mirror of https://github.com/hashicorp/consul
86b0818c1f
security: upgrade vault/api to remove go-jose.v2 This dependency has an open vulnerability (GO-2024-2631), and is no longer needed by the latest `vault/api`. This is a follow-up to the upgrade of `go-jose/v3` in this repository to make all our dependencies consolidate on v3. Also remove the recently added security scan triage block for GO-2024-2631, which was added due to incorrect reports that `go-jose/v3@3.0.3` was impacted; in reality, is was this indirect client dependency (not impacted by CVE) that the scanner was flagging. A bug report has been filed to address the incorrect reporting. |
||
|---|---|---|
| .. | ||
| annotations/ratelimit | ||
| pbacl | ||
| pbauth/v2beta1 | ||
| pbcatalog/v2beta1 | ||
| pbconnectca | ||
| pbdataplane | ||
| pbdns | ||
| pbhcp/v2 | ||
| pbmesh/v2beta1 | ||
| pbmulticluster | ||
| pbresource | ||
| pbserverdiscovery | ||
| pbtenancy/v2beta1 | ||
| .copywrite.hcl | ||
| LICENSE | ||
| buf.gen.yaml | ||
| buf.lock | ||
| buf.yaml | ||
| go.mod | ||
| go.sum | ||