consul/.release
Michael Zalimeni 86b0818c1f
[NET-8601] security: upgrade vault/api to remove go-jose.v2 (#20910)
security: upgrade vault/api to remove go-jose.v2

This dependency has an open vulnerability (GO-2024-2631), and is no
longer needed by the latest `vault/api`. This is a follow-up to the
upgrade of `go-jose/v3` in this repository to make all our dependencies
consolidate on v3.

Also remove the recently added security scan triage block for
GO-2024-2631, which was added due to incorrect reports that
`go-jose/v3@3.0.3` was impacted; in reality, is was this indirect
client dependency (not impacted by CVE) that the scanner was flagging. A
bug report has been filed to address the incorrect reporting.
2024-05-04 00:18:51 +00:00
..
docker [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
linux [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
ci.hcl [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
release-metadata.hcl [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
security-scan.hcl [NET-8601] security: upgrade vault/api to remove go-jose.v2 (#20910) 2024-05-04 00:18:51 +00:00