fix(SEC): Fixing CVE-2021-31525 #8274
Conversation
|
Sanjay Kshetramade seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
sanjayk-github-dev
requested review from
akon-dey,
gcxml,
skrdgraph,
darkn3rd and
meghalims
as code owners
| @@ -62,10 +62,10 @@ require ( | |||
| go.opencensus.io v0.22.5 | |||
| go.uber.org/zap v1.16.0 | |||
| golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a | |||
| golang.org/x/net v0.0.0-20201021035429-f5854403a974 | |||
| golang.org/x/net v0.0.0-20210428140749-89ef3d95e781 | |||
There was a problem hiding this comment.
@skrdgraph I changed this to address CVE-2021-31525. However go mod tidy made additional changes.
There was a problem hiding this comment.
yes this is true, the current sec-CVE count is at 70 (before merging this PR). The other fixes that came in through go mod tidy will be addressing other CVEs for sure. We can look at the CVE count after this merge. We are expecting the number to drop to 69, but if it goes further below - it simply means we have fixed more CVEs with this single PR.
@meghalims I have signed the CLA, but it takes a day to reflect per @skrdgraph . |
Ahh yes. Thanks Sanjay |
Co-authored-by: Sanjay Kshetramade <[email protected]>
Problem
CVE-2021-31525
Solution
Fixing CVE-2021-31525 by bumping version