Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[🐸 Frogbot] Update version of golang.org/x/net to [0.13.0] #430

Merged
merged 2 commits into from
Aug 10, 2023

Conversation

github-actions[bot]
Copy link
Contributor

📦 Vulnerable Dependencies

✍️ Summary

SEVERITY DIRECT DEPENDENCIES IMPACTED DEPENDENCY FIXED VERSIONS

Medium
golang.org/x/oauth2:v0.10.0

github.com/go-git/go-git/v5:v5.8.1

github.com/jfrog/froggit-go:v1.12.1

github.com/jfrog/jfrog-cli-core/v2:v2.40.0

github.com/jfrog/jfrog-client-go:v1.31.4

github.com/ktrysmt/go-bitbucket:v0.9.63

golang.org/x/net:v0.12.0
golang.org/x/net:v0.12.0 [0.13.0]

👇 Details

  • Severity 🎃 Medium
  • Package Name: golang.org/x/net
  • Current Version: v0.12.0
  • Fixed Version: [0.13.0]
  • CVE: CVE-2023-3978

Description:

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.


@omerzi omerzi added the safe to test Approve running integration tests on a pull request label Aug 10, 2023
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Aug 10, 2023
@omerzi omerzi added the dependencies Pull requests that update a dependency file label Aug 10, 2023
@github-actions
Copy link
Contributor Author

github-actions bot commented Aug 10, 2023

Pull Request Test Coverage Report for Build 5817196283

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 64.848%

Totals Coverage Status
Change from base Build 5817175589: 0.0%
Covered Lines: 1664
Relevant Lines: 2566

💛 - Coveralls

@omerzi omerzi merged commit 6e1bcde into dev Aug 10, 2023
15 of 17 checks passed
@omerzi omerzi deleted the frogbot-golang.org/x/net-78a6fe11f8021e24b7f196d7f85790d7 branch August 10, 2023 05:57
sverdlov93 pushed a commit to sverdlov93/frogbot that referenced this pull request Aug 13, 2023
sverdlov93 added a commit that referenced this pull request Aug 15, 2023
* improve docs

* improve docs

* improve docs

* improve docs

* improve docs

* improve docs

* improve docs

* Improve internal field names (#418)

* Fix aggregate PRs test (#420)

* Fix open pull request against the wrong branch (#421)

* Update Git Action dependencies (#427)

* Update git action

* Update git action

* Update git action

---------

Co-authored-by: Omer Zidkoni <[email protected]>

* Restructure source code  (#419)

* Fix mock import (#429)

* Fix undefined pull request ID in scan-pull-requests (#428)

* Upgrade golang.org/x/net to 0.13.0 (#430)

* Remove base branch from github actions (#431)

* Separate env params extraction by context (#432)

* Update dependencies (#435)

* Update git action

* Update git action

* Update git action

* Update git action

* Update git action

* Update git action

* Update git action

* Update git action

* Unify webhook url markdown

* Update scan-pull-request.jenkinsfile

* Update scan-repository.jenkinsfile

* Update scan-pull-request.jenkinsfile

* add jenkins pipeline logo

* move position

* change image

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update install-github.md

* Delete jenkins-logo.png

* Update README.md

* Update README.md

* Update README.md

* Update git action

* Update git action

---------

Co-authored-by: Omer Zidkoni <[email protected]>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Eyal Delarea <[email protected]>
Co-authored-by: Omer Zidkoni <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants