You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Update Go dependencies to address vulnerabilities (#774)
Address the following (uncalled) vulnerabilities:
- CVE-2024-45337
- CVE-2024-45338
Signed-off-by: Mark S. Lewis <Mark.S.Lewis@outlook.com>
Update release versions (#765)
The protobuf update (for Java at least) is significant enough that a
minor rather than patch-level version increase is probably warranted.
Also update dev dependencies to latest versions.
Signed-off-by: Mark S. Lewis <Mark.S.Lewis@outlook.com>
Remove support for Go 1.21 (#753)
Since the release of Go 1.23 on 2024-08-13, Go 1.21 is no longer a
supported Go release.
Signed-off-by: Mark S. Lewis <Mark.S.Lewis@outlook.com>
Update dependencies (#650)
- Java gRPC and Maven plugin
- Node test dependencies
Also:
- Remove unused import in test code.
- Remove a redundant vulnerability scan suppression.
Signed-off-by: Mark S. Lewis <Mark.S.Lewis@outlook.com>
Use elliptic instead of @noble/curves for Node crypto (#629)
@noble/curves makes use of @noble/hashes, which does not function
correctly on big-endian systems, and also throws an error on module load
if a big-endian system is detected. Revert to using elliptic as the
ECDSA signing implementation.
Signed-off-by: Mark S. Lewis <Mark.S.Lewis@outlook.com>
Update Java dependencies to address CVE-2023-2976 (#611)
Also update dependencies for Go and Node implementation to stay current.
Signed-off-by: Mark S. Lewis <Mark.S.Lewis@outlook.com>