Upgraded grpc to 1.63.2 in order to upgrade its version of net/http2 to resolve CVE-2023-39325 and CVE-2023-44487. There is a v1.64.0, but it deprecates an API we currently use in a lot of our tests, and is a very recent release, so I don't see a huge upside to upgrading to that now.
@vcheung-stripe shuf terminal command chose you as a reviewer
Reviewers
r? @stripe/developer-products cc @stripe/developer-products
Summary
Upgraded to go-git v5 to address the vulnerability alerts here: https://github.com/stripe/stripe-cli/security/dependabot
Upgraded grpc to 1.63.2 in order to upgrade its version of net/http2 to resolve CVE-2023-39325 and CVE-2023-44487. There is a v1.64.0, but it deprecates an API we currently use in a lot of our tests, and is a very recent release, so I don't see a huge upside to upgrading to that now.
@vcheung-stripe
shuf
terminal command chose you as a reviewer