xmidt-org / svalinn

The shield to protect our users from incoming events. Part of codex.
Apache License 2.0
1 stars 7 forks source link

chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.19.0 #183

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 4 months ago

Bumps github.com/spf13/viper from 1.13.0 to 1.19.0.

Release notes

Sourced from github.com/spf13/viper's releases.

v1.19.0

What's Changed

Bug Fixes 🐛

Dependency Updates ⬆️

... (truncated)

Commits
  • b9733f0 build(deps): bump actions/checkout from 4.1.4 to 4.1.6
  • 6ecc5c8 build(deps): bump cachix/install-nix-action from 26 to 27
  • 248c6fd build(deps): bump github/codeql-action from 3.25.4 to 3.25.7
  • abea773 Update references to bketelsen/crypt
  • f17acb4 build(deps): bump golangci/golangci-lint-action from 4.0.0 to 6.0.1
  • 8e285a5 build(deps): bump github/codeql-action from 3.25.2 to 3.25.4
  • 4017620 build(deps): bump actions/setup-go from 5.0.0 to 5.0.1
  • b67e814 build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.1 to 2.2.2
  • 4a182c7 build(deps): bump actions/dependency-review-action from 4.2.5 to 4.3.2
  • 45a0e12 build(deps): bump mheap/github-action-required-labels
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
guardrails[bot] commented 4 months ago

:warning: We detected 20 security issues in this pull request:

Vulnerable Libraries (20)
Severity | Details :-: | :-- Medium | [pkg:golang/k8s.io/apimachinery@v0.0.0-20190223001710-c182ff3b9841](https://github.com/xmidt-org/svalinn/blob/eba9ce609200942e78dfcf1e7df14887cb13cf02/go.sum#L1795) upgrade to: *0.16.13,0.17.9,0.18.7,1.16.13,1.17.9,1.18.7* N/A | [pkg:golang/github.com/nats-io/nats-server/v2@v2.5.0](https://github.com/xmidt-org/svalinn/blob/eba9ce609200942e78dfcf1e7df14887cb13cf02/go.sum#L718) upgrade to: *2.9.23,2.10.2* Medium | [pkg:golang/golang.org/x/net@v0.0.0-20220822230855-b0a4917ee28c](https://github.com/xmidt-org/svalinn/blob/eba9ce609200942e78dfcf1e7df14887cb13cf02/go.sum#L1298) upgrade to: *1.28.0,0.17.0,1.58.3,1.57.1,1.56.3,11.0.0-M12,10.1.14,9.0.81,8.5.94,11.0.0-M12,10.1.14,9.0.81,8.5.94* High | [pkg:golang/go.etcd.io/etcd@v0.0.0-20191023171146-3cf2f69b5738](https://github.com/xmidt-org/svalinn/blob/eba9ce609200942e78dfcf1e7df14887cb13cf02/go.sum#L1061) upgrade to: *3.4.10,3.3.23* Medium | [pkg:golang/google.golang.org/grpc@v1.46.2](https://github.com/xmidt-org/svalinn/blob/eba9ce609200942e78dfcf1e7df14887cb13cf02/go.sum#L1718) upgrade to: *1.28.0,0.17.0,1.58.3,1.57.1,1.56.3,11.0.0-M12,10.1.14,9.0.81,8.5.94,11.0.0-M12,10.1.14,9.0.81,8.5.94* Medium | [pkg:golang/github.com/coredns/coredns@v1.1.2](https://github.com/xmidt-org/svalinn/blob/eba9ce609200942e78dfcf1e7df14887cb13cf02/go.sum#L192) upgrade to: *1.11.2* Medium | [pkg:golang/github.com/lestrrat-go/jwx@v0.9.2](https://github.com/xmidt-org/svalinn/blob/eba9ce609200942e78dfcf1e7df14887cb13cf02/go.sum#L632) upgrade