Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update AWS SDK to fix the CVE issue with golang.org/x/net-v0.1.0 #150

Closed
wants to merge 1 commit into from
Closed

Update AWS SDK to fix the CVE issue with golang.org/x/net-v0.1.0 #150

wants to merge 1 commit into from

Conversation

jmaitrehenry
Copy link

@jmaitrehenry jmaitrehenry commented Jan 23, 2024
edited
Loading

Description

Update AWS SDK to latest version for updating the transient golang.org/x/net-v0.1.0 package.

Issues Resolved

Close #119

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@jmaitrehenry jmaitrehenry force-pushed the jmaitrehenry/update-aws-sdk branch from 9ddc048 to 6184786 Compare January 23, 2024 15:56
@jmaitrehenry jmaitrehenry force-pushed the jmaitrehenry/update-aws-sdk branch from 6184786 to daabe57 Compare January 23, 2024 16:42
@jmaitrehenry
Copy link
Author

Will not completely fix the project CVE as this PR will add a new vuln, but with a lower score.
I created this issue to discuss about the new CVE added by this PR: #151

@prudhvigodithi
Copy link
Member

Thanks for the contribution @jmaitrehenry, following are security checks failing can you please check?
Screenshot 2024-02-01 at 8 54 02 AM

@jmaitrehenry
Copy link
Author

@prudhvigodithi Actually, the upstream project doesn't have a fix for the CVE.
I created an issue where I purpose to migrate to aws-sdk-go-v2: #151

@prudhvigodithi
Copy link
Member

Thanks @jmaitrehenry, LGTM. Since you are aware of this can you please give a stab to change the code to aws-sdk-go-v2 ?
Thanks
Adding @bbarani @peterzhuamazon @rblcoder

@prudhvigodithi prudhvigodithi mentioned this pull request Feb 12, 2024
Closed
@jmaitrehenry
Copy link
Author

@prudhvigodithi I will check when I will have some time available to do it!

@prudhvigodithi
Copy link
Member

Thanks @jmaitrehenry closing this PR as this is taken care as part of the repo go upgrade to 1.22 #187.
@rblcoder @bbarani

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prudhvigodithi prudhvigodithi prudhvigodithi approved these changes

@peterzhuamazon peterzhuamazon Awaiting requested review from peterzhuamazon peterzhuamazon is a code owner

@jackson-theisen jackson-theisen Awaiting requested review from jackson-theisen jackson-theisen is a code owner

@phillbaker phillbaker Awaiting requested review from phillbaker phillbaker is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

github.com/AWS/AWS-sdk-go-v1.45.24: 3 vulnerabilities (highest severity is: 7.5) - autoclosed
2 participants
@jmaitrehenry @prudhvigodithi