Pin Crypto package to fix critical vulnerability (#2174) #2178

jaydeokar · 2022-12-22T17:16:36Z

Co-authored-by: Jay Deokar [email protected]

What type of PR is this?
bug

Which issue does this PR fix:
N/A

What does this PR do / Why do we need it:
Fixes to critical vulnerability in crypto package

If an issue # is not available please add repro steps and logs from IPAMD/CNI showing the issue:
N/A
Testing done on this change: N/A

Automation added to e2e: N/A

Will this PR introduce any new dependencies?: N/A

Will this break upgrades or downgrades. Has updating a running cluster been tested?:
N/A

Does this change require updates to the CNI daemonset config files to work?: N/A

Does this PR introduce any user-facing change?: N/A

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Co-authored-by: Jay Deokar <[email protected]>

jdn5126

Good call on the cherrypick

Pin Crypto package to fix critical vulnerability (#2174)

4e8e810

Co-authored-by: Jay Deokar <[email protected]>

jaydeokar requested a review from a team as a code owner December 22, 2022 17:16

jdn5126 approved these changes Dec 22, 2022

View reviewed changes

jaydeokar merged commit 5e6efbf into release-1.12 Dec 22, 2022

jaydeokar deleted the cherrypick_for_rc branch December 22, 2022 19:07

Provide feedback