Skip to content

chore: Bump golang.org/x/crypto v0.31.0#69

Merged
derekcollison merged 1 commit intonats-io:mainfrom
joonas:bump-x/crypto-version
Dec 12, 2024
Merged

chore: Bump golang.org/x/crypto v0.31.0#69
derekcollison merged 1 commit intonats-io:mainfrom
joonas:bump-x/crypto-version

Conversation

@joonas
Copy link

@joonas joonas commented Dec 12, 2024
edited
Loading

While I don't believe nkeys makes use of the affected functionality, applications depending on the nkeys will receive a security issue related to GHSA-v778-237x-gjrc, so in an effort to save downstream consumers from the unnecessary work, it seems to make that it would make sense to bump the golang.org/x/crypto version to the patched version.

chore: Bump golang.org/x/crypto v0.31.0
b9c7dee 
Signed-off-by: Joonas Bergius <joonas@cosmonic.com>
derekcollison
derekcollison approved these changes Dec 12, 2024
View reviewed changes
Copy link
Member

@derekcollison derekcollison left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@coveralls
Copy link

coveralls commented Dec 12, 2024

Pull Request Test Coverage Report for Build 12303441247

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 80.347%
Totals Coverage Status
Change from base Build 12033455559: 0.0%
Covered Lines: 417
Relevant Lines: 519
💛 - Coveralls

@derekcollison derekcollison merged commit 4aca2df into nats-io:main Dec 12, 2024
@joonas joonas deleted the bump-x/crypto-version branch December 12, 2024 20:03
@joonas joonas mentioned this pull request Dec 17, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@derekcollison derekcollison derekcollison approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@joonas @coveralls @derekcollison