Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport release-1.26] Fix CVE-2023-48795 #3837

Merged
merged 4 commits into from
Dec 20, 2023
Merged

[Backport release-1.26] Fix CVE-2023-48795 #3837

merged 4 commits into from
Dec 20, 2023

Conversation

twz123
Copy link
Member

@twz123 twz123 commented Dec 19, 2023

dependabot bot added 4 commits December 19, 2023 09:31
@dependabot @twz123
Bump golang.org/x/sys from 0.13.0 to 0.15.0
d1cad12 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.13.0 to 0.15.0.
- [Commits](golang/sys@v0.13.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
(cherry picked from commit 0687f2f)
(cherry picked from commit e9bfad4)
(cherry picked from commit db96225)
@dependabot @twz123
Bump golang.org/x/crypto from 0.14.0 to 0.16.0
319860e 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.16.0.
- [Commits](golang/crypto@v0.14.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
(cherry picked from commit 5c2c42d)
(cherry picked from commit 03618f6)
(cherry picked from commit 880e300)
@dependabot @twz123
Bump golang.org/x/crypto from 0.16.0 to 0.17.0
8bf0800 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.16.0 to 0.17.0.
- [Commits](golang/crypto@v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
(cherry picked from commit 63ccbd3)
(cherry picked from commit 070091e)
(cherry picked from commit 7f4096b)
@dependabot @twz123
Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /hack/tool
3f45a50 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0.
- [Commits](golang/crypto@v0.14.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
(cherry picked from commit 102b2c5)
(cherry picked from commit 5f4b643)
(cherry picked from commit 3842556)
@twz123 twz123 marked this pull request as ready for review December 19, 2023 17:09
@twz123 twz123 requested a review from a team as a code owner December 19, 2023 17:09
@twz123 twz123 merged commit e87152b into k0sproject:release-1.26 Dec 20, 2023
67 checks passed
@twz123 twz123 deleted the backport-3836-to-release-1.26 branch December 20, 2023 13:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jnummelin jnummelin jnummelin approved these changes

@ncopa ncopa Awaiting requested review from ncopa ncopa is a code owner automatically assigned from k0sproject/k0s-maintainers

@juanluisvaladas juanluisvaladas Awaiting requested review from juanluisvaladas juanluisvaladas is a code owner automatically assigned from k0sproject/k0s-maintainers

Assignees
No one assigned
Labels
security fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@twz123 @jnummelin