Dependency updates for CVE resolution

envoyproxy / ratelimit

Go/gRPC service designed to enable generic rate limit scenarios from different types of applications.

Apache License 2.0

2.27k stars 442 forks source link

Dependency updates for CVE resolution #623

Closed akkarth closed 2 months ago

akkarth commented 3 months ago

Description

Dependency golang.org/x/net needs to be upgraded to at least to v0.7.0 to handle following CVEs

https://avd.aquasec.com/nvd/cve-2023-39325 https://avd.aquasec.com/nvd/cve-2022-41723 https://avd.aquasec.com/nvd/cve-2022-27664 https://avd.aquasec.com/nvd/cve-2021-33194

github-actions[bot] commented 2 months ago

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.

github-actions[bot] commented 2 months ago

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions.