{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":545592798,"defaultBranch":"main","name":"dsv-k8s-sidecar","ownerLogin":"DelineaXPM","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2022-10-04T16:37:22.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/100946329?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1715331180.0","currentOid":""},"activityList":{"items":[{"before":"cc4611e47dd9c7bab975a49bb3f6c5ffcbf8a080","after":null,"ref":"refs/heads/renovate/go-golang.org/x/net-vulnerability","pushedAt":"2024-05-10T08:53:00.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"renovate[bot]","name":null,"path":"/apps/renovate","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/2740?s=80&v=4"}},{"before":null,"after":"cc4611e47dd9c7bab975a49bb3f6c5ffcbf8a080","ref":"refs/heads/renovate/go-golang.org/x/net-vulnerability","pushedAt":"2024-04-16T17:50:32.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"renovate[bot]","name":null,"path":"/apps/renovate","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/2740?s=80&v=4"},"commit":{"message":"security(deps): update 🛡️ golang.org/x/net to v0.23.0 [security]","shortMessageHtmlLink":"security(deps): update 🛡️ golang.org/x/net to v0.23.0 [security]"}},{"before":"7966d04cfe00376cb608cb4aff511131a0cc5f13","after":"ca4be0b6b72bb5729189139adb2902e766f458a1","ref":"refs/heads/renovate/go-google.golang.org/grpc-vulnerability","pushedAt":"2024-01-25T17:33:03.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"renovate[bot]","name":null,"path":"/apps/renovate","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/2740?s=80&v=4"},"commit":{"message":"security(deps): update 🛡️ google.golang.org/grpc to v1.56.3 [security]","shortMessageHtmlLink":"security(deps): update 🛡️ google.golang.org/grpc to v1.56.3 [security]"}},{"before":"7944618be071f2b51d7e15af4aab68b84f930b36","after":"f26d085be00b90ea262d2a13b6755e1366edc6a4","ref":"refs/heads/main","pushedAt":"2024-01-25T17:32:04.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sheldonhull","name":"sheldonhull","path":"/sheldonhull","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3526320?s=80&v=4"},"commit":{"message":"ci(test): adjust triggers to pull request to be on target main [skip ci]","shortMessageHtmlLink":"ci(test): adjust triggers to pull request to be on target main [skip ci]"}},{"before":"e26f6632ae0ae288d8296bea48371d714b9ad316","after":"7966d04cfe00376cb608cb4aff511131a0cc5f13","ref":"refs/heads/renovate/go-google.golang.org/grpc-vulnerability","pushedAt":"2024-01-25T17:15:55.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"renovate[bot]","name":null,"path":"/apps/renovate","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/2740?s=80&v=4"},"commit":{"message":"security(deps): update 🛡️ google.golang.org/grpc to v1.56.3 [security]","shortMessageHtmlLink":"security(deps): update 🛡️ google.golang.org/grpc to v1.56.3 [security]"}},{"before":"7cb19cf533279b65c23af0ccf5a81ba43d5132f9","after":"7944618be071f2b51d7e15af4aab68b84f930b36","ref":"refs/heads/main","pushedAt":"2024-01-25T17:15:01.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sheldonhull","name":"sheldonhull","path":"/sheldonhull","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3526320?s=80&v=4"},"commit":{"message":"ci(lint): adjust triggering logic to reduce wasted runs on main, now just pr [skip ci]","shortMessageHtmlLink":"ci(lint): adjust triggering logic to reduce wasted runs on main, now …"}},{"before":"3fcc01735668c6f75fd3948b27889665ef1dddad","after":"7cb19cf533279b65c23af0ccf5a81ba43d5132f9","ref":"refs/heads/main","pushedAt":"2024-01-25T15:29:12.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sheldonhull","name":"sheldonhull","path":"/sheldonhull","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3526320?s=80&v=4"},"commit":{"message":"chore(deps): bump trunk tooling [skip ci]","shortMessageHtmlLink":"chore(deps): bump trunk tooling [skip ci]"}},{"before":"bfb503ca20726ff513916c0465d0052dc99514a0","after":"e26f6632ae0ae288d8296bea48371d714b9ad316","ref":"refs/heads/renovate/go-google.golang.org/grpc-vulnerability","pushedAt":"2024-01-25T15:28:54.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"renovate[bot]","name":null,"path":"/apps/renovate","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/2740?s=80&v=4"},"commit":{"message":"security(deps): update 🛡️ google.golang.org/grpc to v1.56.3 [security]","shortMessageHtmlLink":"security(deps): update 🛡️ google.golang.org/grpc to v1.56.3 [security]"}},{"before":"12cd5cc73c05e99b36bf3665d8b674420f132b97","after":"3fcc01735668c6f75fd3948b27889665ef1dddad","ref":"refs/heads/main","pushedAt":"2024-01-25T15:27:22.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sheldonhull","name":"sheldonhull","path":"/sheldonhull","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3526320?s=80&v=4"},"commit":{"message":"style(changie-trigger-changelog): ✏️ fix name from lint to changelog [skip ci]","shortMessageHtmlLink":"style(changie-trigger-changelog): ✏️ fix name from lint to changelog …"}},{"before":"51c7a305376798217155063f45edebb3007b8809","after":"bfb503ca20726ff513916c0465d0052dc99514a0","ref":"refs/heads/renovate/go-google.golang.org/grpc-vulnerability","pushedAt":"2024-01-23T16:22:01.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"renovate[bot]","name":null,"path":"/apps/renovate","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/2740?s=80&v=4"},"commit":{"message":"chore(deps): update ⬆️ gomod google.golang.org/grpc to v1.56.3 [security]","shortMessageHtmlLink":"chore(deps): update ⬆️ gomod google.golang.org/grpc to v1.56.3 [secur…"}},{"before":"97c8035a8ce9cef73698b43a249a41eda0fcaacb","after":"12cd5cc73c05e99b36bf3665d8b674420f132b97","ref":"refs/heads/main","pushedAt":"2024-01-23T16:20:36.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sheldonhull","name":"sheldonhull","path":"/sheldonhull","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3526320?s=80&v=4"},"commit":{"message":"ci: add changie-trigger-release [skip ci]","shortMessageHtmlLink":"ci: add changie-trigger-release [skip ci]"}},{"before":null,"after":"51c7a305376798217155063f45edebb3007b8809","ref":"refs/heads/renovate/go-google.golang.org/grpc-vulnerability","pushedAt":"2024-01-23T15:23:38.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"renovate[bot]","name":null,"path":"/apps/renovate","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/2740?s=80&v=4"},"commit":{"message":"chore(deps): update ⬆️ gomod google.golang.org/grpc to v1.56.3 [security]","shortMessageHtmlLink":"chore(deps): update ⬆️ gomod google.golang.org/grpc to v1.56.3 [secur…"}},{"before":"b2641ba01848d3a3e80966a9214c6f62bd31c015","after":"97c8035a8ce9cef73698b43a249a41eda0fcaacb","ref":"refs/heads/main","pushedAt":"2024-01-18T15:54:24.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sheldonhull","name":"sheldonhull","path":"/sheldonhull","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3526320?s=80&v=4"},"commit":{"message":" ci(lint): revert permissions back to being specific","shortMessageHtmlLink":" ci(lint): revert permissions back to being specific"}},{"before":"6e2b1b571173f452195bdefb2280313b74f4c3e0","after":"b2641ba01848d3a3e80966a9214c6f62bd31c015","ref":"refs/heads/main","pushedAt":"2024-01-18T15:43:38.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sheldonhull","name":"sheldonhull","path":"/sheldonhull","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3526320?s=80&v=4"},"commit":{"message":" ci(lint): declare permissions because it complained","shortMessageHtmlLink":" ci(lint): declare permissions because it complained"}},{"before":"3f2d176d3a68b7737e4d72d95f32f4fbf57843c7","after":"6e2b1b571173f452195bdefb2280313b74f4c3e0","ref":"refs/heads/main","pushedAt":"2024-01-18T15:41:48.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"sheldonhull","name":"sheldonhull","path":"/sheldonhull","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3526320?s=80&v=4"},"commit":{"message":"ci(lint): remove permission declaration as in upstream template","shortMessageHtmlLink":"ci(lint): remove permission declaration as in upstream template"}},{"before":"efbcd41e9305c18dd83beccbf023a37a5c3ed472","after":null,"ref":"refs/heads/whitesource-remediate/gomod","pushedAt":"2024-01-18T15:36:59.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"sheldonhull","name":"sheldonhull","path":"/sheldonhull","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3526320?s=80&v=4"}},{"before":"cfa8202fe06dc19ffcd3feb1f599a44d47b5295e","after":"3f2d176d3a68b7737e4d72d95f32f4fbf57843c7","ref":"refs/heads/main","pushedAt":"2024-01-18T15:36:58.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"sheldonhull","name":"sheldonhull","path":"/sheldonhull","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3526320?s=80&v=4"},"commit":{"message":"chore(deps): update gomod (#58)\n\n- bump all packages that are compatible with current code.\r\n- migrate from prior deleted jwt repo to the new public copy\r\n- protobuf and grpc have incompatible changes with current code and require development effort in future: related AB#548696\r\n- Tests pass.\r\n- Remove toolchain reference to maximize renovate compatibility.\r\n- release using latest go version in build environment.\r\n\r\nCo-authored-by: mend-for-github-com[bot] <50673670+mend-for-github-com[bot]@users.noreply.github.com>\r\nCo-authored-by: Sheldon Hull <sheldonhull@users.noreply.github.com>\r\nCo-authored-by: Andrii Zakurenyi <andrii-zakurenyi@users.noreply.github.com>","shortMessageHtmlLink":"chore(deps): update gomod (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2082523304\" data-permission-text=\"Title is private\" data-url=\"https://github.com/DelineaXPM/dsv-k8s-sidecar/issues/58\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/DelineaXPM/dsv-k8s-sidecar/pull/58/hovercard\" href=\"https://github.com/DelineaXPM/dsv-k8s-sidecar/pull/58\">#58</a>)"}},{"before":"4b319712a05df33f7470a977f581d3b76c19ac33","after":"efbcd41e9305c18dd83beccbf023a37a5c3ed472","ref":"refs/heads/whitesource-remediate/gomod","pushedAt":"2024-01-18T15:33:54.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sheldonhull","name":"sheldonhull","path":"/sheldonhull","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3526320?s=80&v=4"},"commit":{"message":" chore: bump dependencies and version","shortMessageHtmlLink":" chore: bump dependencies and version"}},{"before":"4429d24f05156ca451d63f953e088ab9953dd07a","after":"4b319712a05df33f7470a977f581d3b76c19ac33","ref":"refs/heads/whitesource-remediate/gomod","pushedAt":"2024-01-18T15:28:07.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sheldonhull","name":"sheldonhull","path":"/sheldonhull","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3526320?s=80&v=4"},"commit":{"message":" chore: manually updatee\n\n- update transitive dependencies for go\n- update only the compatible packages that don't require api changes (so known issue on protobuf and grpc","shortMessageHtmlLink":" chore: manually updatee"}},{"before":"4f06fda55ba96e14d6fb7111fbea12c67f6dcdc4","after":"4429d24f05156ca451d63f953e088ab9953dd07a","ref":"refs/heads/whitesource-remediate/gomod","pushedAt":"2024-01-18T05:40:24.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"mend-for-github-com[bot]","name":null,"path":"/apps/mend-for-github-com","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/30796?s=80&v=4"},"commit":{"message":"chore(deps): update gomod","shortMessageHtmlLink":"chore(deps): update gomod"}},{"before":null,"after":"4f06fda55ba96e14d6fb7111fbea12c67f6dcdc4","ref":"refs/heads/whitesource-remediate/gomod","pushedAt":"2024-01-15T18:37:22.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mend-for-github-com[bot]","name":null,"path":"/apps/mend-for-github-com","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/30796?s=80&v=4"},"commit":{"message":"chore(deps): update gomod","shortMessageHtmlLink":"chore(deps): update gomod"}},{"before":"850ad9f421c05a22ff7073459958f92f306d7bff","after":null,"ref":"refs/heads/whitesource-remediate/go-golang.org/x/crypto-vulnerability","pushedAt":"2024-01-15T18:05:48.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"mend-for-github-com[bot]","name":null,"path":"/apps/mend-for-github-com","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/30796?s=80&v=4"}},{"before":"c0226fe8ce7f7f662224b062f99e5d213c0fdafd","after":"cfa8202fe06dc19ffcd3feb1f599a44d47b5295e","ref":"refs/heads/main","pushedAt":"2024-01-15T18:05:46.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mend-for-github-com[bot]","name":null,"path":"/apps/mend-for-github-com","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/30796?s=80&v=4"},"commit":{"message":"chore(deps): update ⬆️ gomod to v0.17.0 (#50)\n\nThis PR contains the following updates:\n\n| Package | Change | Age | Adoption | Passing | Confidence |\n|---|---|---|---|---|---|\n| golang.org/x/crypto | `v0.14.0` -> `v0.17.0` |\n[![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fcrypto/v0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\n|\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/golang.org%2fx%2fcrypto/v0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\n|\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/golang.org%2fx%2fcrypto/v0.14.0/v0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\n|\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fcrypto/v0.14.0/v0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\n|\n\n### GitHub Vulnerability Alerts\n\n####\n[CVE-2023-48795](https://togithub.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8)\n\n### Summary\n\nTerrapin is a prefix truncation attack targeting the SSH protocol. More\nprecisely, Terrapin breaks the integrity of SSH's secure channel. By\ncarefully adjusting the sequence numbers during the handshake, an\nattacker can remove an arbitrary amount of messages sent by the client\nor server at the beginning of the secure channel without the client or\nserver noticing it.\n\n### Mitigations\n\nTo mitigate this protocol vulnerability, OpenSSH suggested a so-called\n\"strict kex\" which alters the SSH handshake to ensure a\nMan-in-the-Middle attacker cannot introduce unauthenticated messages as\nwell as convey sequence number manipulation across handshakes.\n\n**Warning: To take effect, both the client and server must support this\ncountermeasure.**\n\nAs a stop-gap measure, peers may also (temporarily) disable the affected\nalgorithms and use unaffected alternatives like AES-GCM instead until\npatches are available.\n\n### Details\n\nThe SSH specifications of ChaCha20-Poly1305\n(chacha20-poly1305@&#8203;openssh.com) and Encrypt-then-MAC\n(*-etm@openssh.com MACs) are vulnerable against an arbitrary prefix\ntruncation attack (a.k.a. Terrapin attack). This allows for an extension\nnegotiation downgrade by stripping the SSH_MSG_EXT_INFO sent after the\nfirst message after SSH_MSG_NEWKEYS, downgrading security, and disabling\nattack countermeasures in some versions of OpenSSH. When targeting\nEncrypt-then-MAC, this attack requires the use of a CBC cipher to be\npractically exploitable due to the internal workings of the cipher mode.\nAdditionally, this novel attack technique can be used to exploit\npreviously unexploitable implementation flaws in a Man-in-the-Middle\nscenario.\n\nThe attack works by an attacker injecting an arbitrary number of\nSSH_MSG_IGNORE messages during the initial key exchange and consequently\nremoving the same number of messages just after the initial key exchange\nhas concluded. This is possible due to missing authentication of the\nexcess SSH_MSG_IGNORE messages and the fact that the implicit sequence\nnumbers used within the SSH protocol are only checked after the initial\nkey exchange.\n\nIn the case of ChaCha20-Poly1305, the attack is guaranteed to work on\nevery connection as this cipher does not maintain an internal state\nother than the message's sequence number. In the case of\nEncrypt-Then-MAC, practical exploitation requires the use of a CBC\ncipher; while theoretical integrity is broken for all ciphers when using\nthis mode, message processing will fail at the application layer for CTR\nand stream ciphers.\n\nFor more details see\n[https://terrapin-attack.com](https://terrapin-attack.com).\n\n### Impact\n\nThis attack targets the specification of ChaCha20-Poly1305\n(chacha20-poly1305@&#8203;openssh.com) and Encrypt-then-MAC\n(*-etm@openssh.com), which are widely adopted by well-known SSH\nimplementations and can be considered de-facto standard. These\nalgorithms can be practically exploited; however, in the case of\nEncrypt-Then-MAC, we additionally require the use of a CBC cipher. As a\nconsequence, this attack works against all well-behaving SSH\nimplementations supporting either of those algorithms and can be used to\ndowngrade (but not fully strip) connection security in case SSH\nextension negotiation (RFC8308) is supported. The attack may also enable\nattackers to exploit certain implementation flaws in a man-in-the-middle\n(MitM) scenario.\n\n---\n\n### Man-in-the-middle attacker can compromise integrity of secure\nchannel in golang.org/x/crypto\n[CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) /\n[GHSA-45x7-px36-x8w8](https://togithub.com/advisories/GHSA-45x7-px36-x8w8)\n/ [GO-2023-2402](https://pkg.go.dev/vuln/GO-2023-2402)\n\n<details>\n<summary>More information</summary>\n\n#### Details\nA protocol weakness allows a MITM attacker to compromise the integrity\nof the secure channel before it is established, allowing the attacker to\nprevent transmission of a number of messages immediately after the\nsecure channel is established without either side being aware.\n\nThe impact of this attack is relatively limited, as it does not\ncompromise confidentiality of the channel. Notably this attack would\nallow an attacker to prevent the transmission of the SSH2_MSG_EXT_INFO\nmessage, disabling a handful of newer security features.\n\nThis protocol weakness was also fixed in OpenSSH 9.6.\n\n#### Severity\nUnknown\n\n#### References\n- [https://go.dev/issue/64784](https://go.dev/issue/64784)\n- [https://go.dev/cl/550715](https://go.dev/cl/550715)\n-\n[https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d](https://togithub.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d)\n-\n[https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg](https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg)\n-\n[https://www.openssh.com/txt/release-9.6](https://www.openssh.com/txt/release-9.6)\n\nThis data is provided by\n[OSV](https://osv.dev/vulnerability/GO-2023-2402) and the [Go\nVulnerability Database](https://togithub.com/golang/vulndb) ([CC-BY\n4.0](https://togithub.com/golang/vulndb#license)).\n</details>\n\n---\n\n### Prefix Truncation Attack against ChaCha20-Poly1305 and\nEncrypt-then-MAC aka Terrapin\n[CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) /\n[GHSA-45x7-px36-x8w8](https://togithub.com/advisories/GHSA-45x7-px36-x8w8)\n/ [GO-2023-2402](https://pkg.go.dev/vuln/GO-2023-2402)\n\n<details>\n<summary>More information</summary>\n\n#### Details\n##### Summary\n\nTerrapin is a prefix truncation attack targeting the SSH protocol. More\nprecisely, Terrapin breaks the integrity of SSH's secure channel. By\ncarefully adjusting the sequence numbers during the handshake, an\nattacker can remove an arbitrary amount of messages sent by the client\nor server at the beginning of the secure channel without the client or\nserver noticing it.\n\n##### Mitigations\n\nTo mitigate this protocol vulnerability, OpenSSH suggested a so-called\n\"strict kex\" which alters the SSH handshake to ensure a\nMan-in-the-Middle attacker cannot introduce unauthenticated messages as\nwell as convey sequence number manipulation across handshakes.