You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/09/23 09:09:17 UTC
[GitHub] [apisix-dashboard] yoyofx opened a new pull request, #2623: Update dependencies to solve security problems , Such as CVE-*
yoyofx opened a new pull request, #2623:
URL: https://github.com/apache/apisix-dashboard/pull/2623
Please answer these questions before submitting a pull request, **or your PR will get closed**.
**Why submit this pull request?**
- [X] Bugfix
- [ ] New feature provided
- [ ] Improve performance
- [ ] Backport patches
**What changes will this PR take into?**
以下问题均经过测试
1. 更新go二进制漏洞
2. 更新etcd client到 3.5 解决go mod依赖问题
3. 修复CVE-2020-36066等共15个安全漏洞
更新依赖:
etcd client 更新到 go.etcd.io/etcd/client/v3 v3.5.5
viper 更新到v1.13.0
gjson 更新到v1.9.3
golang-jwt 更新到v4 jwt/v4 v4.4.2
Please update this section with detailed description.
**Checklist:**
- [X] Did you explain what problem does this PR solve? Or what new features have been added?
- [ ] Have you added corresponding test cases?
- [ ] Have you modified the corresponding document?
- [X] Is this PR backward compatible? If it is not backward compatible, please discuss on the mailing list first
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-dashboard] yoyofx commented on pull request #2623: fix: update dependencies to solve security problems , such as CVE-*
Posted by GitBox <gi...@apache.org>.
yoyofx commented on PR #2623:
URL: https://github.com/apache/apisix-dashboard/pull/2623#issuecomment-1257769102
Action中测试环境Docker go版本 小于 1.16 导致, 此提交编译不过 , 忘解决
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-dashboard] codecov-commenter commented on pull request #2623: fix: update dependencies to solve security problems , such as CVE-*
Posted by GitBox <gi...@apache.org>.
codecov-commenter commented on PR #2623:
URL: https://github.com/apache/apisix-dashboard/pull/2623#issuecomment-1257334569
# [Codecov](https://codecov.io/gh/apache/apisix-dashboard/pull/2623?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#2623](https://codecov.io/gh/apache/apisix-dashboard/pull/2623?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (2b77e14) into [master](https://codecov.io/gh/apache/apisix-dashboard/commit/b777d99be72bfaca96561047218d36aa213da952?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (b777d99) will **decrease** coverage by `17.89%`.
> The diff coverage is `n/a`.
```diff
@@ Coverage Diff @@
## master #2623 +/- ##
===========================================
- Coverage 68.50% 50.61% -17.90%
===========================================
Files 134 46 -88
Lines 3553 3341 -212
Branches 867 0 -867
===========================================
- Hits 2434 1691 -743
- Misses 1119 1447 +328
- Partials 0 203 +203
```
| Flag | Coverage Δ | |
|---|---|---|
| backend-unit-test | `50.61% <ø> (?)` | |
| frontend-e2e-test | `?` | |
Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#carryforward-flags-in-the-pull-request-comment) to find out more.
| [Impacted Files](https://codecov.io/gh/apache/apisix-dashboard/pull/2623?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | |
|---|---|---|
| [api/internal/filter/authentication.go](https://codecov.io/gh/apache/apisix-dashboard/pull/2623/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-YXBpL2ludGVybmFsL2ZpbHRlci9hdXRoZW50aWNhdGlvbi5nbw==) | `77.77% <ø> (ø)` | |
| [.../internal/handler/authentication/authentication.go](https://codecov.io/gh/apache/apisix-dashboard/pull/2623/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-YXBpL2ludGVybmFsL2hhbmRsZXIvYXV0aGVudGljYXRpb24vYXV0aGVudGljYXRpb24uZ28=) | `76.19% <ø> (ø)` | |
| [web/src/hooks/usePagination.ts](https://codecov.io/gh/apache/apisix-dashboard/pull/2623/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-d2ViL3NyYy9ob29rcy91c2VQYWdpbmF0aW9uLnRz) | | |
| [web/src/components/Upstream/constant.ts](https://codecov.io/gh/apache/apisix-dashboard/pull/2623/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-d2ViL3NyYy9jb21wb25lbnRzL1Vwc3RyZWFtL2NvbnN0YW50LnRz) | | |
| [web/src/pages/SSL/components/Step1/index.tsx](https://codecov.io/gh/apache/apisix-dashboard/pull/2623/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-d2ViL3NyYy9wYWdlcy9TU0wvY29tcG9uZW50cy9TdGVwMS9pbmRleC50c3g=) | | |
| [web/src/pages/Consumer/Create.tsx](https://codecov.io/gh/apache/apisix-dashboard/pull/2623/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-d2ViL3NyYy9wYWdlcy9Db25zdW1lci9DcmVhdGUudHN4) | | |
| [...b/src/pages/Proto/components/ProtoDrawer/index.tsx](https://codecov.io/gh/apache/apisix-dashboard/pull/2623/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-d2ViL3NyYy9wYWdlcy9Qcm90by9jb21wb25lbnRzL1Byb3RvRHJhd2VyL2luZGV4LnRzeA==) | | |
| [web/src/pages/SSL/service.ts](https://codecov.io/gh/apache/apisix-dashboard/pull/2623/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-d2ViL3NyYy9wYWdlcy9TU0wvc2VydmljZS50cw==) | | |
| [...b/src/components/Plugin/UI/referer-restriction.tsx](https://codecov.io/gh/apache/apisix-dashboard/pull/2623/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-d2ViL3NyYy9jb21wb25lbnRzL1BsdWdpbi9VSS9yZWZlcmVyLXJlc3RyaWN0aW9uLnRzeA==) | | |
| [web/src/components/Upstream/components/Nodes.tsx](https://codecov.io/gh/apache/apisix-dashboard/pull/2623/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-d2ViL3NyYy9jb21wb25lbnRzL1Vwc3RyZWFtL2NvbXBvbmVudHMvTm9kZXMudHN4) | | |
| ... and [172 more](https://codecov.io/gh/apache/apisix-dashboard/pull/2623/diff?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | |
:mega: We’re building smart automated test selection to slash your CI/CD build times. [Learn more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org