Closed SatisfactoryModdingBot closed 2 months ago
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 18.95%. Comparing base (
c226688
) to head (d9723fd
).
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
This PR contains the following updates:
v1.64.0
->v1.64.1
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go
GHSA-xr7q-jx4m-x55m / GO-2024-2978
More information
#### Details ##### Impact This issue represents a potential PII concern. If applications were printing or logging a context containing gRPC metadata, the affected versions will contain all the metadata, which may include private information. ##### Patches The issue first appeared in 1.64.0 and is patched in 1.64.1 and 1.65.0 ##### Workarounds If using an affected version and upgrading is not possible, ensuring you do not log or print contexts will avoid the problem. #### Severity Low #### References - [https://github.com/grpc/grpc-go/security/advisories/GHSA-xr7q-jx4m-x55m](https://togithub.com/grpc/grpc-go/security/advisories/GHSA-xr7q-jx4m-x55m) - [https://github.com/grpc/grpc-go/commit/ab292411ddc0f3b7a7786754d1fe05264c3021eb](https://togithub.com/grpc/grpc-go/commit/ab292411ddc0f3b7a7786754d1fe05264c3021eb) - [https://github.com/grpc/grpc-go](https://togithub.com/grpc/grpc-go) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-xr7q-jx4m-x55m) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).Private tokens could appear in logs if context containing gRPC metadata is logged in google.golang.org/grpc
GHSA-xr7q-jx4m-x55m / GO-2024-2978
More information
#### Details If applications print or log a context containing gRPC metadata, the output will contain all the metadata, which may include private information. This represents a potential PII concern. #### Severity Unknown #### References - [https://github.com/grpc/grpc-go/security/advisories/GHSA-xr7q-jx4m-x55m](https://togithub.com/grpc/grpc-go/security/advisories/GHSA-xr7q-jx4m-x55m) - [https://github.com/grpc/grpc-go/commit/ab292411ddc0f3b7a7786754d1fe05264c3021eb](https://togithub.com/grpc/grpc-go/commit/ab292411ddc0f3b7a7786754d1fe05264c3021eb) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2024-2978) and the [Go Vulnerability Database](https://togithub.com/golang/vulndb) ([CC-BY 4.0](https://togithub.com/golang/vulndb#license)).Release Notes
grpc/grpc-go (google.golang.org/grpc)
### [`v1.64.1`](https://togithub.com/grpc/grpc-go/releases/tag/v1.64.1): Release 1.64.1 [Compare Source](https://togithub.com/grpc/grpc-go/compare/v1.64.0...v1.64.1) ### Dependencies - Update x/net/http2 to address [CVE-2023-45288](https://nvd.nist.gov/vuln/detail/CVE-2023-45288) ([#7352](https://togithub.com/grpc/grpc-go/issues/7352)) - metadata: remove String method from MD to make printing consistent ([#7374](https://togithub.com/grpc/grpc-go/issues/7374))Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.