renovate[bot]
commented
4 months ago ℹ Artifact update notice
File name: go.mod
In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):
- 1 additional dependency was updated
Details:
| Package | Change |
|---|---|
golang.org/x/net |
v0.25.0 -> v0.26.0 |
This PR contains the following updates:
v1.64.0->v1.64.1GitHub Vulnerability Alerts
GHSA-xr7q-jx4m-x55m
Impact
This issue represents a potential PII concern. If applications were printing or logging a context containing gRPC metadata, the affected versions will contain all the metadata, which may include private information.
Patches
The issue first appeared in 1.64.0 and is patched in 1.64.1 and 1.65.0
Workarounds
If using an affected version and upgrading is not possible, ensuring you do not log or print contexts will avoid the problem.
Release Notes
grpc/grpc-go (google.golang.org/grpc)
### [`v1.64.1`](https://togithub.com/grpc/grpc-go/releases/tag/v1.64.1): Release 1.64.1 [Compare Source](https://togithub.com/grpc/grpc-go/compare/v1.64.0...v1.64.1) ### Dependencies - Update x/net/http2 to address [CVE-2023-45288](https://nvd.nist.gov/vuln/detail/CVE-2023-45288) ([#7352](https://togithub.com/grpc/grpc-go/issues/7352)) - metadata: remove String method from MD to make printing consistent ([#7374](https://togithub.com/grpc/grpc-go/issues/7374))Configuration
📅 Schedule: Branch creation - "" in timezone Asia/Shanghai, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.