build(deps): bump github.com/hashicorp/consul/sdk from 0.8.0 to 0.13.0 #171

dependabot · 2022-11-22T10:42:41Z

Bumps github.com/hashicorp/consul/sdk from 0.8.0 to 0.13.0.

Changelog

Sourced from github.com/hashicorp/consul/sdk's changelog.

1.14.1 (November 21, 2022)

BUG FIXES:

cli: Fix issue where consul connect envoy incorrectly uses the HTTPS API configuration for xDS connections. [GH-15466]

sdk: Fix SDK testutil backwards compatibility by only configuring grpc_tls port for new Consul versions. [GH-15423]

1.14.0 (November 15, 2022)

KNOWN ISSUES:

cli: consul connect envoy incorrectly enables TLS for gRPC connections when the HTTP API is TLS-enabled.

BREAKING CHANGES:

config: Add new ports.grpc_tls configuration option. Introduce a new port to better separate TLS config from the existing ports.grpc config. The new ports.grpc_tls only supports TLS encrypted communication. The existing ports.grpc now only supports plain-text communication. [GH-15339]

config: update 1.14 config defaults: Enable peering and connect by default. [GH-15302]

config: update 1.14 config defaults: Set gRPC TLS port default value to 8503 [GH-15302]

connect: Removes support for Envoy 1.20 [GH-15093]

peering: Rename PeerName to Peer on prepared queries and exported services. [GH-14854]

xds: Convert service mesh failover to use Envoy's aggregate clusters. This changes the names of some Envoy dynamic HTTP metrics. [GH-14178]

SECURITY:

Ensure that data imported from peers is filtered by ACLs at the UI Nodes/Services endpoints CVE-2022-3920 [GH-15356]

FEATURES:

DNS-proxy support via gRPC request. [GH-14811]

cli: Add -node-name flag to redirect-traffic command to support running in environments without client agents. [GH-14933]

cli: Add -consul-dns-port flag to the consul connect redirect-traffic command to allow forwarding DNS traffic to a specific Consul DNS port. [GH-15050]

connect: Add Envoy connection balancing configuration fields. [GH-14616]

grpc: Added metrics for external gRPC server. Added server_type=internal|external label to gRPC metrics. [GH-14922]

http: Add new get-or-empty operation to the txn api. Refer to the API docs for more information. [GH-14474]

peering: Add mesh gateway local mode support for cluster peering. [GH-14817]

peering: Add support for stale queries for trust bundle lookups [GH-14724]

peering: Add support to failover to services running on cluster peers. [GH-14396]

peering: Add support to redirect to services running on cluster peers with service resolvers. [GH-14445]

peering: Ensure un-exported services get deleted even if the un-export happens while cluster peering replication is down. [GH-14797]

peering: add support for routine peering control-plane traffic through mesh gateways [GH-14981]

sdk: Configure iptables to forward DNS traffic to a specific DNS port. [GH-15050]

telemetry: emit memberlist size metrics and broadcast queue depth metric. [GH-14873]

ui: Added support for central config merging [GH-14604]

ui: Create peerings detail page [GH-14947]

ui: Detect a TokenSecretID cookie and passthrough to localStorage [GH-14495]

ui: Display notice banner on nodes index page if synthetic nodes are being filtered. [GH-14971]

... (truncated)

Commits

e297e3e Revert "Detect Vault 1.11+ import, update default issuer (#15253) (#15437)"
5ce0132 Backport of Add -grpc-ca-file and -grpc-ca-path CLI info on upgrade notes. in...
c914ac1 backport of commit ee266d8f27aeb3a8c8e015a944a374a7d456351e (#15493)
47adbeb backport of commit 8220f7845ac51fcc35a2e68d059ce1aaa8e2e937 (#15491)
6fa93d3 backport of commit 8220f7845ac51fcc35a2e68d059ce1aaa8e2e937 (#15489)
263a95d Backport of docs: formatting release notes into release/1.14.x (#15486)
287d7a1 Backport of docs: Core 1.14 and K8s 1.0 release notes into release/1.14.x (#...
184574f backport of commit 42990fc94bc288fb7c5ca52dca48a5c737d13efc (#15480)
5028fa4 Backport of docs(peering): peering GA ACL updates into release/1.14.x (#15476)
d394053 Backport of Add Consul 1.14.0 known issue. into release/1.14.x (#15472)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/hashicorp/consul/sdk](https://github.com/hashicorp/consul) from 0.8.0 to 0.13.0. - [Release notes](https://github.com/hashicorp/consul/releases) - [Changelog](https://github.com/hashicorp/consul/blob/main/CHANGELOG.md) - [Commits](hashicorp/consul@v0.8.0...sdk/v0.13.0) --- updated-dependencies: - dependency-name: github.com/hashicorp/consul/sdk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2022-11-22T10:42:42Z

