Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: Bump golang.org/x/crypto v0.31.0 #69

Merged
merged 1 commit into from
Dec 12, 2024

Conversation

joonas
Copy link
Contributor

@joonas joonas commented Dec 12, 2024

While I don't believe nkeys makes use of the affected functionality, applications depending on the nkeys will receive a security issue related to GHSA-v778-237x-gjrc, so in an effort to save downstream consumers from the unnecessary work, it seems to make that it would make sense to bump the golang.org/x/crypto version to the patched version.

Signed-off-by: Joonas Bergius <joonas@cosmonic.com>
Copy link
Member

@derekcollison derekcollison left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@coveralls
Copy link

Pull Request Test Coverage Report for Build 12303441247

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 80.347%

Totals Coverage Status
Change from base Build 12033455559: 0.0%
Covered Lines: 417
Relevant Lines: 519

💛 - Coveralls

@derekcollison derekcollison merged commit 4aca2df into nats-io:main Dec 12, 2024
2 checks passed
@joonas joonas deleted the bump-x/crypto-version branch December 12, 2024 20:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants