From 105786cc270af16af98410a095f0ea7dc985a472 Mon Sep 17 00:00:00 2001 From: Tero Saarni Date: Fri, 17 Sep 2021 19:48:38 +0300 Subject: [PATCH] Update github.com/ulikunitz/xz (#12253) * Update github.com/ulikunitz/xz * Bump xz which is transitive dependency of github.com/mholt/archiver. Fixes known security vulnerability GHSA-25xm-hr59-7c27. * Update github.com/ulikunitz/xz * Added security advisory ID to changelog. --- changelog/12253.txt | 3 +++ go.mod | 2 +- go.sum | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) create mode 100644 changelog/12253.txt diff --git a/changelog/12253.txt b/changelog/12253.txt new file mode 100644 index 000000000..fdf704ca8 --- /dev/null +++ b/changelog/12253.txt @@ -0,0 +1,3 @@ +```release-note:improvement +core: Update github.com/ulikunitz/xz to fix security vulnerability GHSA-25xm-hr59-7c27. +``` diff --git a/go.mod b/go.mod index 7ec971f68..f8283261e 100644 --- a/go.mod +++ b/go.mod @@ -166,7 +166,7 @@ require ( github.com/tencentcloud/tencentcloud-sdk-go v3.0.171+incompatible // indirect github.com/tidwall/pretty v1.0.1 // indirect github.com/tklauser/go-sysconf v0.3.6 // indirect - github.com/ulikunitz/xz v0.5.7 // indirect + github.com/ulikunitz/xz v0.5.10 // indirect github.com/xdg/stringprep v1.0.0 // indirect github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect github.com/yuin/gopher-lua v0.0.0-20200816102855-ee81675732da // indirect diff --git a/go.sum b/go.sum index 1965444ab..fa8f547f4 100644 --- a/go.sum +++ b/go.sum @@ -1227,8 +1227,8 @@ github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqri github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= -github.com/ulikunitz/xz v0.5.7 h1:YvTNdFzX6+W5m9msiYg/zpkSURPPtOlzbqYjrFn7Yt4= -github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= +github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8= +github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=