The following labels could not be found: theme/dependencies.

guardrails · 2022-11-22T10:47:19Z

⚠️ We detected 158 security issues in this pull request:

Vulnerable Libraries (158)

Severity	Details
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190312061237-fead79001313 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20160726164857-2910a502d2bf (t) upgrade to: 0.3.8
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190801041406-cbf593c0f2f3 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/github.com/dgrijalva/[email protected][email protected]+incompatible (t) - no patch available
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20200602114024-627f9648deb9 (t) - no patch available
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20201224014010-6772e930b67b (t) - no patch available
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20180530234432-1e491301e022 (t) upgrade to: 1.16.12,1.17.5,0.0.0-20211209124913-491a49abca63
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20201110031124-69a78807bb2b (t) - no patch available
Medium	pkg:golang/github.com/opencontainers/[email protected]@v1.0.1 (t) - no patch available
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190412213103-97732733099d (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/github.com/hashicorp/vault/[email protected]@v0.1.13 (t) - no patch available
Medium	pkg:golang/k8s.io/[email protected]@v1.13.0 (t) - no patch available
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190502175342-a43fa875dd82 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
Medium	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190418165655-df01cb2cc480 (t) - no patch available
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20180811021610-c39426892332 (t) - no patch available
High	pkg:golang/github.com/go-ldap/ldap/[email protected]@v3.1.3 (t) - no patch available
High	pkg:golang/github.com/go-ldap/ldap/[email protected]@v3.1.10 (t) - no patch available
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190501004415-9ce7a6920f09 (t) - no patch available
Medium	pkg:golang/github.com/containerd/[email protected]@v1.3.0-beta.2.0.20190828155532-0293cbd26c69 (t) upgrade to: 1.4.8,1.5.4
Critical	pkg:golang/github.com/emicklei/[email protected]@v0.0.0-20170410110728-ff4f55a20633 (t) upgrade to: 2.16.0,3.8.0
N/A	pkg:golang/golang.org/x/[email protected]@v0.3.1-0.20180807135948-17ff2d5776d2 (t) upgrade to: 0.3.8
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20181114220301-adae6a3d119a (t) - no patch available
Medium	pkg:golang/github.com/yuin/[email protected]@v1.1.27 (t) - no patch available
Medium	pkg:golang/golang.org/x/[email protected]@v0.0.0-20191106202628-ed6320f186d4 (t) - no patch available
High	pkg:golang/gopkg.in/[email protected] @v3.0.0-20200313102051-9f266ea9e77c (t) upgrade to: 3.0.0
N/A	pkg:golang/github.com/docker/[email protected]@v1.4.2-0.20200319182547-c7ad2b866182 (t) upgrade to: 1.6.1
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20191005200804-aed5e4c7ecf9 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20180906233101-161cd47e91fd (t) - no patch available
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20180724234803-3673e40ba225 (t) - no patch available
Low	pkg:golang/github.com/aws/[email protected]@v1.15.78 (t) - no patch available
Medium	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190211182817-74369b46fc67 (t) - no patch available
Medium	pkg:golang/golang.org/x/[email protected]@v0.0.0-20201002170205-7f63de1d35b0 (t) - no patch available
High	pkg:golang/github.com/hashicorp/consul/[email protected]@v0.4.0 (t) - no patch available
Medium	pkg:golang/github.com/containerd/[email protected]@v1.3.4 (t) upgrade to: 1.4.8,1.5.4
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20200422194213-44a606286825 (t) upgrade to: 0.0.0-20220314234659-1baeb1ce4c0b
N/A	pkg:golang/github.com/hashicorp/consul/[email protected]@v1.4.0 (t) - no patch available
High	pkg:golang/github.com/prometheus/[email protected]@v0.9.1 (t) upgrade to: 1.11.1
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20191115151921-52ab43148777 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
Medium	pkg:golang/golang.org/x/[email protected]@v0.0.0-20200604202706-70a84ac30bf9 (t) - no patch available
Medium	pkg:golang/golang.org/x/[email protected]@v0.0.0-20180904163835-0709b304e793 (t) - no patch available
Medium	pkg:golang/github.com/hashicorp/[email protected] @v1.5.4 (t) upgrade to: 1.5.11
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190603091049-60506f45cf65 (t) - no patch available
High	pkg:golang/github.com/opencontainers/[email protected] @v1.0.0-rc93 (t) upgrade to: 1.0.0-rc95
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190108225652-1e06a53dbb7e (t) - no patch available
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20200622213623-75b288015ac9 (t) - no patch available
Medium	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190605123033-f99c8df09eb5 (t) - no patch available
Medium	pkg:golang/github.com/hashicorp/[email protected]@v1.5.4 (t) upgrade to: 1.5.11
N/A	pkg:golang/golang.org/x/[email protected] @v0.0.0-20201224014010-6772e930b67b (t) upgrade to: 1.15.12,1.16.4,0.0.0-20210428140749-89ef3d95e781
Low	pkg:golang/github.com/opencontainers/[email protected] @v1.0.1 (t) upgrade to: 1.0.2
