search

uniget-org / tools

Tool definitions for uniget
https://tools.uniget.dev
MIT License
2 stars 3 forks source link

chore(deps): update dependency minio/minio to v2024-07-04t14-25-45z #5700

Closed uniget-bot closed 6 days ago

uniget-bot commented 6 days ago

This PR contains the following updates:

Package Update Change
minio/minio patch 2024-06-29T01-20-47Z -> 2024-07-04T14-25-45Z

[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

minio/minio (minio/minio) ### [`v2024-07-04T14-25-45Z`](https://togithub.com/minio/minio/releases/tag/RELEASE.2024-07-04T14-25-45Z): Bugfix Release [Compare Source](https://togithub.com/minio/minio/compare/RELEASE.2024-06-29T01-20-47Z...RELEASE.2024-07-04T14-25-45Z) #### What's Changed - fix: warning for decommissioned pool while start by [@​jiuker](https://togithub.com/jiuker) in [https://github.com/minio/minio/pull/20019](https://togithub.com/minio/minio/pull/20019) - Letting password enable auth bypass caPublicKey (only if passauth is … by [@​zveinn](https://togithub.com/zveinn) in [https://github.com/minio/minio/pull/20022](https://togithub.com/minio/minio/pull/20022) - heal: Add support of healing particular pool/set by [@​vadmeste](https://togithub.com/vadmeste) in [https://github.com/minio/minio/pull/20024](https://togithub.com/minio/minio/pull/20024) - Add batch status API by [@​vadmeste](https://togithub.com/vadmeste) in [https://github.com/minio/minio/pull/19679](https://togithub.com/minio/minio/pull/19679) - tests: Fix setting max openfds as memory limit by [@​vadmeste](https://togithub.com/vadmeste) in [https://github.com/minio/minio/pull/20029](https://togithub.com/minio/minio/pull/20029) - Fix SkipReader performance with small initial read by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/minio/minio/pull/20030](https://togithub.com/minio/minio/pull/20030) - info: Always refresh the root disk status by [@​vadmeste](https://togithub.com/vadmeste) in [https://github.com/minio/minio/pull/20023](https://togithub.com/minio/minio/pull/20023) - do not proxy invalid object names by [@​harshavardhana](https://togithub.com/harshavardhana) in [https://github.com/minio/minio/pull/20031](https://togithub.com/minio/minio/pull/20031) - resume any batch jobs in a goroutine by [@​harshavardhana](https://togithub.com/harshavardhana) in [https://github.com/minio/minio/pull/20035](https://togithub.com/minio/minio/pull/20035) - Tier update: return a better error when incorrect credentials or other error encountered by [@​marktheunissen](https://togithub.com/marktheunissen) in [https://github.com/minio/minio/pull/20034](https://togithub.com/minio/minio/pull/20034) - Remove license update job by [@​anjalshireesh](https://togithub.com/anjalshireesh) in [https://github.com/minio/minio/pull/20037](https://togithub.com/minio/minio/pull/20037) - Log ILM failed object name by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/minio/minio/pull/20040](https://togithub.com/minio/minio/pull/20040) #### New Contributors - [@​marktheunissen](https://togithub.com/marktheunissen) made their first contribution in [https://github.com/minio/minio/pull/20034](https://togithub.com/minio/minio/pull/20034) **Full Changelog**: https://github.com/minio/minio/compare/RELEASE.2024-06-29T01-20-47Z...RELEASE.2024-07-04T14-25-45Z

Configuration

πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Renovate Bot.

github-actions[bot] commented 6 days ago

:mag: Vulnerabilities of ghcr.io/uniget-org/tools/minio:2024-07-04T14-25-45Z

:package: Image Reference ghcr.io/uniget-org/tools/minio:2024-07-04T14-25-45Z
digestsha256:48c33d77fec01fdb54ca78c3a262669e01300c5358863b86622474c6d364a227
vulnerabilitiescritical: 0 high: 1 medium: 0 low: 0
platformlinux/amd64
size37 MB
packages237
critical: 0 high: 1 medium: 0 low: 0 github.com/lestrrat-go/jwx 1.2.29 (golang) pkg:golang/github.com/lestrrat-go/jwx@1.2.29
high 7.5: CVE--2024--21664 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Affected range>=1.0.8
Fixed versionNot Fixed
CVSS Score7.5
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Calling `jws.Parse` with a JSON serialized payload where the `signature` field is present while `protected` is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS a system doing JWS verification. This vulnerability has been patched in version 2.0.19.
github-actions[bot] commented 6 days ago

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/9797585873.

github-actions[bot] commented 6 days ago

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/9797585873.