\n\n**Warning: To take effect, both the client and server must support this\ncountermeasure.**\n\nAs a stop-gap measure, peers may also (temporarily) disable the affected\nalgorithms and use unaffected alternatives like AES-GCM instead until\npatches are available.\n\n##### Details\n\nThe SSH specifications of ChaCha20-Poly1305\n(chacha20-poly1305@&#8203;openssh.com) and Encrypt-then-MAC\n(*-etm@openssh.com MACs) are vulnerable against an arbitrary prefix\ntruncation attack (a.k.a. Terrapin attack). This allows for an extension\nnegotiation downgrade by stripping the SSH_MSG_EXT_INFO sent after the\nfirst message after SSH_MSG_NEWKEYS, downgrading security, and disabling\nattack countermeasures in some versions of OpenSSH. When targeting\nEncrypt-then-MAC, this attack requires the use of a CBC cipher to be\npractically exploitable due to the internal workings of the cipher mode.\nAdditionally, this novel attack technique can be used to exploit\npreviously unexploitable implementation flaws in a Man-in-the-Middle\nscenario.\n\nThe attack works by an attacker injecting an arbitrary number of\nSSH_MSG_IGNORE messages during the initial key exchange and consequently\nremoving the same number of messages just after the initial key exchange\nhas concluded. This is possible due to missing authentication of the\nexcess SSH_MSG_IGNORE messages and the fact that the implicit sequence\nnumbers used within the SSH protocol are only checked after the initial\nkey exchange.\n\nIn the case of ChaCha20-Poly1305, the attack is guaranteed to work on\nevery connection as this cipher does not maintain an internal state\nother than the message's sequence number. In the case of\nEncrypt-Then-MAC, practical exploitation requires the use of a CBC\ncipher; while theoretical integrity is broken for all ciphers when using\nthis mode, message processing will fail at the application layer for CTR\nand stream ciphers.\n\nFor more details see\n[https://terrapin-attack.com](https://terrapin-attack.com).\n\n##### Impact\n\nThis attack targets the specification of ChaCha20-Poly1305\n(chacha20-poly1305@&#8203;openssh.com) and Encrypt-then-MAC\n(*-etm@openssh.com), which are widely adopted by well-known SSH\nimplementations and can be considered de-facto standard. These\nalgorithms can be practically exploited; however, in the case of\nEncrypt-Then-MAC, we additionally require the use of a CBC cipher. As a\nconsequence, this attack works against all well-behaving SSH\nimplementations supporting either of those algorithms and can be used to\ndowngrade (but not fully strip) connection security in case SSH\nextension negotiation (RFC8308) is supported. The attack may also enable\nattackers to exploit certain implementation flaws in a man-in-the-middle\n(MitM) scenario.\n\n#### Severity\n- CVSS Score: 5.9 / 10 (Medium)\n- Vector String: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N`\n\n#### References\n-\n[https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8](https://togithub.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8)\n-\n[https://nvd.nist.gov/vuln/detail/CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795)\n-\n[https://github.com/PowerShell/Win32-OpenSSH/issues/2189](https://togithub.com/PowerShell/Win32-OpenSSH/issues/2189)\n-\n[https://github.com/apache/mina-sshd/issues/445](https://togithub.com/apache/mina-sshd/issues/445)\n-\n[https://github.com/cyd01/KiTTY/issues/520](https://togithub.com/cyd01/KiTTY/issues/520)\n-\n[https://github.com/hierynomus/sshj/issues/916](https://togithub.com/hierynomus/sshj/issues/916)\n-\n[https://github.com/janmojzis/tinyssh/issues/81](https://togithub.com/janmojzis/tinyssh/issues/81)\n-\n[https://github.com/mwiede/jsch/issues/457](https://togithub.com/mwiede/jsch/issues/457)\n-\n[https://github.com/paramiko/paramiko/issues/2337](https://togithub.com/paramiko/paramiko/issues/2337)\n-\n[https://github.com/proftpd/proftpd/issues/456](https://togithub.com/proftpd/proftpd/issues/456)\n-\n[https://github.com/ssh-mitm/ssh-mitm/issues/165](https://togithub.com/ssh-mitm/ssh-mitm/issues/165)\n-\n[https://github.com/NixOS/nixpkgs/pull/275249](https://togithub.com/NixOS/nixpkgs/pull/275249)\n-\n[https://github.com/libssh2/libssh2/pull/1291](https://togithub.com/libssh2/libssh2/pull/1291)\n-\n[https://github.com/mwiede/jsch/pull/461](https://togithub.com/mwiede/jsch/pull/461)\n-\n[https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0](https://togithub.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0)\n-\n[https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab](https://togithub.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab)\n-\n[https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d](https://togithub.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d)\n-\n[https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5](https://togithub.