Skip to content

Commit e64a4c1

Browse files
dirkmuellerdirkmueller
committed
Update to oauth2 0.28 (addresses GO-2025-3488)
The previous version contained a vunerability that allows an attacker to pass a malicious/malformed token which causes unexpected memory to be consumed during parsing.
1 parent 098045d commit e64a4c1

File tree

2 files changed

+3
-3
lines changed

2 files changed

+3
-3
lines changed

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ require (
1313
github.com/opencontainers/go-digest v1.0.0
1414
github.com/opencontainers/image-spec v1.1.0
1515
github.com/spf13/cobra v1.8.1
16-
golang.org/x/oauth2 v0.25.0
16+
golang.org/x/oauth2 v0.28.0
1717
golang.org/x/sync v0.10.0
1818
golang.org/x/tools v0.29.0
1919
)

go.sum

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)