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190502145724-3ef323f4f1fd (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
Medium	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190308221718-c2843e01d9a2 (t) - no patch available
High	pkg:golang/github.com/dgrijalva/[email protected]+incompatible @v3.2.0+incompatible (t) upgrade to: 4.0.0-preview1
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190523142557-0e01d883c5c5 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20170114055629-f2499483f923 (t) upgrade to: 0.0.0-20180921000356-2f5d2388922f
Medium	pkg:golang/github.com/hashicorp/consul/[email protected]@v0.8.0 (t) - no patch available
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190209173611-3b5209105503 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20200323222414-85ca7c5b95cd (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/gopkg.in/[email protected]@v2.2.5 (t) - no patch available
High	pkg:golang/gopkg.in/[email protected]@v2.2.1 (t) - no patch available
High	pkg:golang/gopkg.in/[email protected]@v2.2.8 (t) - no patch available
Medium	pkg:golang/golang.org/x/[email protected]@v0.0.0-20200220183623-bac4c82f6975 (t) - no patch available
N/A	pkg:golang/github.com/hashicorp/[email protected] @v0.25.2 (t) upgrade to: 0.27.3,0.28.3,0.29.2
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20200202094626-16171245cfb2 (t) - no patch available
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20180905080454-ebe1bf3edb33 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190813141303-74dc4d7220e7 (t) - no patch available
Medium	pkg:golang/golang.org/x/[email protected]@v0.0.0-20171113213409-9f005a07e0d3 (t) - no patch available
N/A	pkg:golang/github.com/docker/[email protected]@v1.4.2-0.20191101170500-ac7306503d23 (t) upgrade to: 1.6.1
N/A	pkg:golang/k8s.io/[email protected]@v0.0.0-20190223001710-c182ff3b9841 (t) upgrade to: 0.0.0-20190927203648-9ce6eca90e73
Medium	pkg:golang/golang.org/x/[email protected]@v0.0.0-20200820211705-5c72a883971a (t) - no patch available
High	pkg:golang/golang.org/x/[email protected]@v0.3.2 (t) upgrade to: 0.3.3
Low	pkg:golang/github.com/docker/[email protected]+incompatible @v2.7.1+incompatible (t) upgrade to: 2.8.0
High	pkg:golang/gopkg.in/[email protected]@v2.2.2 (t) - no patch available
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190503192946-f4e77d36d62c (t) - no patch available
N/A	pkg:golang/golang.org/x/[email protected]@v0.3.1-0.20181227161524-e6919f6577db (t) upgrade to: 0.3.3
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20200124204421-9fbb57f87de9 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20201119102817-f84b799fce68 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190613194153-d28f0bde5980 (t) - no patch available
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20191004110552-13f9640d40b9 (t) - no patch available
High	pkg:golang/github.com/hashicorp/vault/[email protected]@v1.0.4 (t) - no patch available
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20180826012351-8a410e7b638d (t) - no patch available
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20200916030750-2334cc1a136f (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20181023162649-9b4f9f5ad519 (t) - no patch available
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20210316164454-77fc1eacc6aa (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
Medium	pkg:golang/github.com/opencontainers/[email protected]@v1.0.0-rc93 (t) upgrade to: 1.1.2
High	pkg:golang/github.com/aws/[email protected]@v1.30.27 (t) - no patch available
High	pkg:golang/github.com/prometheus/[email protected]@v1.0.0 (t) upgrade to: 1.11.1
N/A	pkg:golang/k8s.io/[email protected]@v0.18.2 (t) upgrade to: 0.20.0-alpha.2,1.20.0-alpha.2
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190403152447-81d4e9dc473e (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20200909081042-eff7692f9009 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/gopkg.in/[email protected]@v3.0.0-20200313102051-9f266ea9e77c (t) upgrade to: 3.0.0
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190620200207-3b0461eec859 (t) - no patch available
High	pkg:golang/github.com/prometheus/[email protected]@v1.1.0 (t) upgrade to: 1.11.1
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20200602225109-6fdc65e7d980 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20200122134326-e047566fdf82 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/[email protected] @v0.0.0-20201002170205-7f63de1d35b0 (t) upgrade to: 0.0.0-20201216223049-8b5274cf687f
Medium	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190426145343-a29dc8fdc734 (t) - no patch available
High	pkg:golang/gopkg.in/[email protected]@v2.2.4 (t) - no patch available
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190507160741-ecd444e8653b (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190923162816-aa69164e4478 (t) - no patch available
Critical	pkg:golang/github.com/gogo/[email protected]@v1.2.1 (t) - no patch available
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20201002202402-0a1ea396d57c (t) - no patch available
High	pkg:golang/gopkg.in/[email protected]@v2.3.0 (t) - no patch available
Medium	pkg:golang/golang.org/x/[email protected]@v0.0.0-20191011191535-87dc89f01550 (t) - no patch available
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20181220203305-927f97764cc3 (t) - no patch available
