search

alexandear / import-gitlab-commits

Import commits from a private GitLab repository in an anonymized way.
MIT License
161 stars 14 forks source link

Fix vulnerability: GO-2024-2947 #78

Closed alexandear closed 4 months ago

alexandear commented 4 months ago 
Vulnerability #1: GO-2024-2947
    Leak of sensitive information to log files in
    github.com/hashicorp/go-retryablehttp
  More info: https://pkg.go.dev/vuln/GO-2024-2947
  Module: github.com/hashicorp/go-retryablehttp
    Found in: github.com/hashicorp/go-retryablehttp@v0.6.4
    Fixed in: github.com/hashicorp/go-retryablehttp@v0.7.7
    Example traces found:
Error:       #1: internal/gitlab.go:37:51: internal.GitLab.CurrentUser calls gitlab.UsersService.ListEmails, which eventually calls retryablehttp.Client.Do