certigo
certigo copied to clipboard
Bump github.com/zmap/zlint/v3 from 3.3.1 to 3.5.0
Bumps github.com/zmap/zlint/v3 from 3.3.1 to 3.5.0.
Release notes
Sourced from github.com/zmap/zlint/v3's releases.
v3.5.0
ZLint v3.5.0
The ZMap team is happy to share ZLint v3.5.0.
Thank you to everyone who contributes to ZLint!
Breaking Changes:
No breaking changes were made in this release.
New Features:
New infrastructure has been added that supports linting Certificate Revocation Lists.
A special thank you to Amir Omidi for their work on this contribution!
New Lints:
e_crl_has_next_update
Conforming CRL issuers MUST include the nextUpdate field in all CRLs.Bug Fixes:
- Changed
e_cert_unique_identifier_version_not_2_or_3
to apply to all certificates, effectively changin aN/A
result to aPASS
result.- Changed several unit tests that asserted on string messages, resulting in brittle tests.
Security Updates
- Patch for security vulnerability CVE-2021-38561 (CVSS 7.5)
- Patch for security vulnerability CVE-2021-33194 (CVSS 7.5)
- Patch for security vulnerability CVE-2022-32149 (CVSS 7.5)
- Patch for security vulnerability CVE-2022-27664 (CVSS 7.5)
- Patch for security vulnerability CVE-2021-43565 (CVSS 7.5)
- Patch for security vulnerability CVE-2022-27191 (CVSS 7.5)
- Patch for security vulnerability CVE-2022-29526 (CVSS 5.3)
- Patch for security vulnerability CVE-2021-31525 (CVSS 5.9)
- Patch for security vulnerability CVE-2022-41723 (CVSS "low")
- Patch for security vulnerability CVE-2022-27664 (CVSS 7.5)
Changelog
- 45e8dff Update README.md (#719)
- af90382 Enable accepting a PEM encoded CRL via the command line interface (#721)
- 1d8591c Remove references in comments to Initialize() method of lints (#718)
- 2438596 Always perform e_cert_unique_identifier_version_not_2_or_3 (#711)
- a5c869f Update copyright text to 2023 (#716)
- 997ad51 Add CRL linting infrastructure (#699)
- 64ae4e5 build(deps): bump golang.org/x/net in /v3/cmd/genTestCerts (#704)
- 68901ea build(deps): bump golang.org/x/net in /v3 (#702)
- 5ed8e34 asserting human readable strings is error prone (#707)
- c7740fa build(deps): bump golang.org/x/text in /v3/cmd/genTestCerts (#701)
- a476724 Upgrading golangci-lint to v1.51.2 (#705)
- 46f7185 build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8 in /v3 (#700)
- 8a9f61e test.ReadTestCert breaks for downstream consumers dependent on the previous relative certificate path building behavior (#695)
- 6292ca4 Adding support for linting profiles (#595)
- c627333 util: gtld_map autopull updates for 2022-10-10T19:22:35 UTC (#694)
... (truncated)
Commits
45e8dff
Update README.md (#719)af90382
Enable accepting a PEM encoded CRL via the command line interface (#721)1d8591c
Remove references in comments to Initialize() method of lints (#718)2438596
Always perform e_cert_unique_identifier_version_not_2_or_3 (#711)a5c869f
Update copyright text to 2023 (#716)997ad51
Add CRL linting infrastructure (#699)64ae4e5
build(deps): bump golang.org/x/net in /v3/cmd/genTestCerts (#704)68901ea
build(deps): bump golang.org/x/net in /v3 (#702)5ed8e34
asserting human readable strings is error prone (#707)c7740fa
build(deps): bump golang.org/x/text in /v3/cmd/genTestCerts (#701)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)