Addresses CVE-2024-45337 CVE-2025-22868 CVE-2025-22869 CVE-2024-45338…#463
Addresses CVE-2024-45337 CVE-2025-22868 CVE-2025-22869 CVE-2024-45338…#463spiliopoulos wants to merge 1 commit into
Conversation
…VE-2025-22870 CVE-2025-22872 by upgrading crypto net and oauth
|
The CVEs might not be exploitable for ghz or even significant for a tool like ghz but they do get flagged in corporate environments from automated scanners which make it harder to use and adopt. I understand that there is a toil associated with trying to keep up with dependencies and I hope that you will welcome PRs from third parties. |
|
@bojand I hope you might be able to take a look |
|
cc @jamiees2 |
spiliopoulos
left a comment
There was a problem hiding this comment.
left a small explanation about a change
| assert.NotNil(t, md1) | ||
| assert.Equal(t, []string{"1"}, md1.Get("token")) | ||
| assert.NotSame(t, mdp.preseed, md1) | ||
| assert.NotSame(t, &mdp.preseed, &md1) |
There was a problem hiding this comment.
Testify addressed a bug in their implementation to be inline with their docs. Now NotSame expects pointers and fails otherwise.
I assume we were testing for instance equality rather than value equality here so I converted the values to pointers to the values.
|
@bojand any updates here. |
… CVE-2025-22870 CVE-2025-22872 by upgrading crypto net and oauth