even 1.9.9 i havign security vulnerabilities
https://github.com/ceph/ceph-csi/actions/
\runs/5088482029/jobs/9144940410?pr=3859
updating the vault to latest release and all other
updates are due to the dependency update by `go mod tidy`
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
A vulnerability was found in golang.org/x/text/language package which
could cause a denial of service. An attacker can craft an
Accept-Language header which ParseAcceptLanguage will take significant
time to parse.
Version v0.3.8 of golang.org/x/text fixes a vulnerability.
See-also: https://go.dev/issue/56152
See-also: https://bugzilla.redhat.com/CVE-2022-32149
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Uses github.com/libopenstorage/secrets to communicate with Vault. This
removes the need for maintaining our own limited Vault APIs.
By adding the new dependency, several other packages got updated in the
process. Unused indirect dependencies have been removed from go.mod.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Updating the version of golang.org/x/text to version v0.3.3.
It fixes the vulnerability in http://golang.org/x/text/encoding/unicode
which leads UTF-16 decoder entering an infinite loop causing
the program to crash or run out of memory.
Signed-off-by: Mudit Agarwal <muagarwa@redhat.com>