Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update golang.org/x/crypto to v0.17.0 #2719

Merged
merged 1 commit into from
Dec 20, 2023
Merged

Conversation

jdn5126
Copy link
Contributor

@jdn5126 jdn5126 commented Dec 19, 2023

What type of PR is this?
dependency

Which issue does this PR fix:
N/A

What does this PR do / Why do we need it:
This PR updates golang.org/x/crypto to v0.17.0 to avoid the VPC CNI being flagged for https://terrapin-attack.com/. It is not vulnerable, but image scanner tools are not smart enough.

If an issue # is not available please add repro steps and logs from IPAMD/CNI showing the issue:
N/A

Testing done on this change:
Verified that image builds and can be deployed

Will this PR introduce any new dependencies?:
No

Will this break upgrades or downgrades? Has updating a running cluster been tested?:
No, Yes

Does this change require updates to the CNI daemonset config files to work?:
No

Does this PR introduce any user-facing change?:
Yes

Update golang.org/x/crypto to v0.17.0

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@jdn5126 jdn5126 requested a review from a team as a code owner December 19, 2023 23:21
@jdn5126 jdn5126 merged commit 3be5799 into aws:master Dec 20, 2023
6 checks passed
@jdn5126 jdn5126 deleted the crypto_update branch December 20, 2023 01:18
jchen6585 pushed a commit to jchen6585/amazon-vpc-cni-k8s that referenced this pull request Dec 21, 2023
jdn5126 added a commit to jdn5126/amazon-vpc-cni-k8s that referenced this pull request Dec 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants