Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump golang.org/x/crypto to 7b82a4e #1420

Merged
merged 3 commits into from
Apr 25, 2022
Merged

Bump golang.org/x/crypto to 7b82a4e #1420

merged 3 commits into from
Apr 25, 2022

Commits on Apr 13, 2022

  1. Bump golang.org/x/crypto to 7b82a4e 

    Resolves: GHSA-8c26-wmh5-6g9v - CVE-2022-27191

golang.org/x/crypto@1baeb1ce contains the actual CVE fix. Using the
latest upstream commit to also include support for SHA-2.

I haven't investigated if pack is vulnerable to this CVE but figured it
won't hurt to bump to the latest commit.

Signed-off-by: Lokesh Mandvekar <[email protected]>
    @lsm5
    lsm5 committed Apr 13, 2022
    Configuration menu
    Copy the full SHA
    219d3c9 View commit details
    Browse the repository at this point in the history

Commits on Apr 25, 2022

  1. Update use of deprecated fields 

    Also:
- Update golang-ci lint configucation

Signed-off-by: Javier Romero <[email protected]>
    @jromero
    jromero committed Apr 25, 2022
    Configuration menu
    Copy the full SHA
    9cb94e5 View commit details
    Browse the repository at this point in the history

  2. Merge branch 'main' into main-cve-2022-27191

    @jromero
    jromero authored Apr 25, 2022
    Configuration menu
    Copy the full SHA
    ed4bbf3 View commit details
    Browse the repository at this point in the history