Merge pull request #43 from Conjur-Enterprise/CVE-2024-45338

Bump golang.org/x/net to v0.33.0 to address CVE-2024-45338
cyberark · Dec 27, 2024 · 6a1ca83 · 6a1ca83
2 parents b653ab9 + 9f31e4b
commit 6a1ca83
Show file tree

Hide file tree

Showing 5 changed files with 106 additions and 82 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Nothing should go in this section, please add to the latest unreleased version
   (and update the corresponding date), or add a new version.
 
+## [1.7.26] - 2024-12-27
+
+### Security
+- Update golang.org/x/net to v0.33.0 to resolve CVE-2024-45338
+
 ## [1.7.25] - 2024-12-16
 
 ### Security
@@ -742,7 +747,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Added
 - The first tagged version.
 
-[Unreleased]: https://github.com/cyberark/secretless-broker/compare/v1.7.24...HEAD
+[Unreleased]: https://github.com/cyberark/secretless-broker/compare/v1.7.26...HEAD
 [0.2.0]: https://github.com/cyberark/secretless-broker/compare/v0.1.0...v0.2.0
 [0.3.0]: https://github.com/cyberark/secretless-broker/compare/v0.2.0...v0.3.0
 [0.4.0]: https://github.com/cyberark/secretless-broker/compare/v0.3.0...v0.4.0
@@ -792,3 +797,5 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 [1.7.22]: https://github.com/cyberark/secretless-broker/compare/v1.7.21...v1.7.22
 [1.7.23]: https://github.com/cyberark/secretless-broker/compare/v1.7.22...v1.7.23
 [1.7.24]: https://github.com/cyberark/secretless-broker/compare/v1.7.23...v1.7.24
+[1.7.25]: https://github.com/cyberark/secretless-broker/compare/v1.7.24...v1.7.25
+[1.7.26]: https://github.com/cyberark/secretless-broker/compare/v1.7.25...v1.7.26
diff --git a/docs/Gemfile b/docs/Gemfile
@@ -37,3 +37,7 @@ gem 'jekyll-redirect-from'
 gem 'kramdown', '>= 2.3.0'
 
 gem 'webrick', '~> 1.7'
+
+gem 'csv'
+gem 'base64'
+gem 'bigdecimal'
diff --git a/docs/Gemfile.lock b/docs/Gemfile.lock
@@ -3,8 +3,11 @@ GEM
   specs:
     addressable (2.8.6)
       public_suffix (>= 2.0.2, < 6.0)
+    base64 (0.2.0)
+    bigdecimal (3.1.9)
     colorator (1.1.0)
     concurrent-ruby (1.2.3)
+    csv (3.3.2)
     em-websocket (0.5.3)
       eventmachine (>= 0.12.9)
       http_parser.rb (~> 0)
@@ -76,6 +79,9 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  base64
+  bigdecimal
+  csv
   jekyll (~> 4.3.3)
   jekyll-feed (~> 0.17)
   jekyll-redirect-from

diff --git a/go.mod b/go.mod
@@ -94,7 +94,7 @@ require (
 	github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
@@ -130,7 +130,7 @@ require (
 	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.7.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.7.0 // indirect
 	go.opentelemetry.io/otel/trace v1.7.0 // indirect
-	golang.org/x/net v0.24.0 // indirect
+	golang.org/x/net v0.33.0 // indirect
 	golang.org/x/oauth2 v0.11.0 // indirect
 	golang.org/x/sys v0.28.0 // indirect
 	golang.org/x/term v0.27.0 // indirect
@@ -235,125 +235,131 @@ replace golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 => golang.org/x/c
 
 replace golang.org/x/crypto v0.0.0-20220214200702-86341886e292 => golang.org/x/crypto v0.2.0
 
-replace golang.org/x/net v0.0.0-20180530234432-1e491301e022 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20180530234432-1e491301e022 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20180724234803-3673e40ba225 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20180724234803-3673e40ba225 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20180826012351-8a410e7b638d => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20180826012351-8a410e7b638d => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20180906233101-161cd47e91fd => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20180906233101-161cd47e91fd => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20181114220301-adae6a3d119a => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20181114220301-adae6a3d119a => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20181201002055-351d144fa1fc => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20181201002055-351d144fa1fc => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20181220203305-927f97764cc3 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20181220203305-927f97764cc3 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20190213061140-3a22650c66bd => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20190213061140-3a22650c66bd => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20190311183353-d8887717615a => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20190311183353-d8887717615a => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20190603091049-60506f45cf65 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20190603091049-60506f45cf65 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20190613194153-d28f0bde5980 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20190613194153-d28f0bde5980 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20190620200207-3b0461eec859 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20190620200207-3b0461eec859 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20190628185345-da137c7871d7 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20190628185345-da137c7871d7 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20190724013045-ca1201d0de80 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20190724013045-ca1201d0de80 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20200202094626-16171245cfb2 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20200202094626-16171245cfb2 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20200222125558-5a598a2470a0 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20200222125558-5a598a2470a0 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20200226121028-0de0cce0169b => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20200226121028-0de0cce0169b => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20200301022130-244492dfa37a => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20200301022130-244492dfa37a => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20200506145744-7e3656a0809f => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20200506145744-7e3656a0809f => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20200513185701-a91f0712d120 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20200513185701-a91f0712d120 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20200625001655-4c5254603344 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20200625001655-4c5254603344 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20200707034311-ab3426394381 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20200707034311-ab3426394381 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20200822124328-c89045814202 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20200822124328-c89045814202 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20201021035429-f5854403a974 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20201021035429-f5854403a974 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20201031054903-ff519b6c9102 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20201031054903-ff519b6c9102 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20201110031124-69a78807bb2b => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20201110031124-69a78807bb2b => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20201209123823-ac852fbbde11 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20201209123823-ac852fbbde11 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20210119194325-5f4716e94777 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20210119194325-5f4716e94777 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20210428140749-89ef3d95e781 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20210428140749-89ef3d95e781 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20210525063256-abc453219eb5 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20210525063256-abc453219eb5 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20210825183410-e898025ed96a => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20210825183410-e898025ed96a => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20211216030914-fe4d6282115f => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20211216030914-fe4d6282115f => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20220225172249-27dd8689420f => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20220225172249-27dd8689420f => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20220722155237-a158d28d115b => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20220722155237-a158d28d115b => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.0.0-20220923203811-8be639271d50 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.0.0-20220923203811-8be639271d50 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.2.0 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.2.0 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.5.0 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.5.0 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.6.0 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.6.0 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.8.0 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.8.0 => golang.org/x/net v0.33.0
 
-replace golang.org/x/net v0.10.0 => golang.org/x/net v0.24.0
+replace golang.org/x/net v0.10.0 => golang.org/x/net v0.33.0
+
+replace golang.org/x/net v0.15.0 => golang.org/x/net v0.33.0
+
+replace golang.org/x/net v0.21.0 => golang.org/x/net v0.33.0
+
+replace golang.org/x/net v0.25.0 => golang.org/x/net v0.33.0
 
 replace golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c => golang.org/x/text v0.3.8