Commit 6a1cecb
authored
fix(deps): Update module github.com/buger/jsonparser to v1.1.2 [SECURITY] (#722)
This PR contains the following updates:
| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [github.com/buger/jsonparser](https://redirect.github.com/buger/jsonparser) | `v1.1.1` → `v1.1.2` |  |  |
### GitHub Vulnerability Alerts
#### [GHSA-6g7g-w4f8-9c9x](https://redirect.github.com/buger/jsonparser/issues/275)
The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.
---
### Release Notes
<details>
<summary>buger/jsonparser (github.com/buger/jsonparser)</summary>
### [`v1.1.2`](https://redirect.github.com/buger/jsonparser/releases/tag/v1.1.2)
[Compare Source](https://redirect.github.com/buger/jsonparser/compare/v1.1.1...v1.1.2)
#### What's Changed
- Updated travis to build for 1.13 to 1.15 by [@​janreggie](https://redirect.github.com/janreggie) in [#​225](https://redirect.github.com/buger/jsonparser/pull/225)
- - eliminate 2 allocations in EachKey() by [@​Villenny](https://redirect.github.com/Villenny) in [#​223](https://redirect.github.com/buger/jsonparser/pull/223)
- fix issue [#​150](https://redirect.github.com/buger/jsonparser/issues/150) (in deleting case) by [@​daria-kay](https://redirect.github.com/daria-kay) in [#​226](https://redirect.github.com/buger/jsonparser/pull/226)
- fixing the oss-fuzz issue by [@​daria-kay](https://redirect.github.com/daria-kay) in [#​227](https://redirect.github.com/buger/jsonparser/pull/227)
- Fix parseInt overflow check false negative by [@​carsonip](https://redirect.github.com/carsonip) in [#​231](https://redirect.github.com/buger/jsonparser/pull/231)
- Added bespoke error for null cases by [@​jonomacd](https://redirect.github.com/jonomacd) in [#​228](https://redirect.github.com/buger/jsonparser/pull/228)
- Fuzzing: Add CIFuzz by [@​AdamKorcz](https://redirect.github.com/AdamKorcz) in [#​239](https://redirect.github.com/buger/jsonparser/pull/239)
- Added latest versions of go to tests by [@​moredure](https://redirect.github.com/moredure) in [#​244](https://redirect.github.com/buger/jsonparser/pull/244)
- fix EachKey pIdxFlags allocation by [@​unxcepted](https://redirect.github.com/unxcepted) in [#​241](https://redirect.github.com/buger/jsonparser/pull/241)
- fix: prevent panic on negative slice index in Delete with malformed JSON (GO-2026-4514) by [@​dbarrosop](https://redirect.github.com/dbarrosop) in [#​276](https://redirect.github.com/buger/jsonparser/pull/276)
#### New Contributors
- [@​janreggie](https://redirect.github.com/janreggie) made their first contribution in [#​225](https://redirect.github.com/buger/jsonparser/pull/225)
- [@​Villenny](https://redirect.github.com/Villenny) made their first contribution in [#​223](https://redirect.github.com/buger/jsonparser/pull/223)
- [@​daria-kay](https://redirect.github.com/daria-kay) made their first contribution in [#​226](https://redirect.github.com/buger/jsonparser/pull/226)
- [@​carsonip](https://redirect.github.com/carsonip) made their first contribution in [#​231](https://redirect.github.com/buger/jsonparser/pull/231)
- [@​jonomacd](https://redirect.github.com/jonomacd) made their first contribution in [#​228](https://redirect.github.com/buger/jsonparser/pull/228)
- [@​moredure](https://redirect.github.com/moredure) made their first contribution in [#​244](https://redirect.github.com/buger/jsonparser/pull/244)
- [@​unxcepted](https://redirect.github.com/unxcepted) made their first contribution in [#​241](https://redirect.github.com/buger/jsonparser/pull/241)
- [@​dbarrosop](https://redirect.github.com/dbarrosop) made their first contribution in [#​276](https://redirect.github.com/buger/jsonparser/pull/276)
**Full Changelog**: <buger/jsonparser@v1.1.1...v1.1.2>
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42My4wIiwidXBkYXRlZEluVmVyIjoiNDMuNjMuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYXV0b21lcmdlIiwic2VjdXJpdHkiXX0=-->1 parent ee835b6 commit 6a1cecb
2 files changed
Lines changed: 3 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
18 | 18 | | |
19 | 19 | | |
20 | 20 | | |
21 | | - | |
| 21 | + | |
22 | 22 | | |
23 | 23 | | |
24 | 24 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
12 | 12 | | |
13 | 13 | | |
14 | 14 | | |
15 | | - | |
16 | | - | |
| 15 | + | |
| 16 | + | |
17 | 17 | | |
18 | 18 | | |
19 | 19 | | |
| |||
0 commit comments