Minor & patch version upgrades for go dependencies: github.com/andybalholm/brotli, github.com/aws/aws-lambda-go, github.com/DataDog/sketches-go, github.com/DataDog/datadog-go/v5, github.com/tinylib/msgp, etc... #185
Conversation
![campaigner-staging[bot]](https://avatars.githubusercontent.com/u/365230?s=60&v=4){kind=small}
| go.opentelemetry.io/otel/metric v1.30.1-0.20240913071937-80e18a584123 // indirect | ||
| go.opentelemetry.io/otel/trace v1.30.1-0.20240913071937-80e18a584123 // indirect | ||
| golang.org/x/mod v0.21.0 // indirect | ||
| golang.org/x/net v0.29.1-0.20240906182658-3c333c0c5288 // indirect |
There was a problem hiding this comment.
🔴 Library Vulnerability
golang.org/x/net → 0.29.1-0.20240906182658-3c333c0c5288
View all suggested fixes
| golang.org/x/net v0.29.1-0.20240906182658-3c333c0c5288 // indirect | |
| golang.org/x/net vv0.33.1-0.20250102210120-2124140b044c// indirect |
| golang.org/x/net v0.29.1-0.20240906182658-3c333c0c5288 // indirect | |
| golang.org/x/net vv0.33.0// indirect |
Non-linear parsing of case-insensitive content in golang.org/x/net/html (...read more)
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
| google.golang.org/protobuf v1.33.0 // indirect | ||
| gopkg.in/DataDog/dd-trace-go.v1 v1.65.1 // indirect | ||
| golang.org/x/mod v0.21.0 // indirect | ||
| golang.org/x/net v0.29.1-0.20240906182658-3c333c0c5288 // indirect |
There was a problem hiding this comment.
🔴 Library Vulnerability
golang.org/x/net → 0.29.1-0.20240906182658-3c333c0c5288
View all suggested fixes
| golang.org/x/net v0.29.1-0.20240906182658-3c333c0c5288 // indirect | |
| golang.org/x/net vv0.33.1-0.20250102210120-2124140b044c// indirect |
| golang.org/x/net v0.29.1-0.20240906182658-3c333c0c5288 // indirect | |
| golang.org/x/net vv0.33.0// indirect |
Non-linear parsing of case-insensitive content in golang.org/x/net/html (...read more)
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
| google.golang.org/grpc v1.61.0 // indirect | ||
| google.golang.org/protobuf v1.33.0 // indirect | ||
| golang.org/x/mod v0.21.0 // indirect | ||
| golang.org/x/net v0.29.1-0.20240906182658-3c333c0c5288 // indirect |
There was a problem hiding this comment.
🔴 Library Vulnerability
golang.org/x/net → 0.29.1-0.20240906182658-3c333c0c5288
View all suggested fixes
| golang.org/x/net v0.29.1-0.20240906182658-3c333c0c5288 // indirect | |
| golang.org/x/net vv0.33.1-0.20250102210120-2124140b044c// indirect |
| golang.org/x/net v0.29.1-0.20240906182658-3c333c0c5288 // indirect | |
| golang.org/x/net vv0.33.0// indirect |
Non-linear parsing of case-insensitive content in golang.org/x/net/html (...read more)
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
For go dependency updates, please checkout this branch and run
go mod tidyand any other repo-specific commands that need to be run after editinggo.modfiles (commit and push your changes to this branch after doing so).The dependencies that have been updated are as follows:
• github.com/andybalholm/brotli (to version v1.1.1-0.20240729165604-57434b509141)
• github.com/aws/aws-lambda-go (to version v1.46.1-0.20240416201810-90a3af70ddf8)
• github.com/DataDog/sketches-go (to version v1.4.7-0.20240802104016-7546f8f95179)
• github.com/DataDog/datadog-go/v5 (to version v5.5.1-0.20240822164813-20af2dbfabbb)
• github.com/tinylib/msgp (to version v1.2.1)
• github.com/mitchellh/mapstructure (to version v1.5.1-0.20230418172516-63cde0dfe248)
• github.com/aws/smithy-go (to version v1.20.4)
• golang.org/x/mod (to version v0.21.0)
• github.com/hashicorp/go-secure-stdlib/parseutil (to version v0.1.9-0.20240903214937-914d7625fe0f)
• github.com/DataDog/go-libddwaf/v3 (to version v3.4.0)
• github.com/aws/aws-sdk-go-v2/service/sso (to version v1.22.8-0.20240906182417-827d25db0048)
