Bump version of golang.org/x/crypto to 0.18.0 to address authentication bypass vulnerability. #153
Conversation
Bump version of golang.org/x/crypto to 0.18.0 to address authentication bypass vulnerability.
Update go.mod golang.org/x/crypto version to patch authentication bypass by capture-replay vulnerability
|
@sam-caldwell Could you fix compile errors? |
|
Will investigate in my next spare cycles. |
I've fixed this in https://github.com/cfergeau/vz/commits/go-ssh/ in the |
|
@cfergeau good call out with dependabot. I use both snyk and dependabot regularly, and they are great tools for any repo. @Code-Hex fixes should be in, just waiting for github actions to fire and run the build. I'll have more spare cycles tomorrow morning so long as PagerDuty is willing. :-) Cheers! Sam |
|
@sam-caldwell Thanks |
|
Found two additional issues in the PR. Sorry for the messy PR...just trying to learn your codebase. :-)
|
…ch are not happening on local build environment
| @@ -23,7 +23,7 @@ jobs: | |||
| build: | |||
| needs: formatting-check | |||
| runs-on: ${{ matrix.os }} | |||
| timeout-minutes: 6 | |||
| timeout-minutes: 15 | |||
There was a problem hiding this comment.
You asked me to help fix your broken builds. The build is timing out. Increasing this value now has two of the builds passing.
|
Closing Pull request. Maintainer is more interested in control than fixes |
|
@sam-caldwell I'm very sad because cannot merge this PR |
|
@sam-caldwell I took this over in #155 and kept your name on the commit, let me know if this is a problem and want something different. |
Bump version of golang.org/x/crypto to 0.18.0 to address authentication bypass vulnerability.
Ticket: #152
This PR bumps the version of a vulnerable package.
Which issue(s) this PR fixes:
Fixes ##152
Additional documentation
Defect identified by snyk.io scanner