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5)\n-\n[https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3](https://togithub.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3)\n-\n[https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951](https://togithub.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951)\n-\n[https://access.redhat.com/security/cve/cve-2023-48795](https://access.redhat.com/security/cve/cve-2023-48795)\n-\n[https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/](https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/)\n- [https://bugs.gentoo.org/920280](https://bugs.gentoo.org/920280)\n-\n[https://bugzilla.redhat.com/show_bug.cgi?id=2254210](https://bugzilla.redhat.com/show_bug.cgi?id=2254210)\n-\n[https://bugzilla.suse.com/show_bug.cgi?id=1217950](https://bugzilla.suse.com/show_bug.cgi?id=1217950)\n-\n[https://crates.io/crates/thrussh/versions](https://crates.io/crates/thrussh/versions)\n-\n[https://filezilla-project.org/versions.php](https://filezilla-project.org/versions.php)\n-\n[https://forum.netgate.com/topic/184941/terrapin-ssh-attack](https://forum.netgate.com/topic/184941/terrapin-ssh-attack)\n-\n[https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6](https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6)\n-\n[https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta](https://togithub.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta)\n-\n[https://github.com/TeraTermProject/teraterm/releases/tag/v5.1](https://togithub.com/TeraTermProject/teraterm/releases/tag/v5.1)\n-\n[https://github.com/advisories/GHSA-45x7-px36-x8w8](https://togithub.com/advisories/GHSA-45x7-px36-x8w8)\n-\n[https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22](https://togithub.com/connectbot/sshlib/compare/2.2.21...2.2.22)\n-\n[https://github.com/drakkan/sftpgo/releases/tag/v2.5.6](https://togithub.com/drakkan/sftpgo/releases/tag/v2.5.6)\n-\n[https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42](https://togithub.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42)\n-\n[https://github.com/erlang/otp/releases/tag/OTP-26.2.1](https://togithub.com/erlang/otp/releases/tag/OTP-26.2.1)\n-\n[https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25](https://togithub.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25)\n-\n[https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15](https://togithub.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15)\n-\n[https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16](https://togithub.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16)\n-\n[https://github.com/openssh/openssh-portable/commits/master](https://togithub.com/openssh/openssh-portable/commits/master)\n-\n[https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES](https://togithub.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES)\n-\n[https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES](https://togithub.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES)\n-\n[https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES](https://togithub.com/proftpd/proftpd/blob/master/RELEASE_NOTES)\n-\n[https://github.com/rapier1/hpn-ssh/releases](https://togithub.com/rapier1/hpn-ssh/releases)\n-\n[https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst](https://togithub.com/ronf/asyncssh/blob/develop/docs/changes.rst)\n-\n[https://github.com/ronf/asyncssh/tags](https://togithub.com/ronf/asyncssh/tags)\n-\n[https://github.com/warp-tech/russh](https://togithub.com/warp-tech/russh)\n-\n[https://github.com/warp-tech/russh/releases/tag/v0.40.2](https://togithub.com/warp-tech/russh/releases/tag/v0.40.2)\n-\n[https://gitlab.com/libssh/libssh-mirror/-/tags](https://gitlab.com/libssh/libssh-mirror/-/tags)\n- [https://go.dev/cl/550715](https://go.dev/cl/550715)\n- [https://go.dev/issue/64784](https://go.dev/issue/64784)\n-\n[https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ](https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ)\n-\n[https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg](https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg)\n-\n[https://help.panic.com/releasenotes/transmit5/](https://help.panic.com/releasenotes/transmit5/)\n-\n[https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/](https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/)\n-\n[https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html](https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html)\n-\n[https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/)\n-\n[https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/)\n-\n[https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/)\n-\n[https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/)\n-\n[https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/)\n-\n[https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/)\n-\n[https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