Skip to content

Commit 23e0141

Browse files
thaJeztahthaJeztah
committed
vendor: golang.org/x/crypto v0.31.0
update to the latest version of this dependency, which has a fix for a authorization bypass in the ssh package. We don't use this functionality, so there's no need to backport this change (other than de-noising false positives). This is CVE-2024-45337 and Go issue https://go.dev/issue/70779. full diff: golang/crypto@v0.28.0...v0.31.0 Signed-off-by: Sebastiaan van Stijn <[email protected]>
1 parent 9b3d999 commit 23e0141

File tree

3 files changed

+4
-4
lines changed

3 files changed

+4
-4
lines changed

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -133,7 +133,7 @@ require (
133133
go.opencensus.io v0.24.0 // indirect
134134
go.opentelemetry.io/otel/metric v1.31.0 // indirect
135135
go.opentelemetry.io/proto/otlp v1.3.1 // indirect
136-
golang.org/x/crypto v0.28.0 // indirect
136+
golang.org/x/crypto v0.31.0 // indirect
137137
golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect
138138
golang.org/x/net v0.30.0 // indirect
139139
golang.org/x/oauth2 v0.22.0 // indirect

go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1194,8 +1194,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
11941194
golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
11951195
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
11961196
golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
1197-
golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
1198-
golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
1197+
golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
1198+
golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
11991199
golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
12001200
golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
12011201
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=

vendor/modules.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -568,7 +568,7 @@ go.opentelemetry.io/proto/otlp/collector/trace/v1
568568
go.opentelemetry.io/proto/otlp/common/v1
569569
go.opentelemetry.io/proto/otlp/resource/v1
570570
go.opentelemetry.io/proto/otlp/trace/v1
571-
# golang.org/x/crypto v0.28.0
571+
# golang.org/x/crypto v0.31.0
572572
## explicit; go 1.20
573573
golang.org/x/crypto/cast5
574574
golang.org/x/crypto/openpgp

0 commit comments

Comments
 (0)