envconsul icon indicating copy to clipboard operation
envconsul copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

chore: update dependencies

Open reneleonhardt opened this issue 1 year ago • 4 comments

Fixes CVE-2023-39325

How is this repo being managed, is it scanned daily by trivy? Dependabot offered the fix 3 weeks ago, can you release a new Docker build?

reneleonhardt avatar Nov 01 '23 10:11 reneleonhardt

CLA assistant check
All committers have signed the CLA.

hashicorp-cla avatar Nov 01 '23 10:11 hashicorp-cla

Dependabot also reported this #344

marrws avatar Nov 13 '23 14:11 marrws

Thank you for merging Dependabot, can you release a new version and build Docker images so downstream users can update?

reneleonhardt avatar Nov 16 '23 07:11 reneleonhardt

Your build seems a bit strange, Dependabot sees go.mod 1.20 but your ci.yml uses 1.21... and then go test complains about needing go mod tidy, would be easier for everyone if you decide which version you want 😅 Your users still need a new tag and Docker build so they can fix the security bugs in v0.13.2 🙂

reneleonhardt avatar Nov 17 '23 08:11 reneleonhardt