Skip to content

chore(deps): bump github.com/go-jose/go-jose/v4 v4.0.1 to v4.0.5#286

Merged
JenGoldstrich merged 1 commit intomainfrom
chore(deps)/go-jose
Mar 28, 2025
Merged

chore(deps): bump github.com/go-jose/go-jose/v4 v4.0.1 to v4.0.5#286
JenGoldstrich merged 1 commit intomainfrom
chore(deps)/go-jose

Conversation

@tenthirtyam
Copy link
Copy Markdown
Collaborator

@tenthirtyam tenthirtyam commented Mar 27, 2025

Description

Bumps bump github.com/go-jose/go-jose/v4 v4.0.1 to v4.0.5.

Reference

CVE-2025-27144

Tests

packer-plugin-vmware on  chore(deps)/go-jose [!] via 🐹 v1.24.1 took 4.1s 
➜ go get -u github.com/go-jose/go-jose/v4
go: downloading golang.org/x/crypto v0.32.0
go: upgraded github.com/go-jose/go-jose/v4 v4.0.1 => v4.0.5
go: upgraded golang.org/x/crypto v0.31.0 => v0.36.0
go: upgraded golang.org/x/sys v0.28.0 => v0.31.0
go: upgraded golang.org/x/term v0.27.0 => v0.30.0

packer-plugin-vmware on  chore(deps)/go-jose [!] via 🐹 v1.24.1 took 4.1s 
➜ go mod tidy                            

packer-plugin-vmware on  chore(deps)/go-jose [!] via 🐹 v1.24.1 
➜ make build                             

packer-plugin-vmware on  chore(deps)/go-jose [!] via 🐹 v1.24.1 
➜ make dev                               
packer plugins install --path packer-plugin-vmware "github.com/hashicorp/vmware"
Successfully installed plugin github.com/hashicorp/vmware from /Users/johnsonryan/Downloads/packer-plugin-vmware/packer-plugin-vmware to /Users/johnsonryan/.packer.d/plugins/github.com/hashicorp/vmware/packer-plugin-vmware_v1.1.1-dev_x5.0_darwin_amd64

packer-plugin-vmware on  chore(deps)/go-jose [!] via 🐹 v1.24.1 took 5.2s 
➜ make test                              
?       github.com/hashicorp/packer-plugin-vmware       [no test files]
ok      github.com/hashicorp/packer-plugin-vmware/builder/vmware/common 7.335s
ok      github.com/hashicorp/packer-plugin-vmware/builder/vmware/iso    2.093s
ok      github.com/hashicorp/packer-plugin-vmware/builder/vmware/vmx    3.024s
?       github.com/hashicorp/packer-plugin-vmware/version       [no test files]

@tenthirtyam tenthirtyam added dependencies Dependencies chore Chore labels Mar 27, 2025
@tenthirtyam tenthirtyam added this to the v1.1.1 milestone Mar 27, 2025
@tenthirtyam tenthirtyam self-assigned this Mar 27, 2025
@tenthirtyam tenthirtyam requested a review from a team as a code owner March 27, 2025 19:20
JenGoldstrich
JenGoldstrich previously approved these changes Mar 28, 2025
View reviewed changes
Copy link
Copy Markdown

@JenGoldstrich JenGoldstrich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This LGTM, you'll need to rebase it against main before I can merge it, and I will say that Lucas just merged these dependency bumps into the packer-plugin-sdk repository, so once that's released, which we are planning to release next week, you could just update the plugin-sdk rather than manually bumping its deps.

@tenthirtyam
Copy link
Copy Markdown
Collaborator Author

tenthirtyam commented Mar 28, 2025

Ah, Good to know! Good waiting for a minor for dependabot to pick up if you like.

@tenthirtyam
Copy link
Copy Markdown
Collaborator Author

tenthirtyam commented Mar 28, 2025

Rebased as well.

@JenGoldstrich
Copy link
Copy Markdown

JenGoldstrich commented Mar 28, 2025

This has a conflict against the go.mod of the main branch still fyi @tenthirtyam

@tenthirtyam
chore(deps): bump github.com/go-jose/go-jose/v4 v4.0.1 to v4.0.5
a29d095 
Bumps bump github.com/go-jose/go-jose/v4 v4.0.1 to v4.0.5.

Signed-off-by: Ryan Johnson <ryan.johnson@broadcom.com>
@tenthirtyam tenthirtyam force-pushed the chore(deps)/go-jose branch from 2ff2895 to a29d095 Compare March 28, 2025 22:13
@tenthirtyam
Copy link
Copy Markdown
Collaborator Author

tenthirtyam commented Mar 28, 2025

Updated @JenGoldstrich

@JenGoldstrich JenGoldstrich merged commit 20e868d into main Mar 28, 2025
14 checks passed
@JenGoldstrich JenGoldstrich deleted the chore(deps)/go-jose branch March 28, 2025 22:59
@github-actions
Copy link
Copy Markdown

github-actions bot commented Jan 31, 2026

I'm going to lock this pull request because it has been closed for 30 days. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 31, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@lbajolet-hashicorp lbajolet-hashicorp Awaiting requested review from lbajolet-hashicorp

1 more reviewer

@JenGoldstrich JenGoldstrich JenGoldstrich approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@tenthirtyam tenthirtyam

Labels

chore Chore dependencies Dependencies

Projects

None yet

Milestone

v1.2.0

Development

Successfully merging this pull request may close these issues.

2 participants

@tenthirtyam @JenGoldstrich