search

uniget-org / tools

Tool definitions for uniget
https://tools.uniget.dev
MIT License
3 stars 3 forks source link

chore(deps): update dependency minio/mc to v2024-07-03t20-17-25z #5699

Closed uniget-bot closed 3 months ago

uniget-bot commented 3 months ago

This PR contains the following updates:

Package Update Change
minio/mc patch 2024-06-29T19-08-46Z -> 2024-07-03T20-17-25Z

[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

minio/mc (minio/mc) ### [`v2024-07-03T20-17-25Z`](https://togithub.com/minio/mc/releases/tag/RELEASE.2024-07-03T20-17-25Z): Bugfix Release [Compare Source](https://togithub.com/minio/mc/compare/RELEASE.2024-06-29T19-08-46Z...RELEASE.2024-07-03T20-17-25Z) #### What's Changed - heal: Add hidden --pool and --set to heal a particular ES by [@​vadmeste](https://togithub.com/vadmeste) in [https://github.com/minio/mc/pull/4971](https://togithub.com/minio/mc/pull/4971) - Use new batch status api `/status-job` by [@​shtripat](https://togithub.com/shtripat) in [https://github.com/minio/mc/pull/4930](https://togithub.com/minio/mc/pull/4930) - Simplify go.mod by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/minio/mc/pull/4977](https://togithub.com/minio/mc/pull/4977) - Add ability to update tier credentials for Azure service principal ac… by [@​marktheunissen](https://togithub.com/marktheunissen) in [https://github.com/minio/mc/pull/4975](https://togithub.com/minio/mc/pull/4975) - honor bucket-key S3 feature by [@​harshavardhana](https://togithub.com/harshavardhana) in [https://github.com/minio/mc/pull/4976](https://togithub.com/minio/mc/pull/4976) #### New Contributors - [@​marktheunissen](https://togithub.com/marktheunissen) made their first contribution in [https://github.com/minio/mc/pull/4975](https://togithub.com/minio/mc/pull/4975) **Full Changelog**: https://github.com/minio/mc/compare/RELEASE.2024-06-29T19-08-46Z...RELEASE.2024-07-03T20-17-25Z

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Renovate Bot.

github-actions[bot] commented 3 months ago

:mag: Vulnerabilities of ghcr.io/uniget-org/tools/mc:2024-07-03T20-17-25Z

:package: Image Reference ghcr.io/uniget-org/tools/mc:2024-07-03T20-17-25Z
digestsha256:9a18f06b940f203638186149f0293b1dc3a5f17727b36f08e6827b389011b1ca
vulnerabilitiescritical: 0 high: 1 medium: 0 low: 0
platformlinux/amd64
size9.9 MB
packages97
critical: 0 high: 1 medium: 0 low: 0 github.com/lestrrat-go/jwx 1.2.29 (golang) pkg:golang/github.com/lestrrat-go/jwx@1.2.29
high 7.5: CVE--2024--21664 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range>=1.0.8
Fixed versionNot Fixed
CVSS Score7.5
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Calling `jws.Parse` with a JSON serialized payload where the `signature` field is present while `protected` is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS a system doing JWS verification. This vulnerability has been patched in version 2.0.19.
github-actions[bot] commented 3 months ago

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/9797582950.

github-actions[bot] commented 3 months ago

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/9797582950.