Skip to content

Commit

Permalink
Bump Go toolchain version to 1.23.5
Browse files Browse the repository at this point in the history 
govulncheck reports multiple vulnerabilities affecting Go versions
before 1.23.5:

Vulnerability #1: GO-2025-3420
    Sensitive headers incorrectly sent after cross-domain redirect in net/http
  More info: https://pkg.go.dev/vuln/GO-2025-3420
  Standard library
    Found in: net/[email protected]
    Fixed in: net/[email protected]

Vulnerability #2: GO-2025-3373
    Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
  More info: https://pkg.go.dev/vuln/GO-2025-3373
  Standard library
    Found in: crypto/[email protected]
    Fixed in: crypto/[email protected]
  • Loading branch information
@adombeck
adombeck committed Feb 3, 2025
1 parent 0d0d6c7 commit 3f086d0
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 0 deletions.
2 changes: 2 additions & 0 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ module github.com/ubuntu/authd-oidc-brokers

go 1.23.0

toolchain go1.23.5

require (
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0
github.com/coreos/go-oidc/v3 v3.12.0
Expand Down
2 changes: 2 additions & 0 deletions tools/go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ module github.com/ubuntu/authd-oidc-brokers/tools

go 1.23.0

toolchain go1.23.5

require github.com/golangci/golangci-lint v1.63.4

require (
Expand Down

0 comments on commit 3f086d0

Please sign in to comment.