Merging to release-5.7: [TT-13485] update dependencies with vulnerabilities reported (#6711)

buger commented 6 days ago

User description

TT-13485 update dependencies with vulnerabilities reported (#6711)

User description

Summary	Run CVE scan for v5.7.0
Type	Sub-task
Status	In Code Review
Points	N/A
Labels	-

Description

Update dependencies to fix reported vulnerabilities

Motivation and Context

How This Has Been Tested

Screenshots (if appropriate)

Types of changes

[ ] Bug fix (non-breaking change which fixes an issue)
[ ] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to change)
[ ] Refactoring or add test (improvements in base code or adds test coverage to functionality)

Checklist

[ ] I ensured that the documentation is up to date
[ ] I explained why this PR updates go.mod in detail with reasoning why it's required
[ ] I would like a code coverage CI quality gate exception and have explained why

PR Type

enhancement, dependencies

Description

Updated several Go module dependencies to address vulnerabilities and ensure compatibility with the latest versions.
Specifically updated github.com/golang-jwt/jwt/v4 to v4.5.1, github.com/hashicorp/consul/api to v1.30.0, and github.com/hashicorp/vault/api to v1.16.0 in go.mod.
Updated go.sum to include new checksums for the updated dependencies.

Changes walkthrough 📝

Relevant files

Dependencies

go.mod `Update Go module dependencies to latest versions` go.mod Updated `github.com/golang-jwt/jwt/v4` from v4.5.0 to v4.5.1. Updated `github.com/hashicorp/consul/api` from v1.29.4 to v1.30.0. Updated `github.com/hashicorp/vault/api` from v1.15.0 to v1.16.0.	+3/-3
go.sum `Update Go sum file with new dependency checksums` go.sum Added checksums for `github.com/golang-jwt/jwt/v4` version v4.5.1. Added checksums for `github.com/hashicorp/consul/api` version v1.30.0.	+4/-0

💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

PR Type

Enhancement, Dependencies

Description

Updated several Go module dependencies to address vulnerabilities and ensure compatibility with the latest versions.
Specifically updated github.com/golang-jwt/jwt/v4 to v4.5.1, github.com/hashicorp/consul/api to v1.30.0, and github.com/hashicorp/vault/api to v1.16.0 in go.mod.
Updated go.sum to include new checksums for the updated dependencies.

Changes walkthrough 📝

Relevant files

Dependencies

go.mod `Update Go module dependencies to latest versions` go.mod Updated `github.com/golang-jwt/jwt/v4` from v4.5.0 to v4.5.1. Updated `github.com/hashicorp/consul/api` from v1.29.4 to v1.30.0. Updated `github.com/hashicorp/vault/api` from v1.15.0 to v1.16.0.	+2/-2
go.sum `Update Go sum file with new dependency checksums` go.sum Added checksums for `github.com/golang-jwt/jwt/v4` version v4.5.1. Added checksums for `github.com/hashicorp/consul/api` version v1.30.0.	+4/-6

💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

github-actions[bot] commented 6 days ago

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

**🎫 Ticket compliance analysis ✅** **[6711](https://github.com/TykTechnologies/tyk/issues/6711) - Fully compliant** Fully compliant requirements: - Update dependencies to fix reported vulnerabilities - Ensure compatibility with the latest versions

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ No major issues detected

github-actions[bot] commented 6 days ago

PR Code Suggestions ✨

No code suggestions found for the PR.

github-actions[bot] commented 6 days ago

API Changes

no api changes detected

sonarcloud[bot] commented 6 days ago

Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud

TykTechnologies / tyk