Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

go.mod - update golang.org/x/crypto #130

Merged
merged 1 commit into from
Dec 12, 2024
Merged

go.mod - update golang.org/x/crypto #130

merged 1 commit into from
Dec 12, 2024

Conversation

andrewkroh
Copy link
Member

Update deps to avoid vulnerability scanner noise related to https://pkg.go.dev/vuln/GO-2024-3321. elastic/stream is not affected by GO-2024-3321.

@andrewkroh
go.mod - update golang.org/x/crypto
8d829cc 
Update deps to avoid vulnerability scanner noise related to
https://pkg.go.dev/vuln/GO-2024-3321. elastic/stream is not affected
by GO-2024-3321.
@andrewkroh andrewkroh added skip-changelog The change does not require a changelog entry. Team:Security-Service Integrations Team:Security-Service Integrations labels Dec 12, 2024
@andrewkroh andrewkroh requested a review from a team December 12, 2024 15:48
@elasticmachine
Copy link

💚 Build Succeeded

@andrewkroh andrewkroh enabled auto-merge (squash) December 12, 2024 16:21
@andrewkroh
Copy link
Member Author

NOTE: auto-merge is enabled. If you have any change requests do not approve.

efd6
efd6 approved these changes Dec 12, 2024
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not strictly necessary since we don't make use of the code in the CVE, but approving.

Output from govulncheck:

Vulnerability #1: GO-2024-3321
    Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in
    golang.org/x/crypto
  More info: https://pkg.go.dev/vuln/GO-2024-3321
  Module: golang.org/x/crypto
    Found in: golang.org/x/[email protected]
    Fixed in: golang.org/x/[email protected]

Your code is affected by 0 vulnerabilities.
This scan also found 0 vulnerabilities in packages you import and 1
vulnerability in modules you require, but your code doesn't appear to call these
vulnerabilities.

@andrewkroh andrewkroh merged commit 1566620 into elastic:main Dec 12, 2024
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 efd6 approved these changes

Assignees
No one assigned
Labels
skip-changelog The change does not require a changelog entry. Team:Security-Service Integrations Team:Security-Service Integrations
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@andrewkroh @elasticmachine @efd6