diff --git a/.github/actions/build-vault/action.yml b/.github/actions/build-vault/action.yml index 215ad37415..4925939674 100644 --- a/.github/actions/build-vault/action.yml +++ b/.github/actions/build-vault/action.yml @@ -224,6 +224,10 @@ runs: path: out/${{ steps.metadata.outputs.artifact-basename }}.zip if-no-files-found: error - if: inputs.create-packages == 'true' + env: + # Use our elevated token instead of the workflow token so that our + # download of nfpm is less likely to fail. + GH_TOKEN: ${{ inputs.github-token }} uses: hashicorp/actions-packaging-linux@33f7d23b14f24e6a7b7d9948cb7f5caca2045ee3 with: name: ${{ inputs.package-name }} diff --git a/builtin/logical/pki/backend_test.go b/builtin/logical/pki/backend_test.go index 9a89eb02c9..6b4833c306 100644 --- a/builtin/logical/pki/backend_test.go +++ b/builtin/logical/pki/backend_test.go @@ -8321,3 +8321,7 @@ func TestBackend_IDNWithWildcards_AltNames(t *testing.T) { }) } } + +func stringSliceContainsAny(sl []string, substr string) bool { + return slices.ContainsFunc(sl, func(s string) bool { return strings.Contains(s, substr) }) +} diff --git a/changelog/_14581.txt b/changelog/_14581.txt new file mode 100644 index 0000000000..f0a5c600ed --- /dev/null +++ b/changelog/_14581.txt @@ -0,0 +1,3 @@ +```release-note:security +core: Update github.com/apache/thrift to fix security vulnerability GHSA-wf45-q9ch-q8gh +``` diff --git a/go.mod b/go.mod index 7d9b5c401b..ab165fccaf 100644 --- a/go.mod +++ b/go.mod @@ -245,7 +245,9 @@ require ( require ( github.com/andybalholm/brotli v1.2.0 // indirect - github.com/apache/thrift v0.22.0 // indirect + // We're currently pulling v0.23.0 + a 32 bit fix: https://github.com/apache/thrift/commit/d2acd3c49e5832cb0179f72b111c4ad5bd89c4c5 + // until a new version is release. + github.com/apache/thrift v0.23.1-0.20260429145742-d2acd3c49e58 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect github.com/aws/aws-sdk-go-v2/service/signin v1.0.9 // indirect github.com/containerd/errdefs v1.0.0 // indirect diff --git a/go.sum b/go.sum index 5e1125eb6d..678154846d 100644 --- a/go.sum +++ b/go.sum @@ -184,8 +184,8 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFI github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/apache/arrow-go/v18 v18.4.0 h1:/RvkGqH517iY8bZKc4FD5/kkdwXJGjxf28JIXbJ/oB0= github.com/apache/arrow-go/v18 v18.4.0/go.mod h1:Aawvwhj8x2jURIzD9Moy72cF0FyJXOpkYpdmGRHcw14= -github.com/apache/thrift v0.22.0 h1:r7mTJdj51TMDe6RtcmNdQxgn9XcyfGDOzegMDRg47uc= -github.com/apache/thrift v0.22.0/go.mod h1:1e7J/O1Ae6ZQMTYdy9xa3w9k+XHWPfRvdPyJeynQ+/g= +github.com/apache/thrift v0.23.1-0.20260429145742-d2acd3c49e58 h1:rDLE+tSW60VzRD7v5I+DU22Mjhmm+mfLc5Xl5dHkx6w= +github.com/apache/thrift v0.23.1-0.20260429145742-d2acd3c49e58/go.mod h1:zPt6WxgvTOM6hF92y8C+MkEM5LMxZuk4JcQOiU4Esvs= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= github.com/apple/foundationdb/bindings/go v0.0.0-20190411004307-cd5c9d91fad2 h1:VoHKYIXEQU5LWoambPBOvYxyLqZYHuj+rj5DVnMUc3k=