aboutsummaryrefslogtreecommitdiffstats
path: root/go.mod
diff options
context:
space:
mode:
authorMoritz Poldrack <git@moritz.sh>2024-02-06 09:28:26 +0100
committerRobin Jarry <robin@jarry.cc>2024-02-11 22:03:56 +0100
commit819ce4bbf157c2c0f65a4928ceee74ff2461a73a (patch)
tree77d5d43064b0539a59e80304bd98fe4dc9f64b93 /go.mod
parente7c26e02bb326f08c071e9f37ebf80952a0cca97 (diff)
downloadaerc-819ce4bbf157c2c0f65a4928ceee74ff2461a73a.tar.gz
security: update dependencies with known vulnerabilities
This patch bumps the version of github.com/cloudflare/circl which is required by github.com/ProtonMail/go-crypto to 1.3.7 to include mitigations for GO-2023-1765 and GO-2024-2453. Link: https://pkg.go.dev/vuln/GO-2023-1765 Link: https://pkg.go.dev/vuln/GO-2024-2453 Signed-off-by: Moritz Poldrack <git@moritz.sh> Acked-by: Robin Jarry <robin@jarry.cc>
Diffstat (limited to 'go.mod')
-rw-r--r--go.mod6
1 files changed, 3 insertions, 3 deletions
diff --git a/go.mod b/go.mod
index a94a7afa..35c16248 100644
--- a/go.mod
+++ b/go.mod
@@ -33,12 +33,12 @@ require (
github.com/syndtr/goleveldb v1.0.0
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e
golang.org/x/oauth2 v0.7.0
- golang.org/x/sys v0.7.0
+ golang.org/x/sys v0.15.0
golang.org/x/tools v0.6.0
)
require (
- github.com/cloudflare/circl v1.3.2 // indirect
+ github.com/cloudflare/circl v1.3.7 // indirect
github.com/creack/pty v1.1.18 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594 // indirect
@@ -50,7 +50,7 @@ require (
github.com/onsi/gomega v1.20.0 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/rogpeppe/go-internal v1.8.1 // indirect
- golang.org/x/crypto v0.8.0 // indirect
+ golang.org/x/crypto v0.17.0 // indirect
golang.org/x/mod v0.8.0 // indirect
golang.org/x/net v0.9.0 // indirect
golang.org/x/term v0.7.0 // indirect