DockerCLI

History

Sebastiaan van Stijn a4a79d75c0 vendor: google.golang.org/protobuf v1.33.0, github.com/golang/protobuf v1.5.4 full diffs: - https://github.com/protocolbuffers/protobuf-go/compare/v1.31.0...v1.33.0 - https://github.com/golang/protobuf/compare/v1.5.3...v1.5.4 From the Go security announcement list; > Version v1.33.0 of the google.golang.org/protobuf module fixes a bug in > the google.golang.org/protobuf/encoding/protojson package which could cause > the Unmarshal function to enter an infinite loop when handling some invalid > inputs. > > This condition could only occur when unmarshaling into a message which contains > a google.protobuf.Any value, or when the UnmarshalOptions.UnmarshalUnknown > option is set. Unmarshal now correctly returns an error when handling these > inputs. > > This is CVE-2024-24786. In a follow-up post; > A small correction: This vulnerability applies when the UnmarshalOptions.DiscardUnknown > option is set (as well as when unmarshaling into any message which contains a > google.protobuf.Any). There is no UnmarshalUnknown option. > > In addition, version 1.33.0 of google.golang.org/protobuf inadvertently > introduced an incompatibility with the older github.com/golang/protobuf > module. (https://github.com/golang/protobuf/issues/1596) Users of the older > module should update to github.com/golang/protobuf@v1.5.4. govulncheck results in our code shows that this does not affect the CLI: govulncheck ./... Scanning your code and 448 packages across 72 dependent modules for known vulnerabilities... === Symbol Results === No vulnerabilities found. Your code is affected by 0 vulnerabilities. This scan also found 1 vulnerability in packages you import and 0 vulnerabilities in modules you require, but your code doesn't appear to call these vulnerabilities. Use '-show verbose' for more details. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>		2024-03-16 16:41:42 +01:00
..
checkinit.go	vendor: genproto 8816d57aaa9a, google.golang.org/protobuf v1.26.0, github.com/golang/protobuf v1.5.2	2021-08-12 17:02:16 +02:00
decode.go	vendor: google.golang.org/protobuf v1.33.0, github.com/golang/protobuf v1.5.4	2024-03-16 16:41:42 +01:00
decode_gen.go	vendor: genproto 8816d57aaa9a, google.golang.org/protobuf v1.26.0, github.com/golang/protobuf v1.5.2	2021-08-12 17:02:16 +02:00
doc.go	vendor: google.golang.org/protobuf v1.33.0, github.com/golang/protobuf v1.5.4	2024-03-16 16:41:42 +01:00
encode.go	vendor: google.golang.org/protobuf v1.33.0, github.com/golang/protobuf v1.5.4	2024-03-16 16:41:42 +01:00
encode_gen.go	vendor: genproto 8816d57aaa9a, google.golang.org/protobuf v1.26.0, github.com/golang/protobuf v1.5.2	2021-08-12 17:02:16 +02:00
equal.go	vendor: google.golang.org/protobuf v1.30.0	2023-07-20 00:30:58 +02:00
extension.go	vendor: google.golang.org/protobuf v1.33.0, github.com/golang/protobuf v1.5.4	2024-03-16 16:41:42 +01:00
merge.go	vendor: google.golang.org/protobuf v1.33.0, github.com/golang/protobuf v1.5.4	2024-03-16 16:41:42 +01:00
messageset.go	vendor: genproto 8816d57aaa9a, google.golang.org/protobuf v1.26.0, github.com/golang/protobuf v1.5.2	2021-08-12 17:02:16 +02:00
proto.go	vendor: google.golang.org/protobuf v1.33.0, github.com/golang/protobuf v1.5.4	2024-03-16 16:41:42 +01:00
proto_methods.go	vendor: github.com/containerd/containerd v1.6.10	2022-11-16 16:32:17 +01:00
proto_reflect.go	vendor: github.com/containerd/containerd v1.6.10	2022-11-16 16:32:17 +01:00
reset.go	vendor: genproto 8816d57aaa9a, google.golang.org/protobuf v1.26.0, github.com/golang/protobuf v1.5.2	2021-08-12 17:02:16 +02:00
size.go	vendor: google.golang.org/protobuf v1.31.0	2023-09-19 16:36:23 +02:00
size_gen.go	vendor: genproto 8816d57aaa9a, google.golang.org/protobuf v1.26.0, github.com/golang/protobuf v1.5.2	2021-08-12 17:02:16 +02:00
wrappers.go	vendor: genproto 8816d57aaa9a, google.golang.org/protobuf v1.26.0, github.com/golang/protobuf v1.5.2	2021-08-12 17:02:16 +02:00