search

aws / aws-xray-daemon

The AWS X-Ray daemon listens for traffic on UDP port 2000, gathers raw segment data, and relays it to the AWS X-Ray API.
Apache License 2.0
190 stars 69 forks source link

Address CVEs by bumping Go and dependency versions #205

Closed jj22ee closed 1 year ago

jj22ee commented 1 year ago

Issue #, if available: CVEs present, mostly from old Golang version:

CVE-2023-24540
CVE-2023-29404
CVE-2023-29402
CVE-2023-29405
CVE-2023-24539
CVE-2023-29403
CVE-2023-29400
CVE-2023-3978   <- Due to golang.org/x/net/html (<v0.13.0)
CVE-2023-29409
CVE-2023-29406

Description of changes: Upgrade to latest golang version. Upgrade dependency:

go get -u golang.org/x/net
go mod tidy

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

jj22ee commented 1 year ago

@carolabadeer I'll make the update in a separate PR

atshaw43 commented 1 year ago

LGTM