Add support for Iris' strict handler by jamietanna · Pull Request #1 · oapi-codegen/runtime
jamietanna pushed a commit that referenced this pull request
Jan 3, 2024
Using https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck to validate [the CVE] it notes that: ``` Scanning your code and 340 packages across 57 dependent modules for known vulnerabilities... === Informational === Found 1 vulnerability in packages that you import, but there are no call stacks leading to the use of this vulnerability. You may not need to take any action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck for details. Vulnerability #1: GO-2023-2074 Parser out-of-bounds read vulnerability caused by a malformed markdown input More info: https://pkg.go.dev/vuln/GO-2023-2074 Module: github.com/gomarkdown/markdown Found in: github.com/gomarkdown/markdown@v0.0.0-20230716120725-531d2d74bc12 Fixed in: github.com/gomarkdown/markdown@v0.0.0-20230922105210-14b16010c2ee No vulnerabilities found. Share feedback at https://go.dev/s/govulncheck-feedback. ``` This means that for most users of this package, they are unaffected, but to make sure that we keep this package CVE free, we can update the transitive dependency. We cannot update Iris, which pulls in this dependency, due to it now requiring Go 1.21, and we do not want to require Go 1.21 for consumers. Co-authored-by: Paul Imbert <9633306-pimbert@users.noreply.gitlab.com> Co-authored-by: Jamie Tanna <jamie.tanna@elastic.co> [the CVE]: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOMARKDOWNMARKDOWNPARSER-5916451
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters