time to merge things and cut a release once we're
happy.

@martinbaillie martinbaillie merged commit 1113cab into martinbaillie:master Jul 10, 2025
1 check passed
@pkossyfas pkossyfas deleted the cve-fixes branch July 10, 2025 11:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@martinbaillie martinbaillie martinbaillie approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CVEs to remediate on version 2.2.2

3 participants

@pkossyfas @dekimsey @martinbaillie