search

sourcegraph / src-cli

Sourcegraph CLI
https://sourcegraph.com
Apache License 2.0
267 stars 57 forks source link

Update go.mod to fix several vulnerabilities #1057

Closed willdollman closed 5 months ago

willdollman commented 5 months ago

Updated three go modules to patch two high-severities vulns: CVE-2023-39325, and GHSA-m425-mq94-257g.

Commands run are in the commit messages.

https://github.com/sourcegraph/security/issues/1133

Test plan

BolajiOlajide commented 5 months ago

@willdollman I think we need to backport this to 5.3 also. The branch cut has happened. I thought this was in the mono repo, never mind.

cc @keegancsmith who is the captain for the 5.3 release.

keegancsmith commented 5 months ago

zoekt also uses grpc so I created a PR for that (net was already up to date) https://github.com/sourcegraph/zoekt/pull/736