-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix CVE 2023 48795 #6675
Fix CVE 2023 48795 #6675
Conversation
$ go version go version go1.20.13 linux/amd64 $ find . -type f -name 'go.mod' -not -path './_bin/*' -printf '%h\n' \ | sort \ | while read d; do (cd $d; go get golang.org/x/crypto@v0.17.0); done Signed-off-by: Richard Wall <richard.wall@venafi.com>
Signed-off-by: Richard Wall <richard.wall@venafi.com>
golang.org/x/sys v0.14.0 // indirect | ||
golang.org/x/text v0.13.0 // indirect | ||
golang.org/x/sys v0.15.0 // indirect | ||
golang.org/x/text v0.14.0 // indirect |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These got upgraded as a side effect of my running go get golang.org/x/crypto@v0.17.0
in every sub-module.
go mod tidy
then removes the unused import and leaves behind these updates to indirect dependencies which are used in this sub-module.
I considered reverting these changes, but decided that it was neater to have all the sub-modules using the same versions of golang.org/x/sys
and golang.org/x/text
.
/retest |
These were flakes which disappeared upon |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: inteon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Fixes the failing trivy scan on the release-1.13 branch by upgrading
golang.org/x/crypto
fromv0.14.0
tov0.17.0
.You can also see these failures on ArtifactHub:
I ran the following commands:
/kind cleanup