[🐸 Frogbot] Update version of golang.org/x/crypto to 0.35.0 #318

github-actions · 2025-02-27T00:13:07Z

Severity	ID	Contextual Analysis	Direct Dependencies	Impacted Dependency	Fixed Versions
Unknown	CVE-2025-22869	Not Covered	github.com/jfrog/jfrog-cli-artifactory:v0.2.0 github.com/jfrog/jfrog-cli-core/v2:v2.58.1 github.com/jfrog/jfrog-client-go:v1.51.0 github.com/skeema/knownhosts:v1.3.1 golang.org/x/crypto:v0.32.0 golang.org/x/net:v0.34.0 github.com/go-git/go-billy/v5:v5.6.2 github.com/go-git/go-git/v5:v5.13.2	golang.org/x/crypto v0.32.0	[0.35.0]


Contextual Analysis:	Not Covered
Direct Dependencies:	github.com/jfrog/jfrog-cli-artifactory:v0.2.0, github.com/jfrog/jfrog-cli-core/v2:v2.58.1, github.com/jfrog/jfrog-client-go:v1.51.0, github.com/skeema/knownhosts:v1.3.1, golang.org/x/crypto:v0.32.0, golang.org/x/net:v0.34.0, github.com/go-git/go-billy/v5:v5.6.2, github.com/go-git/go-git/v5:v5.13.2
Impacted Dependency:	golang.org/x/crypto:v0.32.0
Fixed Versions:	[0.35.0]
CVSS V3:	-

Potential denial of service in golang.org/x/crypto

Upgrade golang.org/x/crypto to 0.35.0

eea872b

attiasas added improvement safe to test labels Mar 3, 2025

github-actions bot removed the safe to test label Mar 3, 2025

Provide feedback