Adress CVE-2024-6104 in github.com/hashicorp/go-retryablehttp (!4858) · Merge requests · GitLab.org / gitlab-runner · GitLab

Hannes Hörl requested to merge hhoerl/address-CVE-2024-6104 into main Jul 03, 2024

What does this MR do?

Adress CVE-2024-6104 in github.com/hashicorp/go-retryablehttp

Bumping the version from v0.7.5 to v0.7.7 fixes this medium severity vulnerability.

Why was this MR needed?

To be less vulnerable.

What's the best way to test this MR?

Run trivy / grype against the binary / image.

What are the relevant issue numbers?

https://nvd.nist.gov/vuln/detail/CVE-2024-6104

closes: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/37832
closes: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/37833