Commit 37837e7
authored
![cloudquery-ci[bot]](https://avatars.githubusercontent.com/u/74616112?v=4&size=40){kind=avatar}
fix(deps): Update module github.com/apache/thrift to v0.23.0 [SECURITY] (#748)
This PR contains the following updates:
| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [github.com/apache/thrift](https://redirect.github.com/apache/thrift) | `v0.22.0` → `v0.23.0` |  |  |
---
### Apache Thrift TFramedTransport Go language implementation has an Integer Overflow or Wraparound vulnerability
[CVE-2026-41602](https://nvd.nist.gov/vuln/detail/CVE-2026-41602) / [GHSA-wf45-q9ch-q8gh](https://redirect.github.com/advisories/GHSA-wf45-q9ch-q8gh)
<details>
<summary>More information</summary>
#### Details
Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation
This issue affects Apache Thrift: before 0.23.0.
Users are recommended to upgrade to version 0.23.0, which fixes the issue.
#### Severity
- CVSS Score: 7.5 / 10 (High)
- Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H`
#### References
- [https://nvd.nist.gov/vuln/detail/CVE-2026-41602](https://nvd.nist.gov/vuln/detail/CVE-2026-41602)
- [https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql](https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql)
- [http://www.openwall.com/lists/oss-security/2026/04/28/6](http://www.openwall.com/lists/oss-security/2026/04/28/6)
- [https://github.com/advisories/GHSA-wf45-q9ch-q8gh](https://redirect.github.com/advisories/GHSA-wf45-q9ch-q8gh)
This data is provided by the [GitHub Advisory Database](https://redirect.github.com/advisories/GHSA-wf45-q9ch-q8gh) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>
---
### Release Notes
<details>
<summary>apache/thrift (github.com/apache/thrift)</summary>
### [`v0.23.0`](https://redirect.github.com/apache/thrift/releases/tag/v0.23.0): Version 0.23.0
[Compare Source](https://redirect.github.com/apache/thrift/compare/v0.22.0...v0.23.0)
Please head over to the official release download source:
<http://thrift.apache.org/download>
The assets listed below are added by Github based on the release tag and they will therefore not match the checkums published on the Thrift project website.
</details>
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- At any time (no schedule defined)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDAuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE0MC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJhdXRvbWVyZ2UiLCJzZWN1cml0eSJdfQ==-->1 parent cde4439 commit 37837e7
2 files changed
Lines changed: 3 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
15 | 15 | | |
16 | 16 | | |
17 | 17 | | |
18 | | - | |
| 18 | + | |
19 | 19 | | |
20 | 20 | | |
21 | 21 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
3 | 3 | | |
4 | 4 | | |
5 | 5 | | |
6 | | - | |
7 | | - | |
| 6 | + | |
| 7 | + | |
8 | 8 | | |
9 | 9 | | |
10 | 10 | | |
| |||
0 commit comments