Skip to content
This repository has been archived by the owner on May 15, 2024. It is now read-only.

Update golang.org/x/crypto digest to 23b1b90 [SECURITY] - autoclosed #139

Closed
wants to merge 1 commit into from
Closed

Update golang.org/x/crypto digest to 23b1b90 [SECURITY] - autoclosed #139

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 16, 2023
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Type Update Change
golang.org/x/crypto require digest 0c6587e -> 23b1b90

GitHub Vulnerability Alerts

CVE-2022-27191

golang.org/x/crypto/ssh versions 0.0.0-20220214200702-86341886e292 and prior in Go through 1.16.15 and 1.17.x through 1.17.8 allows an attacker to crash a server in certain circumstances involving AddHostKey. Version 0.0.0-20220315160706-3147a52a75dd includes a fix for the vulnerability and support for SHA-2.

CVE-2021-43565

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an unauthenticated attacker to panic an SSH server.

CVE-2020-29652

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate
Copy link
Contributor Author

renovate bot commented Mar 16, 2023
edited
Loading

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum
Command failed: docker run --rm --name=renovate_a_sidecar --label=renovate_a_child -v "/tmp/worker/36eb6c/62ad50/repos/github/raba-jp/primus":"/tmp/worker/36eb6c/62ad50/repos/github/raba-jp/primus" -v "/tmp/worker/36eb6c/62ad50/cache":"/tmp/worker/36eb6c/62ad50/cache" -e GOPATH -e GOPROXY -e GOSUMDB -e GOFLAGS -e CGO_ENABLED -e GIT_CONFIG_KEY_0 -e GIT_CONFIG_VALUE_0 -e GIT_CONFIG_KEY_1 -e GIT_CONFIG_VALUE_1 -e GIT_CONFIG_KEY_2 -e GIT_CONFIG_VALUE_2 -e GIT_CONFIG_COUNT -e BUILDPACK_CACHE_DIR -e CONTAINERBASE_CACHE_DIR -w "/tmp/worker/36eb6c/62ad50/repos/github/raba-jp/primus" ghcr.io/containerbase/sidecar bash -l -c "install-tool golang 1.20.5 && go get -d -t ./... && go mod tidy && go mod tidy"
go: downloading github.com/google/wire v0.5.0
go: downloading github.com/spf13/cobra v1.1.3
go: downloading golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
go: downloading github.com/rs/zerolog v1.21.0
go: downloading github.com/spf13/afero v1.6.0
go: downloading github.com/stretchr/testify v1.7.0
go: downloading github.com/fatih/color v1.10.0
go: downloading github.com/mattn/go-colorable v0.1.8
go: downloading go.starlark.net v0.0.0-20200901195727-6e684ef5eeee
go: downloading golang.org/x/crypto v0.11.1-0.20230705203307-23b1b90df264
go: downloading github.com/c-bata/go-prompt v0.2.6
go: downloading github.com/inconshreveable/mousetrap v1.0.0
go: downloading github.com/spf13/pflag v1.0.5
go: downloading golang.org/x/text v0.11.0
go: downloading github.com/davecgh/go-spew v1.1.1
go: downloading github.com/pmezard/go-difflib v1.0.0
go: downloading gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c
go: downloading github.com/mattn/go-isatty v0.0.12
go: downloading golang.org/x/term v0.10.0
go: downloading github.com/mattn/go-runewidth v0.0.9
go: downloading github.com/mattn/go-tty v0.0.3
go: downloading golang.org/x/sys v0.10.0
go: downloading github.com/pkg/term v1.2.0-beta.2
go: downloading gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f
go: downloading github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e
go: downloading github.com/kr/text v0.2.0
github.com/raba-jp/primus imports
	github.com/knqyf263/mockery/: malformed import path "github.com/knqyf263/mockery/": trailing slash

