Skip to content

Commit 9b35d8b

Browse files
naphelpsnaphelps
authored
Merge pull request #87 from omordyk/fix_security
Fix vulnerabilities CVE-2025-27144/CVE-2025-22869
2 parents 239ce10 + 8dd935c commit 9b35d8b

File tree

5 files changed

+21
-17
lines changed

5 files changed

+21
-17
lines changed

.github/workflows/build-push.yml

+2-2
Original file line numberDiff line numberDiff line change
@@ -90,10 +90,10 @@ jobs:
9090
path: go/src/github.com/${{ github.repository }}
9191

9292
# Prepare the environment
93-
- name: Set up golang 1.21
93+
- name: Set up golang 1.23
9494
uses: actions/setup-go@v2
9595
with:
96-
go-version: '1.21'
96+
go-version: '1.23'
9797
check-latest: true
9898

9999
# Configure version variables for later steps, stored in our workflow env. variables

CHANGELOG.md

+6
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,12 @@
22

33
All notable changes to this project will be documented in this file.
44

5+
## [1.2.2](https://github.com/open-horizon/vault-plugin-auth-openhorizon/pull/87) - 2025-03-06
6+
- Fixed Vulnerability CVE-2025-27144.
7+
- Fixed Vulnerability CVE-2025-22869.
8+
- go-jose/go-jose/v4 v4.0.1 -> v4.0.5.
9+
- x/crypto v0.31.0 -> v0.35.0.
10+
511
## [1.2.1](https://github.com/open-horizon/vault-plugin-auth-openhorizon/pull/90) - 2025-03-04
612
- Fixed type in module reference.
713

Makefile

+1-1
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ VAULT_PLUGIN_HASH := ""
1010

1111
EXECUTABLE := vault-plugin-auth-openhorizon
1212
DOCKER_INAME ?= openhorizon/$(arch)_vault
13-
VERSION ?= 1.2.1
13+
VERSION ?= 1.2.2
1414
DEV_VERSION ?=testing
1515
DOCKER_IMAGE_LABELS ?= --label "name=$(arch)_vault" --label "version=$(VERSION)" --label "vault_version=$(VAULT_VERSION)" --label "release=$(shell git rev-parse --short HEAD)"
1616

go.mod

+4-4
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ require (
2020
github.com/evanphx/json-patch/v5 v5.9.0 // indirect
2121
github.com/fatih/color v1.17.0 // indirect
2222
github.com/felixge/httpsnoop v1.0.4 // indirect
23-
github.com/go-jose/go-jose/v4 v4.0.4 // indirect
23+
github.com/go-jose/go-jose/v4 v4.0.5 // indirect
2424
github.com/go-logr/logr v1.4.2 // indirect
2525
github.com/go-logr/stdr v1.2.2 // indirect
2626
github.com/gogo/protobuf v1.3.2 // indirect
@@ -78,10 +78,10 @@ require (
7878
go.opentelemetry.io/otel/trace v1.31.0 // indirect
7979
go.opentelemetry.io/proto/otlp v1.3.1 // indirect
8080
go.uber.org/atomic v1.11.0 // indirect
81-
golang.org/x/crypto v0.32.0 // indirect
81+
golang.org/x/crypto v0.35.0 // indirect
8282
golang.org/x/net v0.34.0 // indirect
83-
golang.org/x/sys v0.29.0 // indirect
84-
golang.org/x/text v0.21.0 // indirect
83+
golang.org/x/sys v0.30.0 // indirect
84+
golang.org/x/text v0.22.0 // indirect
8585
golang.org/x/time v0.9.0 // indirect
8686
google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect
8787
google.golang.org/grpc v1.69.4 // indirect

go.sum

+8-10
Original file line numberDiff line numberDiff line change
@@ -47,8 +47,8 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2
4747
github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
4848
github.com/frankban/quicktest v1.14.0 h1:+cqqvzZV87b4adx/5ayVOaYZ2CrvM4ejQvUdBzPPUss=
4949
github.com/frankban/quicktest v1.14.0/go.mod h1:NeW+ay9A/U67EYXNFA1nPE8e/tnQv/09mUdL/ijj8og=
50-
github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
51-
github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
50+
github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE=
51+
github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA=
5252
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
5353
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
5454
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
@@ -193,8 +193,6 @@ github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7P
193193
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
194194
github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
195195
github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
196-
github.com/open-horizon/vault-exchange-auth v1.1.5 h1:YZ58gZmPGiLR1e6lCrqSC+/rq2kvOzo8DDdZAVOPTQE=
197-
github.com/open-horizon/vault-exchange-auth v1.1.5/go.mod h1:5eY5xJ1aBeAQuSBBtde32h1EZrapHahcCuNEKziZ9Rc=
198196
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
199197
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
200198
github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
@@ -275,8 +273,8 @@ golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnf
275273
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
276274
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
277275
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
278-
golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
279-
golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
276+
golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
277+
golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
280278
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
281279
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
282280
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -307,12 +305,12 @@ golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBc
307305
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
308306
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
309307
golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
310-
golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
311-
golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
308+
golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
309+
golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
312310
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
313311
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
314-
golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
315-
golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
312+
golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
313+
golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
316314
golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
317315
golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
318316
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=

0 commit comments

Comments
 (0)