to: *1.2.27,2.0.18* Medium | [pkg:golang/golang.org/x/crypto@v0.0.0-20220824171710-5757bc0c5503](https://github.com/xmidt-org/svalinn/blob/eba9ce609200942e78dfcf1e7df14887cb13cf02/go.sum#L1191) upgrade to: *0.40.2,0.17.0,3.4.0* High | [pkg:golang/github.com/nats-io/jwt/v2@v2.0.3](https://github.com/xmidt-org/svalinn/blob/eba9ce609200942e78dfcf1e7df14887cb13cf02/go.sum#L716) upgrade to: *2.0.1,2.2.0,1.2.3-0.20210314221642-a826c77dc9d2* Medium | [pkg:golang/github.com/hashicorp/consul@v1.7.0](https://github.com/xmidt-org/svalinn/blob/eba9ce609200942e78dfcf1e7df14887cb13cf02/go.sum#L462) upgrade to: *1.6.10,1.7.10,1.8.6* Medium | [pkg:golang/golang.org/x/image@v0.0.0-20190802002840-cff245a6509b](https://github.com/xmidt-org/svalinn/blob/eba9ce609200942e78dfcf1e7df14887cb13cf02/go.sum#L1207) upgrade to: *0.10.0* N/A | [pkg:golang/gopkg.in/square/go-jose.v2@v2.3.1](https://github.com/xmidt-org/svalinn/blob/eba9ce609200942e78dfcf1e7df14887cb13cf02/go.sum#L1764) upgrade to: *4.0.1,3.0.3,2.6.3* Medium | [pkg:golang/github.com/aws/aws-sdk-go@v1.44.83](https://github.com/xmidt-org/svalinn/blob/eba9ce609200942e78dfcf1e7df14887cb13cf02/go.sum#L130) - **no patch available** High | [pkg:golang/github.com/nats-io/jwt@v1.2.2](https://github.com/xmidt-org/svalinn/blob/eba9ce609200942e78dfcf1e7df14887cb13cf02/go.sum#L715) upgrade to: *2.0.1,2.2.0,1.2.3-0.20210314221642-a826c77dc9d2* Medium | [pkg:golang/github.com/lestrrat-go/jwx/v2@v2.0.6](https://github.com/xmidt-org/svalinn/blob/eba9ce609200942e78dfcf1e7df14887cb13cf02/go.sum#L635) upgrade to: *1.2.27,2.0.18* High | [pkg:golang/golang.org/x/text@v0.3.7](https://github.com/xmidt-org/svalinn/blob/eba9ce609200942e78dfcf1e7df14887cb13cf02/go.sum#L1458) upgrade to: *0.3.8* High | [pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux@v0.34.0](https://github.com/xmidt-org/svalinn/blob/eba9ce609200942e78dfcf1e7df14887cb13cf02/go.sum#L1081) upgrade to: *0.44.0,0.44.0,0.44.0,0.44.0,0.44.0,0.44.0,0.44.0* High | [pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.34.0](https://github.com/xmidt-org/svalinn/blob/eba9ce609200942e78dfcf1e7df14887cb13cf02/go.sum#L1083) upgrade to: *0.44.0,0.44.0,0.44.0,0.44.0,0.44.0,0.44.0,0.44.0* N/A | [pkg:golang/google.golang.org/protobuf@v1.28.1](https://github.com/xmidt-org/svalinn/blob/eba9ce609200942e78dfcf1e7df14887cb13cf02/go.sum#L1735) upgrade to: *1.33.0,1.33.0,1.33.0* High | [pkg:golang/github.com/dgrijalva/jwt-go@v3.2.0+incompatible](https://github.com/xmidt-org/svalinn/blob/eba9ce609200942e78dfcf1e7df14887cb13cf02/go.sum#L216) - **no patch available** More info on how to fix Vulnerable Libraries in [Go](https://docs.guardrails.io/docs/en/vulnerabilities/go/using_vulnerable_libraries.html?utm_source=ghpr).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

