mirror of
https://github.com/status-im/consul.git
synced 2025-01-20 18:50:04 +00:00
86b0818c1f
security: upgrade vault/api to remove go-jose.v2 This dependency has an open vulnerability (GO-2024-2631), and is no longer needed by the latest `vault/api`. This is a follow-up to the upgrade of `go-jose/v3` in this repository to make all our dependencies consolidate on v3. Also remove the recently added security scan triage block for GO-2024-2631, which was added due to incorrect reports that `go-jose/v3@3.0.3` was impacted; in reality, is was this indirect client dependency (not impacted by CVE) that the scanner was flagging. A bug report has been filed to address the incorrect reporting.
14 lines
335 B
Modula-2
14 lines
335 B
Modula-2
module test-sds-server
|
|
|
|
go 1.16
|
|
|
|
require (
|
|
github.com/envoyproxy/go-control-plane v0.12.0
|
|
github.com/fatih/color v1.16.0 // indirect
|
|
github.com/hashicorp/consul v1.18.1
|
|
github.com/hashicorp/consul/sdk v0.16.0 // indirect
|
|
github.com/hashicorp/go-hclog v1.5.0
|
|
golang.org/x/net v0.24.0 // indirect
|
|
google.golang.org/grpc v1.58.3
|
|
)
|