Bump golang.org/x/crypto to 7b82a4e #1420
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Resolves: GHSA-8c26-wmh5-6g9v - CVE-2022-27191 golang.org/x/crypto@1baeb1ce contains the actual CVE fix. Using the latest upstream commit to also include support for SHA-2. I haven't investigated if pack is vulnerable to this CVE but figured it won't hurt to bump to the latest commit. Signed-off-by: Lokesh Mandvekar <[email protected]>
github-actions
bot
added
the
type/chore
|
Hi @lsm5, Thank you for bringing this to our attention. It seems like our CI/CD linting processes detected a few deprecated variables being used/imported. Would you be able to update their use as well? |
jromero
added
dependencies
Also: - Update golang-ci lint configucation Signed-off-by: Javier Romero <[email protected]>
github-actions
bot
added
the
type/enhancement
jromero
approved these changes
Apr 25, 2022
|
err whoops, totally missed this. Thanks for picking up the slack @jromero . I'll build this for fedora. |
|
@jromero can we get a new version tag cut with this fix included? That would make fedora building much easier. |
|
TLDR; it may take up to mid next week due to availability. Hope that's okay. |
works for me, thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves: GHSA-8c26-wmh5-6g9v - CVE-2022-27191
golang.org/x/crypto@1baeb1ce contains the actual CVE fix. Using the
latest upstream commit to also include support for SHA-2.
I haven't investigated if pack is vulnerable to this CVE but figured it
won't hurt to bump to the latest commit.
Signed-off-by: Lokesh Mandvekar [email protected]
(I can update the description per the format below, but I don't have anything specific (yet).)
Summary
Output
Before
After
Documentation
Related
Resolves #___