• github.com/aws/aws-sdk-go-v2/service/kms (to version v1.35.8-0.20240913182458-171151bb0fd1)
• github.com/aws/aws-sdk-go-v2/credentials (to version v1.17.33-0.20240912182535-1b644bfdcae8)
• github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 (to version v2.6.18-0.20240913182458-171151bb0fd1)
• gopkg.in/DataDog/dd-trace-go.v1 (to version v1.68.0-rc.2)
• github.com/klauspost/compress (to version v1.17.8-0.20240404110913-657dc16a9a66)
• github.com/aws/aws-sdk-go-v2/internal/ini (to version v1.8.2-0.20240913182458-171151bb0fd1)
• github.com/hashicorp/go-sockaddr (to version v1.0.7-0.20240718200401-8187f9b97d0d)
• github.com/aws/aws-xray-sdk-go (to version v1.8.5-0.20240715031132-eaa92cef11b1)
• github.com/aws/aws-sdk-go-v2/config (to version v1.27.34-0.20240913182458-171151bb0fd1)
• github.com/aws/aws-sdk-go-v2/internal/configsources (to version v1.3.18-0.20240913182458-171151bb0fd1)
• github.com/go-logr/stdr (to version v1.2.3-0.20220714215701-1fa2ed3fdf83)
• github.com/google/uuid (to version v1.6.1-0.20240806143717-0e97ed3b5379)
• github.com/aws/aws-sdk-go-v2 (to version v1.30.6-0.20240913182458-171151bb0fd1)
• github.com/ebitengine/purego (to version v0.8.0-alpha.5.0.20240903150804-6580f25cf0bb)
• github.com/hashicorp/go-secure-stdlib/strutil (to version v0.1.3-0.20240903214937-914d7625fe0f)
• github.com/valyala/bytebufferpool (to version v1.0.1-0.20201104193830-18533face0df)
• github.com/DataDog/go-sqllexer (to version v0.0.15-0.20240906194926-cbc90c6bc0a4)
• golang.org/x/net (to version v0.29.1-0.20240906182658-3c333c0c5288)
• github.com/pkg/errors (to version v0.9.2-0.20201214064552-5dd12d0cfe7f)
• golang.org/x/time (to version v0.6.0)
• github.com/aws/aws-sdk-go-v2/service/sts (to version v1.30.8-0.20240913182458-171151bb0fd1)
• github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding (to version v1.11.5-0.20240913182458-171151bb0fd1)
• github.com/go-logr/logr (to version v1.4.3-0.20240902060449-275154abd02f)
• golang.org/x/xerrors (to version v0.0.0-20240903120638-7835f813f4da)
• golang.org/x/sys (to version v0.25.1-0.20240909193319-d58f986c8984)
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds (to version v1.16.14-0.20240913182458-171151bb0fd1)
• github.com/aws/aws-sdk-go-v2/service/internal/presigned-url (to version v1.11.20-0.20240913182458-171151bb0fd1)
• golang.org/x/text (to version v0.18.1-0.20240911022905-38a95c2d4a4b)
• google.golang.org/protobuf (to version v1.34.3-0.20240906163944-03df6c145d96)
• google.golang.org/genproto/googleapis/rpc (to version v0.0.0-20240903143218-8af14fe29dc1)
• github.com/aws/aws-sdk-go-v2/service/ssooidc (to version v1.26.8-0.20240913182458-171151bb0fd1)
• github.com/aws/aws-sdk-go (to version v1.55.6-0.20240912145455-7112c0a0c2d0)
• go.opentelemetry.io/otel/trace (to version v1.30.1-0.20240913071937-80e18a584123)
• github.com/DataDog/datadog-agent/pkg/obfuscate (to version v0.59.0-devel.0.20240913161137-39cd38632c79)
• github.com/valyala/fasthttp (to version v1.55.1-0.20240910180552-65e989e8b8bc)
• go.opentelemetry.io/otel (to version v1.30.1-0.20240913071937-80e18a584123)
• github.com/DataDog/datadog-agent/pkg/remoteconfig/state (to version v0.59.0-devel.0.20240914012957-10d974e4d276)
• go.opentelemetry.io/otel/metric (to version v1.30.1-0.20240913071937-80e18a584123)
• google.golang.org/grpc (to version v1.68.0-dev.0.20240913164237-31ffeeeb001c)
• github.com/stretchr/testify (to version v1.9.1-0.20240613125739-84619f5c3cc3)
• golang.org/x/tools (to version v0.25.1-0.20240913183314-91d4bdb347ba)
See additional information about this pull request.
---------- Additional Campaigner Information ----------
Atlas RunID: 18658e9f-2c71-4cbc-a704-d5d5b65c6de8