Update transitive markdown parser dependency (#12)

Using https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck to validate [the CVE] it notes that: ``` Scanning your code and 340 packages across 57 dependent modules for known vulnerabilities... === Informational === Found 1 vulnerability in packages that you import, but there are no call stacks leading to the use of this vulnerability. You may not need to take any action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck for details. Vulnerability #1: GO-2023-2074 Parser out-of-bounds read vulnerability caused by a malformed markdown input More info: https://pkg.go.dev/vuln/GO-2023-2074 Module: github.com/gomarkdown/markdown Found in: github.com/gomarkdown/markdown@v0.0.0-20230716120725-531d2d74bc12 Fixed in: github.com/gomarkdown/markdown@v0.0.0-20230922105210-14b16010c2ee No vulnerabilities found. Share feedback at https://go.dev/s/govulncheck-feedback. ``` This means that for most users of this package, they are unaffected, but to make sure that we keep this package CVE free, we can update the transitive dependency. We cannot update Iris, which pulls in this dependency, due to it now requiring Go 1.21, and we do not want to require Go 1.21 for consumers. Co-authored-by: Paul Imbert <9633306-pimbert@users.noreply.gitlab.com> Co-authored-by: Jamie Tanna <jamie.tanna@elastic.co> [the CVE]: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOMARKDOWNMARKDOWNPARSER-5916451
oapi-codegen · Jan 3, 2024 · 5b79714 · 5b79714
1 parent 53c0dbc
commit 5b79714
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/go.mod b/go.mod
@@ -32,7 +32,7 @@ require (
 	github.com/go-playground/validator/v10 v10.14.1 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
-	github.com/gomarkdown/markdown v0.0.0-20230716120725-531d2d74bc12 // indirect
+	github.com/gomarkdown/markdown v0.0.0-20230922112808-5421fefb8386 // indirect
 	github.com/gorilla/css v1.0.0 // indirect
 	github.com/iris-contrib/schema v0.0.6 // indirect
 	github.com/josharian/intern v1.0.0 // indirect

diff --git a/go.sum b/go.sum
@@ -56,8 +56,8 @@ github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MG
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
 github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/gomarkdown/markdown v0.0.0-20230716120725-531d2d74bc12 h1:uK3X/2mt4tbSGoHvbLBHUny7CKiuwUip3MArtukol4E=
-github.com/gomarkdown/markdown v0.0.0-20230716120725-531d2d74bc12/go.mod h1:JDGcbDT52eL4fju3sZ4TeHGsQwhG9nbDV21aMyhwPoA=
+github.com/gomarkdown/markdown v0.0.0-20230922112808-5421fefb8386 h1:EcQR3gusLHN46TAD+G+EbaaqJArt5vHhNpXAa12PQf4=
+github.com/gomarkdown/markdown v0.0.0-20230922112808-5421fefb8386/go.mod h1:JDGcbDT52eL4fju3sZ4TeHGsQwhG9nbDV21aMyhwPoA=
 github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=