Skip to content

Update dependencies to mitigate scanner-detected vulnerabilities #266

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
robmoore-i wants to merge 2 commits into from
Closed

Update dependencies to mitigate scanner-detected vulnerabilities #266

robmoore-i wants to merge 2 commits into from

Conversation

@robmoore-i
Copy link
Contributor

@robmoore-i robmoore-i commented Oct 3, 2024
edited
Loading

Hi folks,

I don't know if this naive change actually works by itself, but if it does and it's not too much trouble, could you publish a new version that mitigates this vulnerability? It's marked in scanners as 'critical' which makes it a bit problematic for us to use.

The Grafana vulnerability in question: https://grafana.com/security/security-advisories/cve-2024-8986/

@robmoore-i
Update grafana-plugin-sdk-go to mitigate CVE-2024-8986
833ba30 
Hi folks,

I don't know if this naive change actually works by itself, but if it does and it's not too much trouble, could you publish a new version that mitigates this vulnerability? It's marked in scanners as 'critical' which makes it a bit problematic for us to use.

See: https://grafana.com/security/security-advisories/cve-2024-8986/
@cla-bot
Copy link

cla-bot bot commented Oct 3, 2024

Thank you for your pull request and welcome to the Trino community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. Continue to work with us on the review and improvements in this PR, and submit the signed CLA to cla@trino.io. Photos, scans, or digitally-signed PDF files are all suitable. Processing may take a few days. The CLA needs to be on file before we merge your changes. For more information, see https://github.com/trinodb/cla

@cla-bot
Copy link

cla-bot bot commented Oct 3, 2024

Thank you for your pull request and welcome to the Trino community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. Continue to work with us on the review and improvements in this PR, and submit the signed CLA to cla@trino.io. Photos, scans, or digitally-signed PDF files are all suitable. Processing may take a few days. The CLA needs to be on file before we merge your changes. For more information, see https://github.com/trinodb/cla

@robmoore-i robmoore-i changed the title Update grafana-plugin-sdk-go to mitigate CVE-2024-8986 Update dependencies to mitigate scanner-detected vulnerabilities Oct 3, 2024
@robmoore-i
Copy link
Contributor Author

robmoore-i commented Oct 4, 2024

Closing in favour of #244

@robmoore-i robmoore-i closed this Oct 4, 2024
@robmoore-i robmoore-i deleted the patch-1 branch October 4, 2024 04:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@robmoore-i