-
-
Notifications
You must be signed in to change notification settings - Fork 154
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(deps): update golang.org/x/crypto digest to 23b1b90 [security] - autoclosed #636
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
0450da1
to
f24406d
Compare
f24406d
to
a4094da
Compare
a4094da
to
77174e7
Compare
77174e7
to
fcddfe1
Compare
fcddfe1
to
849dd76
Compare
849dd76
to
b367b95
Compare
b367b95
to
c53b33f
Compare
c53b33f
to
c89a6b1
Compare
c89a6b1
to
ea3d153
Compare
ea3d153
to
d814fd0
Compare
d814fd0
to
9364f06
Compare
9364f06
to
02e5079
Compare
02e5079
to
8b9b009
Compare
8b9b009
to
1a2420e
Compare
ad7e761
to
39ba32b
Compare
39ba32b
to
8988a0f
Compare
8988a0f
to
1361819
Compare
1361819
to
170a28e
Compare
170a28e
to
73155ae
Compare
73155ae
to
9b4a810
Compare
9b4a810
to
f17db2c
Compare
f17db2c
to
06ca4e3
Compare
06ca4e3
to
97c206f
Compare
97c206f
to
564cb5b
Compare
564cb5b
to
38332c0
Compare
38332c0
to
03aed95
Compare
03aed95
to
bcf5853
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0c6587e
->23b1b90
GitHub Vulnerability Alerts
CVE-2022-27191
golang.org/x/crypto/ssh versions 0.0.0-20220214200702-86341886e292 and prior in Go through 1.16.15 and 1.17.x through 1.17.8 allows an attacker to crash a server in certain circumstances involving AddHostKey. Version 0.0.0-20220315160706-3147a52a75dd includes a fix for the vulnerability and support for SHA-2.
CVE-2021-43565
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an unauthenticated attacker to panic an SSH server.
CVE-2020-29652
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.