/)\n-\n[https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/)\n-\n[https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/)\n-\n[https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/)\n-\n[https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/)\n-\n[https://matt.ucc.asn.au/dropbear/CHANGES](https://matt.ucc.asn.au/dropbear/CHANGES)\n-\n[https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC](https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC)\n-\n[https://news.ycombinator.com/item?id=38684904](https://news.ycombinator.com/item?id=38684904)\n-\n[https://news.ycombinator.com/item?id=38685286](https://news.ycombinator.com/item?id=38685286)\n-\n[https://news.ycombinator.com/item?id=38732005](https://news.ycombinator.com/item?id=38732005)\n- [https://nova.app/releases/#v11.8](https://nova.app/releases/#v11.8)\n-\n[https://oryx-embedded.com/download/#changelog](https://oryx-embedded.com/download/#changelog)\n-\n[https://roumenpetrov.info/secsh/#news20231220](https://roumenpetrov.info/secsh/#news20231220)\n-\n[https://security-tracker.debian.org/tracker/CVE-2023-48795](https://security-tracker.debian.org/tracker/CVE-2023-48795)\n-\n[https://security-tracker.debian.org/tracker/source-package/libssh2](https://security-tracker.debian.org/tracker/source-package/libssh2)\n-\n[https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg](https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg)\n-\n[https://security-tracker.debian.org/tracker/source-package/trilead-ssh2](https://security-tracker.debian.org/tracker/source-package/trilead-ssh2)\n-\n[https://security.gentoo.org/glsa/202312-16](https://security.gentoo.org/glsa/202312-16)\n-\n[https://security.gentoo.org/glsa/202312-17](https://security.gentoo.org/glsa/202312-17)\n-\n[https://security.netapp.com/advisory/ntap-20240105-0004/](https://security.netapp.com/advisory/ntap-20240105-0004/)\n-\n[https://thorntech.com/cve-2023-48795-and-sftp-gateway/](https://thorntech.com/cve-2023-48795-and-sftp-gateway/)\n-\n[https://twitter.com/TrueSkrillor/status/1736774389725565005](https://twitter.com/TrueSkrillor/status/1736774389725565005)\n-\n[https://ubuntu.com/security/CVE-2023-48795](https://ubuntu.com/security/CVE-2023-48795)\n-\n[https://winscp.net/eng/docs/history#6.2.2](https://winscp.net/eng/docs/history#6.2.2)\n-\n[https://www.bitvise.com/ssh-client-version-history#933](https://www.bitvise.com/ssh-client-version-history#933)\n-\n[https://www.bitvise.com/ssh-server-version-history](https://www.bitvise.com/ssh-server-version-history)\n-\n[https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html](https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html)\n-\n[https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update](https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update)\n-\n[https://www.debian.org/security/2023/dsa-5586](https://www.debian.org/security/2023/dsa-5586)\n-\n[https://www.debian.org/security/2023/dsa-5588](https://www.debian.org/security/2023/dsa-5588)\n-\n[https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc](https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc)\n-\n[https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508](https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508)\n-\n[https://www.netsarang.com/en/xshell-update-history/](https://www.netsarang.com/en/xshell-update-history/)\n-\n[https://www.openssh.com/openbsd.html](https://www.openssh.com/openbsd.html)\n-\n[https://www.openssh.com/txt/release-9.6](https://www.openssh.com/txt/release-9.6)\n-\n[https://www.openwall.com/lists/oss-security/2023/12/18/2](https://www.openwall.com/lists/oss-security/2023/12/18/2)\n-\n[https://www.openwall.com/lists/oss-security/2023/12/20/3](https://www.openwall.com/lists/oss-security/2023/12/20/3)\n-\n[https://www.paramiko.org/changelog.html](https://www.paramiko.org/changelog.html)\n-\n[https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/](https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/)\n-\n[https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/](https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/)\n- [https://www.terrapin-attack.com](https://www.terrapin-attack.com)\n-\n[https://www.theregister.com/2023/12/20/terrapin_attack_ssh](https://www.theregister.com/2023/12/20/terrapin_attack_ssh)\n-\n[https://www.vandyke.com/products/securecrt/history.txt](https://www.vandyke.com/products/securecrt/history.txt)\n-\n[http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html](http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html)\n-\n[http://www.openwall.com/lists/oss-security/2023/12/18/3](http://www.openwall.com/lists/oss-security/2023/12/18/3)\n-\n[http://www.openwall.com/lists/oss-security/2023/12/19/5](http://www.openwall.com/lists/oss-security/2023/12/19/5)\n-\n[http://www.openwall.com/lists/oss-security/2023/12/20/3](http://www.openwall.com/lists/oss-security/2023/12/20/3)\n\nThis data is provided by\n[OSV](https://osv.dev/vulnerability/GHSA-45x7-px36-x8w8) and the [GitHub\nAdvisory Database](https://togithub.com/github/advisory-database)\n([CC-BY\n4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).