search

hashicorp / packer

Packer is a tool for creating identical machine images for multiple platforms from a single source configuration.
http://www.packer.io
Other
14.98k stars 3.33k forks source link

Bump github.com/hashicorp/go-retryablehttp to address CVE-2024-6104 #13081

Closed nywilken closed 4 days ago

nywilken commented 4 days ago

Before change

~>  govulncheck ./...
=== Symbol Results ===

Vulnerability #1: GO-2024-2947
    Leak of sensitive information to log files in
    github.com/hashicorp/go-retryablehttp
  More info: https://pkg.go.dev/vuln/GO-2024-2947
  Module: github.com/hashicorp/go-retryablehttp
    Found in: github.com/hashicorp/go-retryablehttp@v0.7.6
    Fixed in: github.com/hashicorp/go-retryablehttp@v0.7.7
    Example traces found:
      #1: hcl2template/function/vault.go:30:30: function.init calls template.Vault, which eventually calls retryablehttp.Client.Do

Your code is affected by 1 vulnerability from 1 module.

After Change

~>  govulncheck ./...
No vulnerabilities found.

Closes #13079