build(deps): bump github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.7 #2757
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
added
the
dependencies
BenchmarksBenchmark execution time: 2024-07-03 10:59:00 Comparing candidate commit c52aa75 in PR branch Found 0 performance improvements and 0 performance regressions! Performance is the same for 46 metrics, 1 unstable metrics. |
Bumps [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) from 0.7.4 to 0.7.7. - [Changelog](https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md) - [Commits](hashicorp/go-retryablehttp@v0.7.4...v0.7.7) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-retryablehttp dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/go_modules/github.com/hashicorp/go-retryablehttp-0.7.7
branch
from
c85a7d0
to
14ae408
Compare
…o-retryablehttp-0.7.7
…o-retryablehttp-0.7.7
…o-retryablehttp-0.7.7
|
For the record: I've looked into this and I don't think our library is affected by this. We get this dependency through our hashicorp/vault integration. Our integration only provides a traced HTTP client for use by the Vault client and doesn't call into any of the Vault client APIs that would reach the vulnerable code (see the fix). A user would only possibly be vulnerable if they were already using the Vault client--that is, our library doesn't introduce any new paths to the vulnerable code. It doesn't seem harmful to do this upgrade, so I'm not opposed to merging this, but FWIW I don't think it's strictly necessary. |
…o-retryablehttp-0.7.7
nsrip-dd
deleted the
dependabot/go_modules/github.com/hashicorp/go-retryablehttp-0.7.7
branch
Bumps github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.7.
Changelog
Sourced from github.com/hashicorp/go-retryablehttp's changelog.
Commits
1542b31v0.7.7defb9f4v0.7.7a99f07bMerge pull request #158 from dany74q/danny/redacted-url-in-logs8a28c57Merge branch 'main' into danny/redacted-url-in-logs86e852dMerge pull request #227 from hashicorp/dependabot/github_actions/actions/chec...47fe99eBump actions/checkout from 4.1.5 to 4.1.6490fc06Merge pull request #226 from testwill/ioutilf3e9417chore: remove refs to deprecated io/ioutild969eaaMerge pull request #225 from hashicorp/manicminer-patch-22ad8ed4v0.7.6Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.