renovate[bot]
commented
3 months ago Renovate Ignore Notification
Because you closed this PR without merging, Renovate will ignore this update (v1.64.1). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.
If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.
This PR contains the following updates:
v1.64.0->v1.64.1GitHub Vulnerability Alerts
GHSA-xr7q-jx4m-x55m
Impact
This issue represents a potential PII concern. If applications were printing or logging a context containing gRPC metadata, the affected versions will contain all the metadata, which may include private information.
Patches
The issue first appeared in 1.64.0 and is patched in 1.64.1 and 1.65.0
Workarounds
If using an affected version and upgrading is not possible, ensuring you do not log or print contexts will avoid the problem.
Release Notes
grpc/grpc-go (google.golang.org/grpc)
### [`v1.64.1`](https://togithub.com/grpc/grpc-go/releases/tag/v1.64.1): Release 1.64.1 [Compare Source](https://togithub.com/grpc/grpc-go/compare/v1.64.0...v1.64.1) ### Dependencies - Update x/net/http2 to address [CVE-2023-45288](https://nvd.nist.gov/vuln/detail/CVE-2023-45288) ([#7352](https://togithub.com/grpc/grpc-go/issues/7352)) - metadata: remove String method from MD to make printing consistent ([#7374](https://togithub.com/grpc/grpc-go/issues/7374))Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.