astelm/grpcurl
1
0
Fork 0
mirror of https://github.com/fullstorydev/grpcurl.git synced 2026-06-11 13:31:46 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
2922de784bd08157be65b9757306034816f4c9d7
grpcurl/go.mod
Shreyas Sriram 2922de784b Bump google.golang.org/grpc to v1.79.3 (CVE-2026-33186 + 3 transitive CVEs) (#559) 
* Bump google.golang.org/grpc to v1.79.3 and transitive deps

Upgrades google.golang.org/grpc from v1.66.2 to v1.79.3 to remediate
CVE-2026-33186 (Critical severity, known exploit per VulnCheck).

This also pulls in updated transitive deps that fix additional CVEs:
- golang.org/x/net v0.38.0 → v0.48.0 (CVE-2025-22870, CVE-2025-22872)
- golang.org/x/oauth2 v0.27.0 → v0.34.0 (CVE-2025-22868)
- golang.org/x/sys v0.31.0 → v0.39.0
- golang.org/x/text v0.23.0 → v0.32.0
- cel.dev/expr v0.15.0 → v0.25.1

All existing tests pass.

* Also bump github.com/go-jose/go-jose/v4 to v4.1.4 (Medium vuln)
2026-05-26 15:01:26 -04:00

35 lines
1.3 KiB
Modula-2
Raw Blame History

module github.com/fullstorydev/grpcurl
go 1.24.0
toolchain go1.24.1
require (
github.com/golang/protobuf v1.5.4
github.com/jhump/protoreflect v1.18.0
google.golang.org/grpc v1.79.3
google.golang.org/protobuf v1.36.11
)
require (
cel.dev/expr v0.25.1 // indirect
cloud.google.com/go/compute/metadata v0.9.0 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 // indirect
github.com/envoyproxy/go-control-plane/envoy v1.36.0 // indirect
github.com/envoyproxy/protoc-gen-validate v1.3.0 // indirect
github.com/go-jose/go-jose/v4 v4.1.4 // indirect
github.com/jhump/protoreflect/v2 v2.0.0-beta.1 // indirect
github.com/petermattis/goid v0.0.0-20260113132338-7c7de50cc741 // indirect
github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
github.com/spiffe/go-spiffe/v2 v2.6.0 // indirect
github.com/stretchr/testify v1.11.1 // indirect
golang.org/x/net v0.48.0 // indirect
golang.org/x/oauth2 v0.34.0 // indirect
golang.org/x/sync v0.19.0 // indirect
golang.org/x/sys v0.39.0 // indirect
golang.org/x/text v0.32.0 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect
)
Reference in New Issue View Git Blame Copy Permalink