Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Upgrade golang.org/x/crypto #36

Merged
merged 2 commits into from
Jan 10, 2024
Merged

chore: Upgrade golang.org/x/crypto #36

merged 2 commits into from
Jan 10, 2024

Conversation

spolti
Copy link
Contributor

@spolti spolti commented Jan 9, 2024

chore: address the following CVE:
- CVE-2023-48795: golang.org/x/crypto Authentication Bypass by Capture-replay

@spolti spolti requested review from ckadner and pvaneck January 10, 2024 14:43
@rafvasq rafvasq requested review from rafvasq and removed request for pvaneck January 10, 2024 18:31
@spolti
Copy link
Contributor Author

spolti commented Jan 10, 2024

@rafvasq hey, if you could take a look on this one as well :)

@spolti spolti requested review from rafvasq and removed request for rafvasq January 10, 2024 18:56
rafvasq
rafvasq reviewed Jan 10, 2024
View reviewed changes
Copy link
Member

@rafvasq rafvasq left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a suggestion to clean up the dependency comment.

go.mod Outdated Show resolved Hide resolved
@spolti
Fixes: CVE-2023-48795: Authentication Bypass by Capture-replay
6e17589 
chore:	address the following CVE:
 	- [CVE-2023-48795](https://www.cve.org/CVERecord?id=CVE-2023-48795): golang.org/x/crypto Authentication Bypass by Capture-replay

Signed-off-by: Spolti <[email protected]>
@spolti @rafvasq
Update go.mod
79554e7 
Co-authored-by: Rafael Vasquez <[email protected]>
Signed-off-by: Filippe Spolti <[email protected]>
rafvasq
rafvasq approved these changes Jan 10, 2024
View reviewed changes
Copy link
Member

@rafvasq rafvasq left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@oss-prow-bot OSS-prow-bot
Copy link

oss-prow-bot bot commented Jan 10, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: rafvasq, spolti

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@rafvasq rafvasq changed the title Fixes: CVE-2023-48795: Authentication Bypass by Capture-replay chore: Upgrade golang.org/x/crypto Jan 10, 2024
@rafvasq rafvasq merged commit 513a3f2 into kserve:main Jan 10, 2024
5 of 6 checks passed
@spolti spolti deleted the CVE-2023-48795 branch January 10, 2024 19:21
spolti referenced this pull request in spolti/rest-proxy Jan 10, 2024
@spolti
chore: Upgrade golang.org/x/crypto (opendatahub-io#36)
febe283 
chore:	address the following CVE:
- [CVE-2023-48795](https://www.cve.org/CVERecord?id=CVE-2023-48795):
golang.org/x/crypto Authentication Bypass by Capture-replay

---------

Signed-off-by: Spolti <[email protected]>
spolti referenced this pull request in spolti/rest-proxy Jan 10, 2024
@spolti
chore: Upgrade golang.org/x/crypto (opendatahub-io#36)
51ba6d1 
chore:	address the following CVE:
- [CVE-2023-48795](https://www.cve.org/CVERecord?id=CVE-2023-48795):
golang.org/x/crypto Authentication Bypass by Capture-replay

---------

Signed-off-by: Spolti <[email protected]>
spolti referenced this pull request in spolti/rest-proxy Jan 11, 2024
@spolti
chore: Upgrade golang.org/x/crypto (opendatahub-io#36)
7b6d3c2 
chore:	address the following CVE:
- [CVE-2023-48795](https://www.cve.org/CVERecord?id=CVE-2023-48795):
golang.org/x/crypto Authentication Bypass by Capture-replay

---------

Signed-off-by: Spolti <[email protected]>
spolti referenced this pull request in spolti/rest-proxy Jan 12, 2024
@spolti
chore: Upgrade golang.org/x/crypto (opendatahub-io#36)
c683161 
chore:	address the following CVE:
- [CVE-2023-48795](https://www.cve.org/CVERecord?id=CVE-2023-48795):
golang.org/x/crypto Authentication Bypass by Capture-replay

---------

Signed-off-by: Spolti <[email protected]>
openshift-merge-bot bot referenced this pull request in opendatahub-io/rest-proxy Jan 15, 2024
@openshift-merge-bot
Merge pull request #32 from spolti/RHOAIENG-1468-0.11.1
f5b2962 
chore: Upgrade golang.org/x/crypto  (#36)
spolti referenced this pull request in spolti/rest-proxy Jan 16, 2024
@spolti
chore: Upgrade golang.org/x/crypto (opendatahub-io#36)
7c15363 
chore:	address the following CVE:
- [CVE-2023-48795](https://www.cve.org/CVERecord?id=CVE-2023-48795):
golang.org/x/crypto Authentication Bypass by Capture-replay

---------

Signed-off-by: Spolti <[email protected]>
spolti referenced this pull request in spolti/rest-proxy Jan 16, 2024
@spolti
chore: Upgrade golang.org/x/crypto (opendatahub-io#36)
a192277 
chore:	address the following CVE:
- [CVE-2023-48795](https://www.cve.org/CVERecord?id=CVE-2023-48795):
golang.org/x/crypto Authentication Bypass by Capture-replay

---------

Signed-off-by: Spolti <[email protected]>
Jooho referenced this pull request in red-hat-data-services/rest-proxy Jan 16, 2024
@Jooho
Merge pull request #6 from spolti/RHOAIENG-1468-2.6
81ace49 
[cherry-pick] chore: Upgrade golang.org/x/crypto  (#36)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rafvasq rafvasq rafvasq approved these changes

@ckadner ckadner Awaiting requested review from ckadner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@spolti @rafvasq