[PR #3962] [CLOSED] fix(sec): upgrade github.com/quic-go/quic-go to 0.40.1 #4872

New issue

Closed

opened 2026-05-05 14:50:20 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented 2026-05-05 14:50:20 -06:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/fatedier/frp/pull/3962
Author: @chncaption
Created: 1/31/2024
Status: ❌ Closed

Base: dev ← Head: oscs_fix_cmst0k0au51oj0c3u33g

---

📝 Commits (1)

• b4a6269 update github.com/quic-go/quic-go v0.37.4 to 0.40.1

📊 Changes

2 files changed (+12 additions, -3 deletions)

View changed files

📝 go.mod (+4 -3)
📝 go.sum (+8 -0)

📄 Description

What happened？

There are 1 security vulnerabilities found in github.com/quic-go/quic-go v0.37.4

• CVE-2023-49295

What did I do？

Upgrade github.com/quic-go/quic-go from v0.37.4 to 0.40.1 for vulnerability fix

What did you expect to happen？

Ideally, no insecure libs should be used.

How can we automate the detection of these types of issues?

By using the GitHub Actions configurations provided by murphysec, we can conduct automatic code security checks in our CI pipeline.

The specification of the pull request

PR Specification from OSCS

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/fatedier/frp/pull/3962 **Author:** [@chncaption](https://github.com/chncaption) **Created:** 1/31/2024 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `oscs_fix_cmst0k0au51oj0c3u33g` --- ### 📝 Commits (1) - [`b4a6269`](https://github.com/fatedier/frp/commit/b4a6269b42ebb767d348d2c989373f072973ffc2) update github.com/quic-go/quic-go v0.37.4 to 0.40.1 ### 📊 Changes **2 files changed** (+12 additions, -3 deletions) <details> <summary>View changed files</summary> 📝 `go.mod` (+4 -3) 📝 `go.sum` (+8 -0) </details> ### 📄 Description ### What happened？ There are 1 security vulnerabilities found in github.com/quic-go/quic-go v0.37.4 - [CVE-2023-49295](https://www.oscs1024.com/hd/CVE-2023-49295) ### What did I do？ Upgrade github.com/quic-go/quic-go from v0.37.4 to 0.40.1 for vulnerability fix ### What did you expect to happen？ Ideally, no insecure libs should be used. ### How can we automate the detection of these types of issues? By using the [GitHub Actions](https://github.com/murphysecurity/actions) configurations provided by murphysec, we can conduct automatic code security checks in our CI pipeline. ### The specification of the pull request [PR Specification](https://www.oscs1024.com/docs/pr-specification/) from OSCS --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

gitea-mirror 2026-05-05 14:50:20 -06:00

• closed this issue
• added the
  pull-request
  label

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

dev

new

master

copilot/review-pull-request-5198

v0.68.1

v0.68.0

v0.67.0

v0.66.0

v0.65.0

v0.64.0

v0.63.0

v0.62.1

v0.62.0

v0.61.2

v0.61.1

v0.61.0

v0.60.0

v0.59.0

v0.58.1

v0.58.0

v0.57.0

v0.56.0

v0.55.1

v0.55.0

v0.54.0

v0.53.2

v0.53.1

v0.53.0

v0.52.3

v0.52.2

v0.52.1

v0.52.0

v0.51.3

v0.51.2

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.1

v0.46.0

v0.45.0

v0.44.0

v0.43.0

v0.42.0

v0.41.0

v0.40.0

v0.39.1

v0.39.0

v0.38.0

v0.37.1

v0.37.0

v0.36.2

v0.36.1

v0.36.0

v0.35.1

v0.35.0

v0.34.3

v0.34.2

v0.34.1

v0.34.0

v0.33.0

v0.32.1

v0.32.0

v0.31.2

v0.31.1

v0.31.0

v0.30.0

v0.29.1

v0.29.0

v0.28.2

v0.28.1

v0.28.0

v0.27.1

v0.27.0

v0.26.0

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.3

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.0

v0.19.1

v0.19.0

v0.18.0

v0.17.0

v0.16.1

v0.16.0

v0.15.1

v0.15.0

v0.14.1

v0.14.0

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.1

v0.8.0

v0.7.0

v0.6.0

v0.5.0

v0.3.0

v0.2.0

v0.1.0

Labels

Clear labels   

In Progress

  

WIP

  

WaitingForInfo

  

bug

  

doc

  

duplicate

  

easy

  

enhancement

  

future

  

help wanted

  

invalid

  

lifecycle/stale

  

need-issue-template

  

need-usage-help

  

no plan

  

proposal

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

todo

No labels

In Progress

WIP

WaitingForInfo

bug

doc

duplicate

easy

enhancement

future

help wanted

invalid

lifecycle/stale

need-issue-template

need-usage-help

no plan

proposal

pull-request

question

todo

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#4872

No description provided.