Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release-v0.14] Update golang.org/x/crypto to v0.31.0 #1755

Open
wants to merge 1 commit into
base: release-v0.14
Choose a base branch
from

Conversation

adambkaplan
Copy link
Member

Changes

Update golang.org/x/crypto to mitigate CVE-2024-45337. This has a severity grade of "Important" from Red Hat.

Cherry-pick of #1752

/kind dependency-change

Submitter Checklist

  • Includes tests if functionality changed/was added
  • Includes docs if changes are user-facing
  • Set a kind label on this PR
  • Release notes block has been filled in, or marked NONE

See the contributor guide
for details on coding conventions, github and prow interactions, and the code review process.

Release Notes

Update golang.org/x/crypto to v0.31.0, to mitigate CVE-2024-45337

Update golang.org/x/crypto to mitigate CVE-2024-45337.

Cherry-pick of shipwright-io#1752

Signed-off-by: Adam Kaplan <[email protected]>
@openshift-ci openshift-ci bot added release-note Label for when a PR has specified a release note kind/dependency-change Categorizes issue or PR as related to changing dependencies labels Dec 17, 2024
Copy link
Contributor

openshift-ci bot commented Dec 17, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from adambkaplan. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@pull-request-size pull-request-size bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Dec 17, 2024
@adambkaplan
Copy link
Member Author

@SaschaSchwarze0 @qu1queee I more or less cherry-picked #1752 to mitigate this vulnerability. Do we want to merge this and release a v0.14.1?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/dependency-change Categorizes issue or PR as related to changing dependencies release-note Label for when a PR has specified a release note size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
Status: No status
Development

Successfully merging this pull request may close these issues.

1 participant