Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-v0.12] Bump golang.org/x/crypto from v0.16.0 to v0.21.0 #1551

Merged
merged 1 commit into from
Mar 20, 2024
Merged

[release-v0.12] Bump golang.org/x/crypto from v0.16.0 to v0.21.0 #1551

merged 1 commit into from
Mar 20, 2024

Conversation

sayan-biswas
Copy link

Addresses the following CVEs

  • CVE-2023-48795 Insufficient Verification of Data Authenticity vulnerability with Medium severity found
  • CVE-2023-42818 Improper Restriction of Excessive Authentication Attempts vulnerability with High severity found

Changes

Bump golang.org/x/crypto from v0.16.0 to v0.21.0

Submitter Checklist

  • Includes tests if functionality changed/was added
  • Includes docs if changes are user-facing
  • Set a kind label on this PR
  • Release notes block has been filled in, or marked NONE

See the contributor guide
for details on coding conventions, github and prow interactions, and the code review process.

Release Notes

NONE

@sayan-biswas
Bump golang.org/x/crypto from v0.16.0 to v0.21.0
ffd4a70 
Addresses the following CVEs
- CVE-2023-48795 Insufficient Verification of Data Authenticity vulnerability with Medium severity found
- CVE-2023-42818 Improper Restriction of Excessive Authentication Attempts vulnerability with High severity found
@openshift-ci openshift-ci bot added the release-note-none Label for when a PR does not need a release note label Mar 20, 2024
@openshift-ci openshift-ci bot requested review from otaviof and qu1queee March 20, 2024 10:09
@pull-request-size pull-request-size bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Mar 20, 2024
@sayan-biswas
Copy link
Author

/kind dependency-change

@openshift-ci openshift-ci bot added the kind/dependency-change Categorizes issue or PR as related to changing dependencies label Mar 20, 2024
SaschaSchwarze0
SaschaSchwarze0 approved these changes Mar 20, 2024
View reviewed changes
Copy link
Member

@SaschaSchwarze0 SaschaSchwarze0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve
/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Mar 20, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Mar 20, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: SaschaSchwarze0

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 20, 2024
@openshift-merge-bot openshift-merge-bot bot merged commit cac0e6c into shipwright-io:release-v0.12 Mar 20, 2024
13 checks passed
@SaschaSchwarze0 SaschaSchwarze0 changed the title Bump golang.org/x/crypto from v0.16.0 to v0.21.0 [release-v0.12] Bump golang.org/x/crypto from v0.16.0 to v0.21.0 Mar 25, 2024
@sayan-biswas sayan-biswas deleted the cve-2023-48795 branch December 28, 2024 20:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SaschaSchwarze0 SaschaSchwarze0 SaschaSchwarze0 approved these changes

@otaviof otaviof Awaiting requested review from otaviof

@qu1queee qu1queee Awaiting requested review from qu1queee

Assignees

@SaschaSchwarze0 SaschaSchwarze0

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/dependency-change Categorizes issue or PR as related to changing dependencies lgtm Indicates that a PR is ready to be merged. release-note-none Label for when a PR does not need a release note size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
Shipwright Overview
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sayan-biswas @SaschaSchwarze0