Giter VIP home page Giter VIP logo

edu-102-go-code's People

Contributors

angelazhou32 avatar ggranjus avatar iamdanhart avatar tomwheeler avatar

Stargazers

avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar

Forkers

ggranjus jakejscott saputradharma sean-sekora qiuzhanghua bhataprameya iamdanhart nikitha2404 kmorin aoao54 angelazhou32 temporalio arbarikcp wmcqueenzava jingb-anz briannqc prasek

edu-102-go-code's Issues

version-workflow exercise error

Describe the bug
ReplayWorkflowHistoryFromJSONFile fails when using the Download functionality with the temporal cli tool

The error is:

unknown field "normalName" in taskqueue.TaskQueue

Note: If you're having issues with the course, or need assistance with the course itself, please post your questions to the support forum at https://community.temporal.io/c/training

To Reproduce
Steps to reproduce the behavior:
2. Clone this repository
3. Run temporal cli (temporal version 0.10.6 (server 1.22.0) (ui 2.18.2)
4. Follow Part A in exercises/version-workflow/READEME.md
5. Copy the TestReplayWorkflowHistoryFromFile test from solution/workflow_test.go to the practice directory
6. Run the go tests in the practice directory.
7. See error: unknown field "normalName" in taskqueue.TaskQueue

Expected behavior
Part B of the practice instructions expects the error to be a non-deterministic error.

Screenshots
Screenshot 2023-10-11 at 3 06 49 PM

Desktop (please complete the following information):

  • OS: macOS 13.4
  • Browser chrome
  • Version 117

Smartphone (please complete the following information):

  • N/A
  • Are you using Gitpod or developing locally? developing locally

Additional context
Add any other context about the problem here.

go.temporal.io/sdk-v1.19.0: 1 vulnerabilities (highest severity is: 7.5)

Vulnerable Library - go.temporal.io/sdk-v1.19.0

Path to dependency file: /go.mod

Path to vulnerable library: /go/pkg/mod/cache/download/golang.org/x/net/@v/v0.1.0.mod

Found in HEAD commit: 3848d5932e09131ed8410f24e1e732e621f48c3f

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (go.temporal.io/sdk-v1.19.0 version) Remediation Possible**
CVE-2023-39325 High 7.5 golang.org/x/net-v0.1.0 Transitive N/A* โŒ

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-39325

Vulnerable Library - golang.org/x/net-v0.1.0

[mirror] Go supplementary network libraries

Library home page: https://proxy.golang.org/golang.org/x/net/@v/v0.1.0.zip

Path to dependency file: /go.mod

Path to vulnerable library: /go/pkg/mod/cache/download/golang.org/x/net/@v/v0.1.0.mod

Dependency Hierarchy:

  • go.temporal.io/sdk-v1.19.0 (Root Library)
    • google.golang.org/grpc-v1.50.1
      • โŒ golang.org/x/net-v0.1.0 (Vulnerable Library)

Found in HEAD commit: 3848d5932e09131ed8410f24e1e732e621f48c3f

Found in base branch: main

Vulnerability Details

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

Publish Date: 2023-10-11

URL: CVE-2023-39325

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://pkg.go.dev/vuln/GO-2023-2102

Release Date: 2023-10-11

Fix Resolution: go1.20.10, go1.21.3, golang.org/x/net - v0.17.0

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.