Merging to release-5.7: [TT-13485] update dependencies with vulnerabilities reported (#6711) #6713
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### **User description** <details open> <summary><a href="https://tyktech.atlassian.net/browse/TT-13485" title="TT-13485" target="_blank">TT-13485</a></summary> <br /> <table> <tr> <th>Summary</th> <td>Run CVE scan for v5.7.0</td> </tr> <tr> <th>Type</th> <td> <img alt="Sub-task" src="https://tyktech.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10316?size=medium" /> Sub-task </td> </tr> <tr> <th>Status</th> <td>In Code Review</td> </tr> <tr> <th>Points</th> <td>N/A</td> </tr> <tr> <th>Labels</th> <td>-</td> </tr> </table> </details> <!-- do not remove this marker as it will break jira-lint's functionality. added_by_jira_lint --> --- <!-- Provide a general summary of your changes in the Title above --> ## Description Update dependencies to fix reported vulnerabilities ## Related Issue https://tyktech.atlassian.net/browse/TT-13485 ## Motivation and Context <!-- Why is this change required? What problem does it solve? --> ## How This Has Been Tested <!-- Please describe in detail how you tested your changes --> <!-- Include details of your testing environment, and the tests --> <!-- you ran to see how your change affects other areas of the code, etc. --> <!-- This information is helpful for reviewers and QA. --> ## Screenshots (if appropriate) ## Types of changes <!-- What types of changes does your code introduce? Put an `x` in all the boxes that apply: --> - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] Refactoring or add test (improvements in base code or adds test coverage to functionality) ## Checklist <!-- Go over all the following points, and put an `x` in all the boxes that apply --> <!-- If there are no documentation updates required, mark the item as checked. --> <!-- Raise up any additional concerns not covered by the checklist. --> - [ ] I ensured that the documentation is up to date - [ ] I explained why this PR updates go.mod in detail with reasoning why it's required - [ ] I would like a code coverage CI quality gate exception and have explained why ___ ### **PR Type** enhancement, dependencies ___ ### **Description** - Updated several Go module dependencies to address vulnerabilities and ensure compatibility with the latest versions. - Specifically updated `github.com/golang-jwt/jwt/v4` to v4.5.1, `github.com/hashicorp/consul/api` to v1.30.0, and `github.com/hashicorp/vault/api` to v1.16.0 in `go.mod`. - Updated `go.sum` to include new checksums for the updated dependencies. ___ ### **Changes walkthrough** 📝 <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Dependencies</strong></td><td><table> <tr> <td> <details> <summary><strong>go.mod</strong><dd><code>Update Go module dependencies to latest versions</code> </dd></summary> <hr> go.mod <li>Updated <code>github.com/golang-jwt/jwt/v4</code> from v4.5.0 to v4.5.1.<br> <li> Updated <code>github.com/hashicorp/consul/api</code> from v1.29.4 to v1.30.0.<br> <li> Updated <code>github.com/hashicorp/vault/api</code> from v1.15.0 to v1.16.0.<br> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6711/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6">+3/-3</a> </td> </tr> <tr> <td> <details> <summary><strong>go.sum</strong><dd><code>Update Go sum file with new dependency checksums</code> </dd></summary> <hr> go.sum <li>Added checksums for <code>github.com/golang-jwt/jwt/v4</code> version v4.5.1.<br> <li> Added checksums for <code>github.com/hashicorp/consul/api</code> version v1.30.0.<br> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6711/files#diff-3295df7234525439d778f1b282d146a4f1ff6b415248aaac074e8042d9f42d63">+4/-0</a> </td> </tr> </table></td></tr></tr></tbody></table> ___ > 💡 **PR-Agent usage**: Comment `/help "your question"` on any pull request to receive relevant information (cherry picked from commit cb62825)
PR Reviewer Guide 🔍Here are some key observations to aid the review process:
|
PR Code Suggestions ✨No code suggestions found for the PR. |
|
API Changes no api changes detected |
|
jeffy-mathew
deleted the
merge/release-5.7/cb628251afc86eca531a0f44109f3cd643aab1f2
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
User description
TT-13485 update dependencies with vulnerabilities reported (#6711)
User description
TT-13485
Description
Update dependencies to fix reported vulnerabilities
Related Issue
https://tyktech.atlassian.net/browse/TT-13485
Motivation and Context
How This Has Been Tested
Screenshots (if appropriate)
Types of changes
functionality to change)
coverage to functionality)
Checklist
why it's required
explained why
PR Type
enhancement, dependencies
Description
ensure compatibility with the latest versions.
github.com/golang-jwt/jwt/v4to v4.5.1,github.com/hashicorp/consul/apito v1.30.0, andgithub.com/hashicorp/vault/apito v1.16.0 ingo.mod.go.sumto include new checksums for the updateddependencies.
Changes walkthrough 📝
go.mod
Update Go module dependencies to latest versionsgo.mod
github.com/golang-jwt/jwt/v4from v4.5.0 to v4.5.1.github.com/hashicorp/consul/apifrom v1.29.4 to v1.30.0.github.com/hashicorp/vault/apifrom v1.15.0 to v1.16.0.go.sum
Update Go sum file with new dependency checksumsgo.sum
github.com/golang-jwt/jwt/v4version v4.5.1.github.com/hashicorp/consul/apiversion v1.30.0.PR Type
Enhancement, Dependencies
Description
github.com/golang-jwt/jwt/v4to v4.5.1,github.com/hashicorp/consul/apito v1.30.0, andgithub.com/hashicorp/vault/apito v1.16.0 ingo.mod.go.sumto include new checksums for the updated dependencies.Changes walkthrough 📝
go.mod
Update Go module dependencies to latest versionsgo.mod
github.com/golang-jwt/jwt/v4from v4.5.0 to v4.5.1.github.com/hashicorp/consul/apifrom v1.29.4 to v1.30.0.github.com/hashicorp/vault/apifrom v1.15.0 to v1.16.0.go.sum
Update Go sum file with new dependency checksumsgo.sum
github.com/golang-jwt/jwt/v4version v4.5.1.github.com/hashicorp/consul/apiversion v1.30.0.