guardrails[bot] commented 4 months ago

:warning: We detected 20 security issues in this pull request:

Vulnerable Libraries (20)
Severity | Details :-: | :-- Medium | [pkg:golang/k8s.io/apimachinery@v0.0.0-20190223001710-c182ff3b9841](https://github.com/xmidt-org/svalinn/blob/aa56674db28d151daf2b5afba06b3a977a0a39cf/go.sum#L1795) upgrade to: *0.16.13,0.17.9,0.18.7,1.16.13,1.17.9,1.18.7* N/A | [pkg:golang/github.com/nats-io/nats-server/v2@v2.5.0](https://github.com/xmidt-org/svalinn/blob/aa56674db28d151daf2b5afba06b3a977a0a39cf/go.sum#L718) upgrade to: *2.9.23,2.10.2* Medium | [pkg:golang/golang.org/x/net@v0.0.0-20220822230855-b0a4917ee28c](https://github.com/xmidt-org/svalinn/blob/aa56674db28d151daf2b5afba06b3a977a0a39cf/go.sum#L1298) upgrade to: *1.28.0,0.17.0,1.58.3,1.57.1,1.56.3,11.0.0-M12,10.1.14,9.0.81,8.5.94,11.0.0-M12,10.1.14,9.0.81,8.5.94* High | [pkg:golang/go.etcd.io/etcd@v0.0.0-20191023171146-3cf2f69b5738](https://github.com/xmidt-org/svalinn/blob/aa56674db28d151daf2b5afba06b3a977a0a39cf/go.sum#L1061) upgrade to: *3.4.10,3.3.23* Medium | [pkg:golang/google.golang.org/grpc@v1.46.2](https://github.com/xmidt-org/svalinn/blob/aa56674db28d151daf2b5afba06b3a977a0a39cf/go.sum#L1718) upgrade to: *1.28.0,0.17.0,1.58.3,1.57.1,1.56.3,11.0.0-M12,10.1.14,9.0.81,8.5.94,11.0.0-M12,10.1.14,9.0.81,8.5.94* Medium | [pkg:golang/github.com/coredns/coredns@v1.1.2](https://github.com/xmidt-org/svalinn/blob/aa56674db28d151daf2b5afba06b3a977a0a39cf/go.sum#L192) upgrade to: *1.11.2* Medium | [pkg:golang/github.com/lestrrat-go/jwx@v0.9.2](https://github.com/xmidt-org/svalinn/blob/aa56674db28d151daf2b5afba06b3a977a0a39cf/go.sum#L632) upgrade to: *1.2.27,2.0.18* Medium | [pkg:golang/golang.org/x/crypto@v0.0.0-20220824171710-5757bc0c5503](https://github.com/xmidt-org/svalinn/blob/aa56674db28d151daf2b5afba06b3a977a0a39cf/go.sum#L1191) upgrade to: *0.40.2,0.17.0,3.4.0* High | [pkg:golang/github.com/nats-io/jwt/v2@v2.0.3](https://github.com/xmidt-org/svalinn/blob/aa56674db28d151daf2b5afba06b3a977a0a39cf/go.sum#L716) upgrade to: *2.0.1,2.2.0,1.2.3-0.20210314221642-a826c77dc9d2* Medium | [pkg:golang/github.com/hashicorp/consul@v1.7.0](https://github.com/xmidt-org/svalinn/blob/aa56674db28d151daf2b5afba06b3a977a0a39cf/go.sum#L462) upgrade to: *1.6.10,1.7.10,1.8.6* Medium | [pkg:golang/golang.org/x/image@v0.0.0-20190802002840-cff245a6509b](https://github.com/xmidt-org/svalinn/blob/aa56674db28d151daf2b5afba06b3a977a0a39cf/go.sum#L1207) upgrade to: *0.10.0* N/A | [pkg:golang/gopkg.in/square/go-jose.v2@v2.3.1](https://github.com/xmidt-org/svalinn/blob/aa56674db28d151daf2b5afba06b3a977a0a39cf/go.sum#L1764) upgrade to: *4.0.1,3.0.3,2.6.3* Medium | [pkg:golang/github.com/aws/aws-sdk-go@v1.44.83](https://github.com/xmidt-org/svalinn/blob/aa56674db28d151daf2b5afba06b3a977a0a39cf/go.sum#L130) - **no patch available** High | [pkg:golang/github.com/nats-io/jwt@v1.2.2](https://github.com/xmidt-org/svalinn/blob/aa56674db28d151daf2b5afba06b3a977a0a39cf/go.sum#L715) upgrade to: *2.0.1,2.2.0,1.2.3-0.20210314221642-a826c77dc9d2* Medium | [pkg:golang/github.com/lestrrat-go/jwx/v2@v2.0.6](https://github.com/xmidt-org/svalinn/blob/aa56674db28d151daf2b5afba06b3a977a0a39cf/go.sum#L635) upgrade to: *1.2.27,2.0.18* High | [pkg:golang/golang.org/x/text@v0.3.7](https://github.com/xmidt-org/svalinn/blob/aa56674db28d151daf2b5afba06b3a977a0a39cf/go.sum#L1458) upgrade to: *0.3.8* High | [pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux@v0.34.0](https://github.com/xmidt-org/svalinn/blob/aa56674db28d151daf2b5afba06b3a977a0a39cf/go.sum#L1081) upgrade to: *0.44.0,0.44.0,0.44.0,0.44.0,0.44.0,0.44.0,0.44.0* High | [pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.34.0](https://github.com/xmidt-org/svalinn/blob/aa56674db28d151daf2b5afba06b3a977a0a39cf/go.sum#L1083) upgrade to: *0.44.0,0.44.0,0.44.0,0.44.0,0.44.0,0.44.0,0.44.0* N/A | [pkg:golang/google.golang.org/protobuf@v1.28.1](https://github.com/xmidt-org/svalinn/blob/aa56674db28d151daf2b5afba06b3a977a0a39cf/go.sum#L1735) upgrade to: *1.33.0,1.33.0,1.33.0* High | [pkg:golang/github.com/dgrijalva/jwt-go@v3.2.0+incompatible](https://github.com/xmidt-org/svalinn/blob/aa56674db28d151daf2b5afba06b3a977a0a39cf/go.sum#L216) - **no patch available** More info on how to fix Vulnerable Libraries in [Go](https://docs.guardrails.io/docs/en/vulnerabilities/go/using_vulnerable_libraries.html?utm_source=ghpr).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.