@renovate renovate bot force-pushed the renovate/go-golang.org/x/crypto-vulnerability branch from 385b91e to 341fc40 Compare March 23, 2023 23:32
@renovate renovate bot changed the title Update golang.org/x/crypto digest to 9cd0187 [SECURITY] Update golang.org/x/crypto digest to 018c28f [SECURITY] Mar 23, 2023
@renovate renovate bot changed the title Update golang.org/x/crypto digest to 018c28f [SECURITY] Update golang.org/x/crypto digest to 776e461 [SECURITY] Mar 24, 2023
@renovate renovate bot force-pushed the renovate/go-golang.org/x/crypto-vulnerability branch from 341fc40 to 6e199f8 Compare March 24, 2023 02:23
@renovate renovate bot changed the title Update golang.org/x/crypto digest to 776e461 [SECURITY] Update golang.org/x/crypto digest to 018c28f [SECURITY] Mar 24, 2023
@renovate renovate bot force-pushed the renovate/go-golang.org/x/crypto-vulnerability branch from 6e199f8 to a192c3c Compare March 24, 2023 16:32
@renovate renovate bot changed the title Update golang.org/x/crypto digest to 018c28f [SECURITY] Update golang.org/x/crypto digest to 776e461 [SECURITY] Mar 24, 2023
@renovate renovate bot force-pushed the renovate/go-golang.org/x/crypto-vulnerability branch 3 times, most recently from 00c72a1 to 4626e85 Compare March 25, 2023 05:11
@renovate renovate bot changed the title Update golang.org/x/crypto digest to 776e461 [SECURITY] Update golang.org/x/crypto digest to 018c28f [SECURITY] Mar 27, 2023
@renovate renovate bot force-pushed the renovate/go-golang.org/x/crypto-vulnerability branch from 4626e85 to cc44e2e Compare March 27, 2023 23:15
@renovate renovate bot changed the title Update golang.org/x/crypto digest to 018c28f [SECURITY] Update golang.org/x/crypto digest to 776e461 [SECURITY] Mar 28, 2023
@renovate renovate bot force-pushed the renovate/go-golang.org/x/crypto-vulnerability branch from cc44e2e to 463d26a Compare March 28, 2023 00:43
@renovate renovate bot changed the title Update golang.org/x/crypto digest to 776e461 [SECURITY] Update golang.org/x/crypto digest to 018c28f [SECURITY] Mar 28, 2023
@renovate renovate bot force-pushed the renovate/go-golang.org/x/crypto-vulnerability branch 2 times, most recently from 970acb4 to 585cd05 Compare March 28, 2023 05:27
@renovate renovate bot changed the title Update golang.org/x/crypto digest to 018c28f [SECURITY] Update golang.org/x/crypto digest to 776e461 [SECURITY] Mar 28, 2023
@renovate renovate bot changed the title Update golang.org/x/crypto digest to 776e461 [SECURITY] Update golang.org/x/crypto digest to 018c28f [SECURITY] Mar 28, 2023
@renovate renovate bot force-pushed the renovate/go-golang.org/x/crypto-vulnerability branch from 585cd05 to dff8770 Compare March 28, 2023 06:57
@renovate renovate bot changed the title Update golang.org/x/crypto digest to 018c28f [SECURITY] Update golang.org/x/crypto digest to 776e461 [SECURITY] Mar 28, 2023
@renovate renovate bot force-pushed the renovate/go-golang.org/x/crypto-vulnerability branch from dff8770 to 74cc26e Compare March 28, 2023 10:32
@renovate renovate bot changed the title Update golang.org/x/crypto digest to 776e461 [SECURITY] Update golang.org/x/crypto digest to 018c28f [SECURITY] Mar 28, 2023
@renovate renovate bot force-pushed the renovate/go-golang.org/x/crypto-vulnerability branch from 74cc26e to bdec8c5 Compare March 28, 2023 13:33
@renovate renovate bot changed the title Update golang.org/x/crypto digest to 018c28f [SECURITY] Update golang.org/x/crypto digest to 776e461 [SECURITY] Mar 30, 2023
@renovate renovate bot force-pushed the renovate/go-golang.org/x/crypto-vulnerability branch from bdec8c5 to 82d237d Compare March 30, 2023 01:48
@renovate renovate bot changed the title Update golang.org/x/crypto digest to 776e461 [SECURITY] Update golang.org/x/crypto digest to 018c28f [SECURITY] Mar 30, 2023
@renovate renovate bot force-pushed the renovate/go-golang.org/x/crypto-vulnerability branch from 82d237d to a515843 Compare March 30, 2023 03:25
@renovate renovate bot changed the title Update golang.org/x/crypto digest to 018c28f [SECURITY] Update golang.org/x/crypto digest to 776e461 [SECURITY] Mar 30, 2023
