mynaparrot / plugNmeet-server

WebRTC based Scalable, High Performance, Open source web conferencing system using Livekit.
https://www.plugnmeet.org
MIT License
303 stars 73 forks source link

fix(deps): update module github.com/go-jose/go-jose/v3 to v3.0.1 - autoclosed #373

Closed renovate[bot] closed 12 months ago

renovate[bot] commented 12 months ago

Mend Renovate

This PR contains the following updates:

Package Type Update Change
github.com/go-jose/go-jose/v3 require patch v3.0.0 -> v3.0.1

Release Notes

go-jose/go-jose (github.com/go-jose/go-jose/v3) ### [`v3.0.1`](https://togithub.com/go-jose/go-jose/blob/HEAD/CHANGELOG.md#v301) [Compare Source](https://togithub.com/go-jose/go-jose/compare/v3.0.0...v3.0.1) Fixed: - Security issue: an attacker specifying a large "p2c" value can cause JSONWebEncryption.Decrypt and JSONWebEncryption.DecryptMulti to consume large amounts of CPU, causing a DoS. Thanks to Matt Schwager ([@​mschwager](https://togithub.com/mschwager)) for the disclosure and to Tom Tervoort for originally publishing the category of attack. https://i.blackhat.com/BH-US-23/Presentations/US-23-Tervoort-Three-New-Attacks-Against-JSON-Web-Tokens.pdf

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR has been generated by Mend Renovate. View repository job log here.