Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vendor: update golang.org/x/ dependencies #11145

Merged
merged 5 commits into from
Dec 12, 2024
Merged

vendor: update golang.org/x/ dependencies #11145

merged 5 commits into from
Dec 12, 2024

Conversation

thaJeztah
Copy link
Member

vendor: golang.org/x/sys v0.28.0

full diff: golang/sys@v0.27.0...v0.28.0

vendor: golang.org/x/sync v0.10.0

no changes in vendored code

full diff: golang/sync@v0.9.0...v0.10.0

vendor: golang.org/x/text v0.21.0

no changes in vendored code

full diff: golang/text@v0.19.0...v0.21.0

vendor: golang.org/x/term v0.27.0

full diff: golang/term@v0.25.0...v0.27.0

vendor: golang.org/x/crypto v0.31.0

update to the latest version of this dependency, which has a fix for a
authorization bypass in the ssh package. We don't use this functionality,
so there's no need to backport this change (other than de-noising false positives).

This is CVE-2024-45337 and Go issue https://go.dev/issue/70779.

full diff: golang/crypto@v0.28.0...v0.31.0

@thaJeztah
vendor: golang.org/x/sys v0.28.0
1606766 
full diff: golang/sys@v0.27.0...v0.28.0

Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
vendor: golang.org/x/sync v0.10.0
6764e62 
no changes in vendored code

full diff: golang/sync@v0.9.0...v0.10.0

Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
vendor: golang.org/x/text v0.21.0
1032fad 
no changes in vendored code

full diff: golang/text@v0.19.0...v0.21.0

Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
vendor: golang.org/x/term v0.27.0
9b3d999 
full diff: golang/term@v0.25.0...v0.27.0

Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
vendor: golang.org/x/crypto v0.31.0
23e0141 
update to the latest version of this dependency, which has a fix for a
authorization bypass in the ssh package. We don't use this functionality,
so there's no need to backport this change (other than de-noising false positives).

This is CVE-2024-45337 and Go issue https://go.dev/issue/70779.

full diff: golang/crypto@v0.28.0...v0.31.0

Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah thaJeztah self-assigned this Dec 11, 2024
@dosubot dosubot bot added the dependencies Pull requests that update a dependency file label Dec 11, 2024
@estesp estesp added this pull request to the merge queue Dec 12, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Dec 12, 2024
@AkihiroSuda AkihiroSuda added this pull request to the merge queue Dec 12, 2024
Merged via the queue into containerd:main with commit 0e7ee7d Dec 12, 2024
58 checks passed
@thaJeztah thaJeztah deleted the vendor_x_crypto branch December 12, 2024 17:44
@ErikJiang ErikJiang mentioned this pull request Dec 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@estesp estesp estesp approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

Assignees

@thaJeztah thaJeztah

Labels
dependencies Pull requests that update a dependency file size/L
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@thaJeztah @estesp @AkihiroSuda @k8s-ci-robot