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20180823144017-11551d06cbcc (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190129075346-302c3dd5f1cc (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190924154521-2837fb4f24fe (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/github.com/gorilla/[email protected]@v1.4.1 (t) - no patch available
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190404232315-eb5bcb51f2a3 (t) - no patch available
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190624142023-c5567b49c5d0 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190606203320-7fc4e5ec1444 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/github.com/miekg/[email protected]@v1.0.14 (t) - no patch available
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190922100055-0a153f010e69 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20180830151530-49385e6e1522 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20170830134202-bb24a47a89ea (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190510104115-cbcb75029529 (t) upgrade to: 0.0.0-20200220183623-bac4c82f6975
High	pkg:golang/github.com/containernetworking/[email protected] @v0.7.2-0.20190612152420-dc953e2fd91f (t) upgrade to: 0.8.1
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20191022100944-742c48ecaeb7 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
Critical	pkg:golang/github.com/gogo/[email protected]@v1.3.1 (t) - no patch available
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20200223170610-d5e6a3e2c0ae (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20180909124046-d0be0721c37e (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/github.com/opencontainers/[email protected]@v0.1.1 (t) upgrade to: 1.0.0-rc95
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190606165138-5da285871e9c (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190916202348-b4ddaad3f8a3 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/github.com/aws/[email protected] @v1.38.20 (t) - no patch available
N/A	pkg:golang/github.com/gogo/[email protected]@v1.1.1 (t) upgrade to: 1.3.2
Medium	pkg:golang/golang.org/x/[email protected]@v0.3.5 (t) - no patch available
High	pkg:golang/golang.org/x/[email protected]@v0.3.0 (t) upgrade to: 0.3.3
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20200301022130-244492dfa37a (t) upgrade to: 1.15.12,1.16.4,0.0.0-20210428140749-89ef3d95e781
High	pkg:golang/github.com/prometheus/[email protected]@v0.9.2 (t) upgrade to: 1.11.1
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20200116001909-b77594299b42 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
High	pkg:golang/github.com/coredns/[email protected]@v1.1.2 (t) - no patch available
Medium	pkg:golang/github.com/containerd/[email protected]@v1.3.0 (t) upgrade to: 1.3.9,1.4.3,1.2.0,1.3.9,1.4.3
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20181201002055-351d144fa1fc (t) upgrade to: 1.16.12,1.17.5,0.0.0-20211209124913-491a49abca63
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190213061140-3a22650c66bd (t) - no patch available
High	pkg:golang/github.com/opencontainers/[email protected]@v0.0.0-20190115041553-12f6a991201f (t) upgrade to: 0.1.0
High	pkg:golang/github.com/gogo/[email protected] @v1.3.1 (t) upgrade to: 1.3.2
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20200226121028-0de0cce0169b (t) - no patch available
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20181026203630-95b1ffbd15a5 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190215142949-d0b11bdaac8a (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20181116152217-5ac8a444bdc5 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
Medium	pkg:golang/golang.org/x/[email protected]@v0.0.0-20181029021203-45a5f77698d3 (t) - no patch available
Low	pkg:golang/github.com/containerd/[email protected]@v1.3.2 (t) upgrade to: 1.4.12,1.5.8
Medium	pkg:golang/golang.org/x/[email protected]@v0.3.3 (t) upgrade to: 0.3.7
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20191026070338-33540a1f6037 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
Medium	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190923035154-9ee001bba392 (t) - no patch available
High	pkg:golang/github.com/hashicorp/[email protected]@v1.7.8 (t) - no patch available
N/A	pkg:golang/github.com/prometheus/[email protected] @v1.4.0 (t) upgrade to: 1.11.1
High	pkg:golang/github.com/aws/[email protected]@v1.25.41 (t) - no patch available
High	pkg:golang/github.com/hashicorp/[email protected] @v1.7.8 (t) upgrade to: 1.10.1
High	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190311183353-d8887717615a (t) - no patch available
Medium	pkg:golang/github.com/containerd/[email protected] @v1.3.4 (t) upgrade to: 1.3.9,1.4.3,1.2.0,1.3.9,1.4.3
Low	pkg:golang/github.com/aws/[email protected]@v1.25.37 (t) - no patch available
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190422165155-953cdadca894 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/[email protected] @v0.3.5 (t) upgrade to: 0.3.8
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190222072716-a9d3bda3a223 (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20190514135907-3a4b5fb9f71f (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad
N/A	pkg:golang/golang.org/x/[email protected]@v0.0.0-20191008105621-543471e840be (t) upgrade to: 1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad

