Skip to content

Security update: Bump some core dependencies #498

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 29, 2024
Merged

Security update: Bump some core dependencies #498

merged 1 commit into from
Jan 29, 2024

Conversation

a-hilaly
Copy link
Member

Bump libraries:

  • github.com/cloudflare/circl v1.3.7
  • github.com/go-logr/logr v1.4.1
  • github.com/spf13/cobra v1.8.0
  • golang.org/x/mod v0.14.0

The most important one is github.com/cloudflare/circl v1.3.7, quoting: "On some
platforms, when an attacker can time decapsulation of Kyber on forged cipher texts,
they could possibly learn (parts of) the secret key."

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@a-hilaly
Bump cerl, x/mod, cobra and logr
7332995 
Signed-off-by: Amine Hilaly <hilalyamine@gmail.com>
@ack-prow ack-prow bot requested review from jlbutler and jljaco January 29, 2024 05:17
@ack-prow ack-prow bot added the approved label Jan 29, 2024
@ack-bot
Copy link
Collaborator

ack-bot commented Jan 29, 2024

/lgtm

@ack-prow ack-prow bot added the lgtm Indicates that a PR is ready to be merged. label Jan 29, 2024
@ack-prow ACK Prow
Copy link

ack-prow bot commented Jan 29, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: a-hilaly, ack-bot

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@a-hilaly
Copy link
Member Author

/retest

4 similar comments
@a-hilaly
Copy link
Member Author

/retest

@a-hilaly
Copy link
Member Author

/retest

@a-hilaly
Copy link
Member Author

/retest

@a-hilaly
Copy link
Member Author

/retest

@ack-prow ack-prow bot merged commit f7bd096 into aws-controllers-k8s:main Jan 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jlbutler jlbutler Awaiting requested review from jlbutler

@jljaco jljaco Awaiting requested review from jljaco

Assignees

@ack-bot ack-bot

Labels
approved lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@a-hilaly @ack-bot