chore(deps): security update (#11975)

Scan output: Before update: | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | SOURCE | |-------------------------------------|------|-----------|------------------------------|---------|--------| | https://osv.dev/GHSA-29wx-vh33-7x7r | 3.1 | Go | github.com/golang-jwt/jwt/v4 | 4.5.0 | go.mod | | https://osv.dev/GHSA-jw44-4f3j-q396 | | Go | helm.sh/helm/v3 | 3.14.2 | go.mod | |-------------------------------------|------|-----------|------------------------------|---------|--------| | Uncalled vulnerabilities | | | | | | |-------------------------------------|------|-----------|------------------------------|---------|--------| | https://osv.dev/GO-2022-0646 | | Go | github.com/aws/aws-sdk-go | 1.49.6 | go.mod | After update: | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | SOURCE | |-------------------------------------|------|-----------|---------------------------|---------|--------| | https://osv.dev/GHSA-jw44-4f3j-q396 | | Go | helm.sh/helm/v3 | 3.14.2 | go.mod | |-------------------------------------|------|-----------|---------------------------|---------|--------| | Uncalled vulnerabilities | | | | | | |-------------------------------------|------|-----------|---------------------------|---------|--------| | https://osv.dev/GO-2022-0646 | | Go | github.com/aws/aws-sdk-go | 1.49.6 | go.mod | If a package is showing up in the scan but the script is not trying to update it then it might be because there is no fixed version yet. Signed-off-by: kumahq[bot] <110050114+kumahq[bot]@users.noreply.github.com> Co-authored-by: kumahq[bot] <110050114+kumahq[bot]@users.noreply.github.com>
kumahq · Nov 5, 2024 · a889d98 · a889d98
1 parent b94be66
commit a889d98
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/go.mod b/go.mod
@@ -20,7 +20,7 @@ require (
 	github.com/go-logr/logr v1.4.1
 	github.com/go-logr/zapr v1.3.0
 	github.com/goburrow/cache v0.1.4
-	github.com/golang-jwt/jwt/v4 v4.5.0
+	github.com/golang-jwt/jwt/v4 v4.5.1
 	github.com/golang-migrate/migrate/v4 v4.17.0
 	github.com/golang/protobuf v1.5.4
 	github.com/google/go-cmp v0.6.0

diff --git a/go.sum b/go.sum
@@ -157,8 +157,8 @@ github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
-github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo=
+github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-migrate/migrate/v4 v4.17.0 h1:rd40H3QXU0AA4IoLllFcEAEo9dYKRHYND2gB4p7xcaU=
 github.com/golang-migrate/migrate/v4 v4.17.0/go.mod h1:+Cp2mtLP4/aXDTKb9wmXYitdrNx2HGs45rbWAo6OsKM=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=