Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

fix: Unable to use http_interface with Proxmox provider hashicorp/packer#10369 #2

Merged
merged 1 commit into from
Jan 4, 2021
Merged

fix: Unable to use http_interface with Proxmox provider hashicorp/packer#10369 #2

merged 1 commit into from
Jan 4, 2021

Conversation

blz-ea
Copy link
Contributor

@blz-ea blz-ea commented Jan 1, 2021
edited
Loading

azr
azr approved these changes Jan 4, 2021
View reviewed changes
Copy link
Contributor

@azr azr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@azr azr merged commit 17601a2 into hashicorp:main Jan 4, 2021
nywilken added a commit that referenced this pull request Oct 2, 2023
@nywilken
Bump Go tool chain to 1.20
597703b 
This change was made to address a number of vulnerabilities reported by
govulncheck

```
~>  govulncheck ./...
Scanning your code and 599 packages across 99 dependent modules for known vulnerabilities...

Vulnerability #1: GO-2023-2043
    Improper handling of special tags within script contexts in html/template
  More info: https://pkg.go.dev/vuln/GO-2023-2043
  Standard library
    Found in: html/template@go1.19.13
    Fixed in: html/template@go1.21.1
    Example traces found:
      #1: multistep/commonsteps/step_http_server.go:123:2: commonsteps.StepHTTPServer.Run calls http.Server.Serve, which eventually calls template.Template.Execute
      #2: multistep/commonsteps/step_http_server.go:123:2: commonsteps.StepHTTPServer.Run calls http.Server.Serve, which eventually calls template.Template.ExecuteTemplate

Vulnerability #2: GO-2023-2041
    Improper handling of HTML-like comments in script contexts in html/template
  More info: https://pkg.go.dev/vuln/GO-2023-2041
  Standard library
    Found in: html/template@go1.19.13
    Fixed in: html/template@go1.21.1
    Example traces found:
      #1: multistep/commonsteps/step_http_server.go:123:2: commonsteps.StepHTTPServer.Run calls http.Server.Serve, which eventually calls template.Template.Execute
      #2: multistep/commonsteps/step_http_server.go:123:2: commonsteps.StepHTTPServer.Run calls http.Server.Serve, which eventually calls template.Template.ExecuteTemplate

Your code is affected by 2 vulnerabilities from the Go standard library.

```
nywilken added a commit that referenced this pull request Oct 2, 2023
@nywilken
Bump Go tool chain to 1.20
fd541be 
This change was made to address a number of vulnerabilities reported by govulncheck in Go 1.19.13
Support for Go1.19 is removed with this change. Moving forward the minimum Go version will be bumped after a
new Go minor version is released.

```
~>  govulncheck ./...
Scanning your code and 599 packages across 99 dependent modules for known vulnerabilities...

Vulnerability #1: GO-2023-2043
    Improper handling of special tags within script contexts in html/template
  More info: https://pkg.go.dev/vuln/GO-2023-2043
  Standard library
    Found in: html/template@go1.19.13
    Fixed in: html/template@go1.21.1
    Example traces found:
      #1: multistep/commonsteps/step_http_server.go:123:2: commonsteps.StepHTTPServer.Run calls http.Server.Serve, which eventually calls template.Template.Execute
      #2: multistep/commonsteps/step_http_server.go:123:2: commonsteps.StepHTTPServer.Run calls http.Server.Serve, which eventually calls template.Template.ExecuteTemplate

Vulnerability #2: GO-2023-2041
    Improper handling of HTML-like comments in script contexts in html/template
  More info: https://pkg.go.dev/vuln/GO-2023-2041
  Standard library
    Found in: html/template@go1.19.13
    Fixed in: html/template@go1.21.1
    Example traces found:
      #1: multistep/commonsteps/step_http_server.go:123:2: commonsteps.StepHTTPServer.Run calls http.Server.Serve, which eventually calls template.Template.Execute
      #2: multistep/commonsteps/step_http_server.go:123:2: commonsteps.StepHTTPServer.Run calls http.Server.Serve, which eventually calls template.Template.ExecuteTemplate

Your code is affected by 2 vulnerabilities from the Go standard library.

```
nywilken added a commit that referenced this pull request Oct 13, 2023
@nywilken
Bump Go tool chain to 1.20
2ed94e4 
This change was made to address a number of vulnerabilities reported by govulncheck in Go 1.19.13
Support for Go1.19 is removed with this change. Moving forward the minimum Go version will be bumped after a
new Go minor version is released.

```
~>  govulncheck ./...
Scanning your code and 599 packages across 99 dependent modules for known vulnerabilities...

Vulnerability #1: GO-2023-2043
    Improper handling of special tags within script contexts in html/template
  More info: https://pkg.go.dev/vuln/GO-2023-2043
  Standard library
    Found in: html/template@go1.19.13
    Fixed in: html/template@go1.21.1
    Example traces found:
      #1: multistep/commonsteps/step_http_server.go:123:2: commonsteps.StepHTTPServer.Run calls http.Server.Serve, which eventually calls template.Template.Execute
      #2: multistep/commonsteps/step_http_server.go:123:2: commonsteps.StepHTTPServer.Run calls http.Server.Serve, which eventually calls template.Template.ExecuteTemplate

Vulnerability #2: GO-2023-2041
    Improper handling of HTML-like comments in script contexts in html/template
  More info: https://pkg.go.dev/vuln/GO-2023-2041
  Standard library
    Found in: html/template@go1.19.13
    Fixed in: html/template@go1.21.1
    Example traces found:
      #1: multistep/commonsteps/step_http_server.go:123:2: commonsteps.StepHTTPServer.Run calls http.Server.Serve, which eventually calls template.Template.Execute
      #2: multistep/commonsteps/step_http_server.go:123:2: commonsteps.StepHTTPServer.Run calls http.Server.Serve, which eventually calls template.Template.ExecuteTemplate

Your code is affected by 2 vulnerabilities from the Go standard library.

