Conversation
There was a problem hiding this comment.
Curious for further reviews, on https://github.com/hashicorp/go-secure-stdlib/pull/173/changes we bumped to 1.24 any reason for/against keeping everything here the same Go version?
Nevermind this comment, I misunderstood.
There was a problem hiding this comment.
Pull request overview
This PR updates the listenerutil module's dependencies to address security vulnerabilities (SECVULN-34070). The changes include updating the Go version from 1.20 to 1.21 and bumping several direct dependencies to newer versions that contain security fixes.
Changes:
- Updated Go version from 1.20 to 1.21
- Updated four direct dependencies to address CVE vulnerabilities
- Updated go.sum checksums to match the new dependency versions
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| listenerutil/go.mod | Updated Go version to 1.21 and bumped dependency versions for google/go-cmp (v0.6.0→v0.7.0), parseutil (v0.1.8→v0.2.0), go-sockaddr (v1.0.6→v1.0.7), and testify (v1.8.4→v1.11.1) |
| listenerutil/go.sum | Updated checksums for all modified dependencies to maintain integrity verification |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
PCI review checklist
If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.
If applicable, I've worked with GRC to document the impact of any changes to security controls.
Examples of changes to controls include access controls, encryption, logging, etc.
If applicable, I've worked with GRC to ensure compliance due to a significant change to the in-scope PCI environment.
Examples include changes to operating systems, ports, protocols, services, cryptography-related components, PII processing code, etc.
Resolves SECVULN-34070