Skip to content

CVE-2022-28948 update#446

Merged
bmoffatt merged 1 commit intoaws:mainfrom
Greyeye:main
Jun 30, 2022
Merged

CVE-2022-28948 update#446
bmoffatt merged 1 commit intoaws:mainfrom
Greyeye:main

Conversation

@Greyeye
Copy link
Contributor

@Greyeye Greyeye commented Jun 7, 2022

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@Greyeye
CVE-2022-28948 update
5f9cfb6 
* [Github security advisory](GHSA-hp87-p4gw-j4gq)
* update stretchr/testify to 1.7.2
@codecov-commenter
Copy link

codecov-commenter commented Jun 30, 2022
edited
Loading

Codecov Report

Merging #446 (5f9cfb6) into main (0dae564) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #446   +/-   ##
=======================================
  Coverage   72.90%   72.90%           
=======================================
  Files          19       19           
  Lines        1085     1085           
=======================================
  Hits          791      791           
  Misses        225      225           
  Partials       69       69

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0dae564...5f9cfb6. Read the comment docs.

@bmoffatt
Copy link
Collaborator

bmoffatt commented Jun 30, 2022

🤷‍♂️ Did this trigger a warning in a consuming package you have? The dependency only comes in for running this package's unit tests, so it'd interesting & unexpected if the vulnerable dependency was being transitively picked up in the consumer.

@bmoffatt
Copy link
Collaborator

bmoffatt commented Jun 30, 2022

🤷‍♂️ Did this trigger a warning in a consuming package you have? The dependency only comes in for running this package's unit tests, so it'd interesting & unexpected if the vulnerable dependency was being transitively picked up in the consumer.

bryan@air yolo % cat main.go
package main

import (
	"github.com/aws/aws-lambda-go/lambda"
)

func main() {
	lambda.Start(func() {})
}

bryan@air yolo % cat go.mod
module yolo

go 1.18

require github.com/aws/aws-lambda-go v1.32.0

bryan@air yolo % cat go.sum
github.com/aws/aws-lambda-go v1.32.0 h1:i8MflawW1hoyYp85GMH7LhvAs4cqzL7LOS6fSv8l2KM=
github.com/aws/aws-lambda-go v1.32.0/go.mod h1:IF5Q7wj4VyZyUFnZ54IQqeWtctHQ9tz+KhcbDenr220=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclpTYkz2zFM+lzLJFO4gQ=

ahh, must be because of the gitHub.com/aws/aws-lambda-go/test package being in the repo

https://github.com/aws/aws-lambda-go/blob/main/events/test/jsoncompare.go#L8

@bmoffatt bmoffatt mentioned this pull request Jun 30, 2022
Closed
@bmoffatt bmoffatt merged commit 0260078 into aws:main Jun 30, 2022
@keshayad keshayad mentioned this pull request Jun 30, 2022
Closed
@adam-du-nz adam-du-nz mentioned this pull request Dec 21, 2022
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bmoffatt bmoffatt bmoffatt approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Greyeye @codecov-commenter @bmoffatt