```
nywilken added a commit that referenced this pull request Oct 16, 2023
@nywilken
Bump Go tool chain to 1.20
7128c8a 
This change was made to address a number of vulnerabilities reported by govulncheck in Go 1.19.13
Support for Go1.19 is removed with this change. Moving forward the minimum Go version will be bumped after a
new Go minor version is released.

```
~>  govulncheck ./...
Scanning your code and 599 packages across 99 dependent modules for known vulnerabilities...

Vulnerability #1: GO-2023-2043
    Improper handling of special tags within script contexts in html/template
  More info: https://pkg.go.dev/vuln/GO-2023-2043
  Standard library
    Found in: html/template@go1.19.13
    Fixed in: html/template@go1.21.1
    Example traces found:
      #1: multistep/commonsteps/step_http_server.go:123:2: commonsteps.StepHTTPServer.Run calls http.Server.Serve, which eventually calls template.Template.Execute
      #2: multistep/commonsteps/step_http_server.go:123:2: commonsteps.StepHTTPServer.Run calls http.Server.Serve, which eventually calls template.Template.ExecuteTemplate

Vulnerability #2: GO-2023-2041
    Improper handling of HTML-like comments in script contexts in html/template
  More info: https://pkg.go.dev/vuln/GO-2023-2041
  Standard library
    Found in: html/template@go1.19.13
    Fixed in: html/template@go1.21.1
    Example traces found:
      #1: multistep/commonsteps/step_http_server.go:123:2: commonsteps.StepHTTPServer.Run calls http.Server.Serve, which eventually calls template.Template.Execute
      #2: multistep/commonsteps/step_http_server.go:123:2: commonsteps.StepHTTPServer.Run calls http.Server.Serve, which eventually calls template.Template.ExecuteTemplate

Your code is affected by 2 vulnerabilities from the Go standard library.

```
nywilken pushed a commit that referenced this pull request Jun 14, 2024
Bump google.golang.org/protobuf@v1.33.0
0085a26 
```
~>  govulncheck ./...
=== Symbol Results ===

Vulnerability #1: GO-2024-2611
    Infinite loop in JSON unmarshaling in google.golang.org/protobuf
  More info: https://pkg.go.dev/vuln/GO-2024-2611
  Module: google.golang.org/protobuf
    Found in: google.golang.org/protobuf@v1.31.0
    Fixed in: google.golang.org/protobuf@v1.33.0
    Example traces found:
      #1: sdk-internals/communicator/winrm/communicator.go:238:22: winrm.Base64Pipe.ReadFrom calls io.ReadAll, which eventually calls json.Decoder.Peek
      #2: sdk-internals/communicator/winrm/communicator.go:238:22: winrm.Base64Pipe.ReadFrom calls io.ReadAll, which eventually calls json.Decoder.Read
      #3: sdk-internals/communicator/winrm/communicator.go:238:22: winrm.Base64Pipe.ReadFrom calls io.ReadAll, which eventually calls protojson.Unmarshal
```
nywilken pushed a commit that referenced this pull request Jun 14, 2024
Bump google.golang.org/protobuf@v1.33.0
8275bfc 
```
~>  govulncheck ./...
=== Symbol Results ===

Vulnerability #1: GO-2024-2611
    Infinite loop in JSON unmarshaling in google.golang.org/protobuf
  More info: https://pkg.go.dev/vuln/GO-2024-2611
  Module: google.golang.org/protobuf
    Found in: google.golang.org/protobuf@v1.31.0
    Fixed in: google.golang.org/protobuf@v1.33.0
    Example traces found:
      #1: sdk-internals/communicator/winrm/communicator.go:238:22: winrm.Base64Pipe.ReadFrom calls io.ReadAll, which eventually calls json.Decoder.Peek
      #2: sdk-internals/communicator/winrm/communicator.go:238:22: winrm.Base64Pipe.ReadFrom calls io.ReadAll, which eventually calls json.Decoder.Read
      #3: sdk-internals/communicator/winrm/communicator.go:238:22: winrm.Base64Pipe.ReadFrom calls io.ReadAll, which eventually calls protojson.Unmarshal
```
nywilken pushed a commit that referenced this pull request Jun 14, 2024
@nywilken
Bump google.golang.org/protobuf@v1.33.0
da5ece9 
```
~>  govulncheck ./...
=== Symbol Results ===

Vulnerability #1: GO-2024-2611
    Infinite loop in JSON unmarshaling in google.golang.org/protobuf
  More info: https://pkg.go.dev/vuln/GO-2024-2611
  Module: google.golang.org/protobuf
    Found in: google.golang.org/protobuf@v1.31.0
    Fixed in: google.golang.org/protobuf@v1.33.0
    Example traces found:
      #1: sdk-internals/communicator/winrm/communicator.go:238:22: winrm.Base64Pipe.ReadFrom calls io.ReadAll, which eventually calls json.Decoder.Peek
      #2: sdk-internals/communicator/winrm/communicator.go:238:22: winrm.Base64Pipe.ReadFrom calls io.ReadAll, which eventually calls json.Decoder.Read
      #3: sdk-internals/communicator/winrm/communicator.go:238:22: winrm.Base64Pipe.ReadFrom calls io.ReadAll, which eventually calls protojson.Unmarshal
```
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@azr azr azr approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Unable to use http_interface with Proxmox provider
2 participants
@blz-ea @azr