@renovate renovate bot changed the title Update golang.org/x/crypto digest to 183630a [SECURITY] Update golang.org/x/crypto digest to 8e447d8 [SECURITY] Jul 5, 2023
@renovate renovate bot force-pushed the renovate/go-golang.org/x/crypto-vulnerability branch from bfd5454 to c5f2838 Compare July 5, 2023 13:33
@renovate renovate bot changed the title Update golang.org/x/crypto digest to 8e447d8 [SECURITY] Update golang.org/x/crypto digest to e984872 [SECURITY] Jul 5, 2023
@renovate renovate bot force-pushed the renovate/go-golang.org/x/crypto-vulnerability branch from c5f2838 to fed37b1 Compare July 5, 2023 15:35
@renovate renovate bot changed the title Update golang.org/x/crypto digest to e984872 [SECURITY] Update golang.org/x/crypto digest to 23b1b90 [SECURITY] Jul 6, 2023
@renovate renovate bot force-pushed the renovate/go-golang.org/x/crypto-vulnerability branch from fed37b1 to dcb5741 Compare July 6, 2023 03:25
@renovate renovate bot changed the title Update golang.org/x/crypto digest to 23b1b90 [SECURITY] Update golang.org/x/crypto digest to e984872 [SECURITY] Jul 6, 2023
@renovate renovate bot force-pushed the renovate/go-golang.org/x/crypto-vulnerability branch 2 times, most recently from 3ac17cf to 76e925a Compare July 6, 2023 11:36
@renovate renovate bot changed the title Update golang.org/x/crypto digest to e984872 [SECURITY] Update golang.org/x/crypto digest to 23b1b90 [SECURITY] Jul 6, 2023
@renovate renovate bot changed the title Update golang.org/x/crypto digest to 23b1b90 [SECURITY] Update golang.org/x/crypto digest to e984872 [SECURITY] Jul 6, 2023
@renovate renovate bot force-pushed the renovate/go-golang.org/x/crypto-vulnerability branch from 76e925a to 542c900 Compare July 6, 2023 15:49
@renovate renovate bot changed the title Update golang.org/x/crypto digest to e984872 [SECURITY] Update golang.org/x/crypto digest to 23b1b90 [SECURITY] Jul 7, 2023
@renovate renovate bot force-pushed the renovate/go-golang.org/x/crypto-vulnerability branch from 542c900 to 22d1249 Compare July 7, 2023 00:03
@renovate renovate bot changed the title Update golang.org/x/crypto digest to 23b1b90 [SECURITY] Update golang.org/x/crypto digest to e984872 [SECURITY] Jul 7, 2023
@renovate renovate bot force-pushed the renovate/go-golang.org/x/crypto-vulnerability branch 2 times, most recently from d85a0b5 to 3af4ad6 Compare July 8, 2023 03:35
@renovate renovate bot changed the title Update golang.org/x/crypto digest to e984872 [SECURITY] Update golang.org/x/crypto digest to 23b1b90 [SECURITY] Jul 8, 2023
@renovate renovate bot changed the title Update golang.org/x/crypto digest to 23b1b90 [SECURITY] Update golang.org/x/crypto digest to e984872 [SECURITY] Jul 8, 2023
@renovate renovate bot force-pushed the renovate/go-golang.org/x/crypto-vulnerability branch from 3af4ad6 to 8627c97 Compare July 8, 2023 09:51
@renovate renovate bot changed the title Update golang.org/x/crypto digest to e984872 [SECURITY] Update golang.org/x/crypto digest to 23b1b90 [SECURITY] Jul 8, 2023
@renovate renovate bot force-pushed the renovate/go-golang.org/x/crypto-vulnerability branch 2 times, most recently from e4de667 to b1886f4 Compare July 8, 2023 19:25
@renovate renovate bot changed the title Update golang.org/x/crypto digest to 23b1b90 [SECURITY] Update golang.org/x/crypto digest to e984872 [SECURITY] Jul 8, 2023
@renovate renovate bot changed the title Update golang.org/x/crypto digest to e984872 [SECURITY] Update golang.org/x/crypto digest to 23b1b90 [SECURITY] Jul 9, 2023
@renovate renovate bot force-pushed the renovate/go-golang.org/x/crypto-vulnerability branch from b1886f4 to 4a0f151 Compare July 9, 2023 07:15
@renovate renovate bot changed the title Update golang.org/x/crypto digest to 23b1b90 [SECURITY] Update golang.org/x/crypto digest to 23b1b90 [SECURITY] - autoclosed Jul 9, 2023
@renovate renovate bot closed this Jul 9, 2023
@renovate renovate bot deleted the renovate/go-golang.org/x/crypto-vulnerability branch July 9, 2023 10:16
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants