search

hashicorp / packer

Packer is a tool for creating identical machine images for multiple platforms from a single source configuration.
http://www.packer.io
Other
14.98k stars 3.33k forks source link

Backport of Bump github.com/hashicorp/go-retryablehttp to address CVE-2024-6104 into release/1.11.x #13084

Closed hc-github-team-packer closed 4 days ago

hc-github-team-packer commented 4 days ago

Backport

This PR is auto-generated from #13081 to be assessed for backporting due to the inclusion of the label backport/1.11.x.

The below text is copied from the body of the original PR.

Before change

~>  govulncheck ./...
=== Symbol Results ===

Vulnerability #1: GO-2024-2947
    Leak of sensitive information to log files in
    github.com/hashicorp/go-retryablehttp
  More info: https://pkg.go.dev/vuln/GO-2024-2947
  Module: github.com/hashicorp/go-retryablehttp
    Found in: github.com/hashicorp/go-retryablehttp@v0.7.6
    Fixed in: github.com/hashicorp/go-retryablehttp@v0.7.7
    Example traces found:
      #1: hcl2template/function/vault.go:30:30: function.init calls template.Vault, which eventually calls retryablehttp.Client.Do

Your code is affected by 1 vulnerability from 1 module.

After Change

~>  govulncheck ./...
No vulnerabilities found.

Closes #13079

Overview of commits - 4197915a849ee50a962fd8131284484ab8404745