Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: update crypto dependency to resolve CVE-2024-45337 #7956

Merged
merged 10 commits into from
Dec 20, 2024
Merged

deps: update crypto dependency to resolve CVE-2024-45337 #7956

merged 10 commits into from
Dec 20, 2024

Conversation

TomerJLevy
Copy link
Contributor

@TomerJLevy TomerJLevy commented Dec 19, 2024
edited by arjan-bal
Loading

RELEASE NOTES:

  • Update crypto dependency to resolve vulnerability.

@codecov Codecov
Copy link

codecov bot commented Dec 19, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 82.12%. Comparing base (56a14ba) to head (e0213fa).
Report is 1 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #7956      +/-   ##
==========================================
+ Coverage   82.09%   82.12%   +0.03%     
==========================================
  Files         379      379              
  Lines       38261    38261              
==========================================
+ Hits        31409    31422      +13     
+ Misses       5549     5544       -5     
+ Partials     1303     1295       -8

see 21 files with indirect coverage changes

@arjan-bal arjan-bal added this to the 1.70 Release milestone Dec 19, 2024
@arjan-bal arjan-bal added the Type: Dependencies Updating/adding/removing dependencies label Dec 19, 2024
@arjan-bal
Copy link
Contributor

@TomerJLevy thanks for raising a PR. There are a few more usages:

grpc-go/gcp/observability/go.mod

Line 52 in 56a14ba

golang.org/x/crypto v0.30.0 // indirect

grpc-go/interop/observability/go.mod

Line 51 in 56a14ba

golang.org/x/crypto v0.30.0 // indirect

grpc-go/examples/go.mod

Line 71 in 56a14ba

golang.org/x/crypto v0.30.0 // indirect

Can you try to bump those too?

@arjan-bal arjan-bal self-requested a review December 19, 2024 08:56
@TomerJLevy
Copy link
Contributor Author

@TomerJLevy thanks for raising a PR. There are a few more usages:

grpc-go/gcp/observability/go.mod

Line 52 in 56a14ba

golang.org/x/crypto v0.30.0 // indirect

grpc-go/interop/observability/go.mod

Line 51 in 56a14ba

golang.org/x/crypto v0.30.0 // indirect

grpc-go/examples/go.mod

Line 71 in 56a14ba

golang.org/x/crypto v0.30.0 // indirect

Can you try to bump those too?

Done. Please re-review the PR

@arjan-bal arjan-bal assigned arjan-bal and unassigned TomerJLevy Dec 19, 2024
arjan-bal
arjan-bal approved these changes Dec 19, 2024
View reviewed changes
Copy link
Contributor

@arjan-bal arjan-bal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding @dfawley for a second approval.

@arjan-bal arjan-bal requested a review from dfawley December 19, 2024 10:19
@arjan-bal arjan-bal removed their assignment Dec 19, 2024
@arjan-bal arjan-bal changed the title fix: resolve vulnerability CVE-2024-45337 deps: Update crypto dependency to resolve CVE-2024-45337 Dec 19, 2024
@arjan-bal arjan-bal changed the title deps: Update crypto dependency to resolve CVE-2024-45337 deps: update crypto dependency to resolve CVE-2024-45337 Dec 19, 2024
@dfawley
Copy link
Member

dfawley commented Dec 20, 2024

Thank you for the updates!

@dfawley dfawley merged commit e5a4eb0 into grpc:master Dec 20, 2024
14 of 15 checks passed
vinothkumarr227 pushed a commit to vinothkumarr227/grpc-go that referenced this pull request Dec 23, 2024
@TomerJLevy @vinothkumarr227
deps: update crypto dependency to resolve CVE-2024-45337 (grpc#7956)
09132bf
vinothkumarr227 added a commit to vinothkumarr227/grpc-go that referenced this pull request Dec 23, 2024
@vinothkumarr227
Revert "deps: update crypto dependency to resolve CVE-2024-45337 (grp…
0e927fb 
…c#7956)"

This reverts commit 09132bf.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arjan-bal arjan-bal arjan-bal approved these changes

@dfawley dfawley dfawley approved these changes

Assignees

@dfawley dfawley

Labels
Type: Dependencies Updating/adding/removing dependencies
Projects
None yet
Milestone
1.70 Release
Development

Successfully merging this pull request may close these issues.
3 participants
@TomerJLevy @arjan-bal @dfawley