xmidt-org / arrange Goto Github PK
View Code? Open in Web Editor NEWAllows types unmarshaled from viper to be used as components and implements conditional components
License: Apache License 2.0
Allows types unmarshaled from viper to be used as components and implements conditional components
License: Apache License 2.0
[mirror] Go packages for low-level interaction with the operating system
Library home page: https://proxy.golang.org/golang.org/x/sys/@v/v0.0.0-20220520151302-bc2c85ada10a.zip
Dependency Hierarchy:
Found in HEAD commit: 451664259ff0829a88426acfd243e9a7c6027d62
Found in base branch: main
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
Publish Date: 2022-12-08
URL: CVE-2022-41717
Base Score Metrics:
Step up your Open Source Security Game with Mend here
Library home page: https://proxy.golang.org/golang.org/x/text/@v/v0.3.7.zip
Dependency Hierarchy:
Found in HEAD commit: 451664259ff0829a88426acfd243e9a7c6027d62
Found in base branch: main
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.
Publish Date: 2022-10-14
URL: CVE-2022-32149
Base Score Metrics:
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2022-32149
Release Date: 2022-10-14
Fix Resolution: v0.3.8
Step up your Open Source Security Game with Mend here
YAML support for the Go language.
Dependency Hierarchy:
Found in base branch: main
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.
Publish Date: 2022-05-19
URL: CVE-2022-28948
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-hp87-p4gw-j4gq
Release Date: 2022-05-19
Fix Resolution: 3.0.0
Step up your Open Source Security Game with Mend here
gRPC is a modern, open-source, high-performance remote procedure call (RPC) framework that can run anywhere. It's an ideal fit for this package and would offer an efficient and effective alternative to the REST-based communication methods. The use of Protocol Buffers (protobuf) as the interface definition language in gRPC could also offer a performance boost.
*grpc.Server
*grpc.Server
grpc.ClientConn
grpc.ClientConn
Library home page: https://proxy.golang.org/golang.org/x/text/@v/v0.3.5.zip
Dependency Hierarchy:
Found in HEAD commit: f0d954e4dcc0f29c683f57fb0129ebcf7631ba75
Found in base branch: main
Due to improper index calculation, an incorrectly formatted language tag can cause Parse
to panic, due to an out of bounds read. If Parse is used to process untrusted user inputs,
this may be used as a vector for a denial of service attack.
Publish Date: 2021-08-12
URL: CVE-2021-38561
Base Score Metrics:
Type: Upgrade version
Origin: https://osv.dev/vulnerability/GO-2021-0113
Release Date: 2021-08-12
Fix Resolution: v0.3.7
Step up your Open Source Security Game with Mend here
Line 44 in 5049fa6
arrange
is too big at this point. We should break it up into at least the following functional areas:
(1) Configuration and command-line parsing
(2) Any interesting reflection utilities that would be commonly useful
(3) HTTP and TLS container code
Historically, XMiDT servers used to emit this header (in all HTTP responses) which indicates when the server last started. Here's an example of what the header key and values used to look like:
X-Scytale-Start-Time: 14 Jul 21 19:36 UTC
We could follow the same behavior implemented in Themis: instrumenting the root gorilla mux router and using the server name as the name for a node's main span.
https://github.com/xmidt-org/themis/blob/main/xhttp/xhttpserver/unmarshal.go#L62
Fix broken logger related unit tests
There are a few features in arrange
that aren't necessary any longer given the enhancements to the underlying go.uber.org/fx
library. We should prune those and use the fx
functionality where possible.
A short list of these features includes:
(1) fx.Printer
support
(2) dynamic invocation
(3) HTTP options that are better supplied using decoration now
[mirror] Go packages for low-level interaction with the operating system
Dependency Hierarchy:
Found in HEAD commit: f0d954e4dcc0f29c683f57fb0129ebcf7631ba75
Found in base branch: main
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.
Publish Date: 2022-06-23
URL: CVE-2022-29526
Base Score Metrics:
Step up your Open Source Security Game with Mend here
We could follow the same behavior implemented in Themis: instrumenting the transport.
https://github.com/xmidt-org/themis/blob/main/xhttp/xhttpclient/unmarshal.go#L37
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.