\n</details>\n\n---\n\n### Configuration\n\n📅 **Schedule**: Branch creation - \"\" (UTC), Automerge - At any time (no\nschedule defined).\n\n🚦 **Automerge**: Enabled.\n\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\nrebase/retry checkbox.\n\n👻 **Immortal**: This PR will be recreated if closed unmerged. Get\n[config help](https://togithub.com/renovatebot/renovate/discussions) if\nthat's undesired.\n\n---\n\n- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check\nthis box\n\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41Mi4wIiwidXBkYXRlZEluVmVyIjoiMzcuMTA4LjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=-->\n\nCo-authored-by: mend-for-github-com[bot] <50673670+mend-for-github-com[bot]@users.noreply.github.com>","shortMessageHtmlLink":"chore(deps): update ⬆️ gomod to v0.17.0 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2053358797\" data-permission-text=\"Title is private\" data-url=\"https://github.com/DelineaXPM/dsv-k8s-sidecar/issues/50\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/DelineaXPM/dsv-k8s-sidecar/pull/50/hovercard\" href=\"https://github.com/DelineaXPM/dsv-k8s-sidecar/pull/50\">#50</a>)"}},{"before":"2b54a0c623ef14d1d4511caa104c0dfd6d3d97a4","after":"3962708184400d25e3176a4eee04a218934a0cb6","ref":"refs/heads/whitesource-remediate/go-google.golang.org/grpc-vulnerability","pushedAt":"2024-01-15T17:54:48.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sheldonhull","name":"sheldonhull","path":"/sheldonhull","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3526320?s=80&v=4"},"commit":{"message":"refactor: remove deprecated option","shortMessageHtmlLink":"refactor: remove deprecated option"}},{"before":"4a7cef2eb2823c03c76933917206febbbb65f3a8","after":null,"ref":"refs/heads/whitesource-remediate/go-golang.org/x/net-vulnerability","pushedAt":"2024-01-15T17:35:53.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"mend-for-github-com[bot]","name":null,"path":"/apps/mend-for-github-com","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/30796?s=80&v=4"}},{"before":"9667b3e61bab53b8c6e04a22b31db55fc68098ac","after":"2b54a0c623ef14d1d4511caa104c0dfd6d3d97a4","ref":"refs/heads/whitesource-remediate/go-google.golang.org/grpc-vulnerability","pushedAt":"2024-01-15T17:35:47.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"mend-for-github-com[bot]","name":null,"path":"/apps/mend-for-github-com","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/30796?s=80&v=4"},"commit":{"message":"chore(deps): update ⬆️ gomod to v1.56.3","shortMessageHtmlLink":"chore(deps): update ⬆️ gomod to v1.56.3"}},{"before":"42f9903720084b2ee8d4ff93812a56d06ae9dda9","after":"850ad9f421c05a22ff7073459958f92f306d7bff","ref":"refs/heads/whitesource-remediate/go-golang.org/x/crypto-vulnerability","pushedAt":"2024-01-15T17:35:18.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"mend-for-github-com[bot]","name":null,"path":"/apps/mend-for-github-com","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/30796?s=80&v=4"},"commit":{"message":"chore(deps): update ⬆️ gomod to v0.17.0","shortMessageHtmlLink":"chore(deps): update ⬆️ gomod to v0.17.0"}},{"before":"544b8ebefa922875b3d146a01238a148b5158449","after":"9667b3e61bab53b8c6e04a22b31db55fc68098ac","ref":"refs/heads/whitesource-remediate/go-google.golang.org/grpc-vulnerability","pushedAt":"2024-01-15T17:34:20.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"mend-for-github-com[bot]","name":null,"path":"/apps/mend-for-github-com","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/30796?s=80&v=4"},"commit":{"message":"chore(deps): update ⬆️ gomod to v1.56.3","shortMessageHtmlLink":"chore(deps): update ⬆️ gomod to v1.56.3"}},{"before":null,"after":"4a7cef2eb2823c03c76933917206febbbb65f3a8","ref":"refs/heads/whitesource-remediate/go-golang.org/x/net-vulnerability","pushedAt":"2024-01-15T17:33:50.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mend-for-github-com[bot]","name":null,"path":"/apps/mend-for-github-com","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/30796?s=80&v=4"},"commit":{"message":"chore(deps): update ⬆️ gomod to v0.17.0","shortMessageHtmlLink":"chore(deps): update ⬆️ gomod to v0.17.0"}},{"before":"063e7c623d913d37b5c20a3f1edc20814ece3e49","after":null,"ref":"refs/heads/whitesource-remediate/go-golang.org/x/net-vulnerability","pushedAt":"2024-01-15T17:33:44.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"mend-for-github-com[bot]","name":null,"path":"/apps/mend-for-github-com","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/30796?s=80&v=4"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAERmLMjQA","startCursor":null,"endCursor":null}},"title":"Activity · DelineaXPM/dsv-k8s-sidecar"}