Startsida Utforska Hjälp
Logga in
akillibulut
/
cost-model
spegling av https://github.com/kubecost/cost-model
2
0
Fork 0
Filer Ärenden 0 Wiki
Bläddra i källkod

fix: upgrade modelcontextprotocol/go-sdk to v1.4.1 to fix GHSA-q382-vc8q-7jhj

Bumps github.com/modelcontextprotocol/go-sdk from v1.4.0 to v1.4.1 to address
a high-severity (CVSS 8.2) security vulnerability (GHSA-q382-vc8q-7jhj).

The vulnerability involves improper handling of null Unicode characters during
JSON parsing, which could allow a "last key wins" override of MCP message fields,
potentially bypassing intermediary inspection/filtering logic.

Signed-off-by: Claude <noreply@anthropic.com>
Claude 1 månad sedan
förälder
44016ce86a
incheckning
bab43958ba
2 ändrade filer med 3 tillägg och 3 borttagningar
Delad Vy Visa Diff Statistik
  1. 1 1
      go.mod
  2. 2 2
      go.sum

+ 1 - 1
go.mod
Visa fil 

@@ -40,7 +40,7 @@ require (
 
 	github.com/julienschmidt/httprouter v1.3.0
 
 	github.com/kubecost/events v0.0.8
 
 	github.com/microcosm-cc/bluemonday v1.0.27
 
-	github.com/modelcontextprotocol/go-sdk v1.4.0
 
+	github.com/modelcontextprotocol/go-sdk v1.4.1
 
 	github.com/opencost/opencost/core v0.0.0-20250521155634-81d2b597d1bc
 
 	github.com/opencost/opencost/modules/collector-source v0.0.0-00010101000000-000000000000
 
 	github.com/opencost/opencost/modules/prometheus-source v0.0.0-00010101000000-000000000000

+ 2 - 2
go.sum
Visa fil 

@@ -351,8 +351,8 @@ github.com/minio/minio-go/v7 v7.0.98 h1:MeAVKjLVz+XJ28zFcuYyImNSAh8Mq725uNW4beRi
 
 github.com/minio/minio-go/v7 v7.0.98/go.mod h1:cY0Y+W7yozf0mdIclrttzo1Iiu7mEf9y7nk2uXqMOvM=
 
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 
-github.com/modelcontextprotocol/go-sdk v1.4.0 h1:u0kr8lbJc1oBcawK7Df+/ajNMpIDFE41OEPxdeTLOn8=
 
-github.com/modelcontextprotocol/go-sdk v1.4.0/go.mod h1:Nxc2n+n/GdCebUaqCOhTetptS17SXXNu9IfNTaLDi1E=
 
+github.com/modelcontextprotocol/go-sdk v1.4.1 h1:M4x9GyIPj+HoIlHNGpK2hq5o3BFhC+78PkEaldQRphc=
 
+github.com/modelcontextprotocol/go-sdk v1.4.1/go.mod h1:Bo/mS87hPQqHSRkMv4dQq1XCu6zv4INdXnFZabkNU6s=
 
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=