Skip to content

Commit 5f94846

Browse files
andyzhangxandyzhangx
authored
Merge pull request #2442 from kubernetes-sigs/CVE-2025-30204-1.28
[release-1.28] fix: CVE-2025-30204
2 parents ac3456c + 7ac645e commit 5f94846

File tree

5 files changed

+38
-7
lines changed

5 files changed

+38
-7
lines changed

.trivyignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,3 +2,4 @@ CVE-2024-45336
22
CVE-2024-45341
33
CVE-2025-22870
44
CVE-2025-22866
5+
CVE-2025-30204

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -86,7 +86,7 @@ require (
8686
github.com/go-openapi/swag v0.22.3 // indirect
8787
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
8888
github.com/gogo/protobuf v1.3.2 // indirect
89-
github.com/golang-jwt/jwt/v4 v4.5.1 // indirect
89+
github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
9090
github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
9191
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
9292
github.com/google/cel-go v0.17.7 // indirect

go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1002,8 +1002,8 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
10021002
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
10031003
github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
10041004
github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
1005-
github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo=
1006-
github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
1005+
github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI=
1006+
github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
10071007
github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
10081008
github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
10091009
github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=

vendor/github.com/golang-jwt/jwt/v4/parser.go

Lines changed: 33 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/modules.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -222,7 +222,7 @@ github.com/gogo/protobuf/gogoproto
222222
github.com/gogo/protobuf/proto
223223
github.com/gogo/protobuf/protoc-gen-gogo/descriptor
224224
github.com/gogo/protobuf/sortkeys
225-
# github.com/golang-jwt/jwt/v4 v4.5.1
225+
# github.com/golang-jwt/jwt/v4 v4.5.2
226226
## explicit; go 1.16
227227
github.com/golang-jwt/jwt/v4
228228
# github.com/golang-jwt/jwt/v5 v5.2.1

0 commit comments

Comments
 (0)