[Release-4.4] BUG 1854385: Update golang/crypto to bring CVE-2020-9283

[JoelSpeed]

This library is not used here for doing ssh client/server connections
though still want to bring the library version with recent security
fixes. golang/crypto@bac4c82

[openshift-ci-robot]

@JoelSpeed: This pull request references Bugzilla bug 1854385, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

6 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.4.z) matches configured target release for branch (4.4.z)
• bug is in the state NEW, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
• dependent bug Bugzilla bug 1808177 is in the state VERIFIED, which is one of the valid states (VERIFIED, RELEASE_PENDING, CLOSED (ERRATA))
• dependent Bugzilla bug 1808177 targets the "4.5.0" release, which is one of the valid target releases: 4.5.0, 4.5.z
• bug has dependents

In response to this:

[Release-4.4] BUG 1854385: Update golang/crypto to bring CVE-2020-9283

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[enxebre]

have we considered to use this to move to go mod as in #69?

[JoelSpeed]

If you think that's a better approach, I'm happy to do that, was hoping this would be a smaller diff but glide is not making this easy

[JoelSpeed]

I cherry-picked the 4.5 switch to go.mod and then fought it into working with this codebase by adding a bunch of replacements. Seems to build on my machine now.

[JoelSpeed]

/retest

[enxebre]

I cherry-picked the 4.5 switch to go.mod

this would bring kube 1.18 libraries here though, right?

by adding a bunch of replacements

You mean in go mod, not in our code base right?

[JoelSpeed]

this would bring kube 1.18 libraries here though, right?

It would, except after cherry picking, I set up go mod replacements to point all the kube dependencies back to the ones they were on before
https://github.com/openshift/cluster-machine-approver/pull/76/files#diff-37aff102a57d3d7b797f152915a6dc16R36-R46

[enxebre]

/approve

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: enxebre

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [enxebre]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[michaelgugino]

/lgtm

[openshift-ci-robot]

@JoelSpeed: All pull requests linked via external trackers have merged: openshift/cluster-machine-approver#76. Bugzilla bug 1854385 has been moved to the MODIFIED state.

In response to this:

[Release-4.4] BUG 1854385: Update golang/crypto to bring CVE-2020-9283

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.