More info on how to fix Vulnerable Libraries in Go.

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

secure-code-warrior-for-github · 2022-11-22T10:47:22Z

Micro-Learning Topic: Vulnerable library (Detected by phrase)

Matched on "Vulnerable Libraries"

What is this? (2min video)

Use of vulnerable components will introduce weaknesses into the application. Components with published vulnerabilities will allow easy exploitation as resources will often be available to automate the process.

Try a challenge in Secure Code Warrior

dependabot bot mentioned this pull request Nov 22, 2022

build(deps): bump github.com/hashicorp/consul/sdk from 0.8.0 to 0.12.0 #169

Closed

ekmixon mentioned this pull request Jul 5, 2023

[Snyk] Security upgrade next-mdx-remote from 3.0.1 to 4.0.0 #202

Open

ekmixon mentioned this pull request Nov 28, 2023

[Snyk] Fix for 4 vulnerabilities #210

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump github.com/hashicorp/consul/sdk from 0.8.0 to 0.13.0 #171

build(deps): bump github.com/hashicorp/consul/sdk from 0.8.0 to 0.13.0 #171

dependabot bot commented on behalf of github Nov 22, 2022

dependabot bot commented on behalf of github Nov 22, 2022

guardrails bot commented Nov 22, 2022

secure-code-warrior-for-github bot commented Nov 22, 2022

build(deps): bump github.com/hashicorp/consul/sdk from 0.8.0 to 0.13.0 #171

Are you sure you want to change the base?

build(deps): bump github.com/hashicorp/consul/sdk from 0.8.0 to 0.13.0 #171

Conversation

dependabot bot commented on behalf of github Nov 22, 2022

1.14.1 (November 21, 2022)

1.14.0 (November 15, 2022)

dependabot bot commented on behalf of github Nov 22, 2022

guardrails bot commented Nov 22, 2022

secure-code-warrior-for-github bot commented Nov 22, 2022

Micro-Learning Topic: Vulnerable library (Detected by phrase)

Matched on "Vulnerable Libraries"

Try a challenge in Secure Code Warrior