Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ASCII-2620] Update golang.org/x/crypto to fix CVE #32282

Merged
merged 2 commits into from
Dec 17, 2024
Merged

[ASCII-2620] Update golang.org/x/crypto to fix CVE #32282

merged 2 commits into from
Dec 17, 2024

Conversation

pgimalac
Copy link
Member

What does this PR do?

Update golang.org/x/crypto to fix CVE-2024-45337.

Motivation

Security update.

Describe how you validated your changes

Covered by CI.

Possible Drawbacks / Trade-offs

Additional Notes

We are actually not using the vulnerable function, but updating the dependency avoids scanners complaining about it.

@pgimalac pgimalac added team/agent-shared-components qa/done QA done before merge and regressions are covered by tests labels Dec 17, 2024
@pgimalac pgimalac requested review from a team as code owners December 17, 2024 09:29
@pgimalac pgimalac requested review from dineshg13 and misteriaud and removed request for a team December 17, 2024 09:29
@github-actions github-actions bot added component/system-probe long review PR is complex, plan time to review it labels Dec 17, 2024
@pgimalac pgimalac added the backport/7.60.x Automatically create a backport PR to 7.60.x label Dec 17, 2024
@pgimalac
Copy link
Member Author

/merge

@dd-devflow
Copy link

dd-devflow bot commented Dec 17, 2024
edited
Loading

Devflow running: /merge

View all feedbacks in Devflow UI.

2024-12-17 09:42:19 UTC ℹ️ MergeQueue: pull request added to the queue

The median merge time in 7.61.x is 28m.

2024-12-17 10:22:35 UTC ℹ️ MergeQueue: This merge request was merged

@dd-mergequeue dd-mergequeue bot merged commit 5e23d46 into 7.61.x Dec 17, 2024
306 of 331 checks passed
@dd-mergequeue dd-mergequeue bot deleted the pgimalac/update-golang-org-crypto-cve branch December 17, 2024 10:22
@github-actions github-actions bot added this to the 7.61.0 milestone Dec 17, 2024
@agent-platform-auto-pr
Copy link
Contributor

The backport to 7.60.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-7.60.x 7.60.x
# Navigate to the new working tree
cd .worktrees/backport-7.60.x
# Create a new branch
git switch --create backport-32282-to-7.60.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 5e23d4627b672e62f6ac9580e4d23320b643247c
# Push it to GitHub
git push --set-upstream origin backport-32282-to-7.60.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-7.60.x

Then, create a pull request where the base branch is 7.60.x and the compare/head branch is backport-32282-to-7.60.x.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KevinFairise2 KevinFairise2 KevinFairise2 approved these changes

@paulcacheux paulcacheux paulcacheux approved these changes

@FlorentClarret FlorentClarret FlorentClarret approved these changes

@vickenty vickenty vickenty approved these changes

@dineshg13 dineshg13 Awaiting requested review from dineshg13 dineshg13 is a code owner automatically assigned from DataDog/opentelemetry

@misteriaud misteriaud Awaiting requested review from misteriaud misteriaud is a code owner automatically assigned from DataDog/agent-shared-components

Assignees
No one assigned
Labels
backport/7.60.x Automatically create a backport PR to 7.60.x component/system-probe long review PR is complex, plan time to review it qa/done QA done before merge and regressions are covered by tests team/agent-shared-components
Projects
None yet
Milestone
7.61.0
Development

Successfully merging this pull request may close these issues.
5 participants
@pgimalac @vickenty @FlorentClarret @paulcacheux @KevinFairise2