Skip to content

Update golang.org/x/crypto to v0.31.0 #591

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Dec 19, 2024
Merged

Update golang.org/x/crypto to v0.31.0 #591

merged 2 commits into from
Dec 19, 2024

Conversation

rockdaboot
Copy link
Contributor

@rockdaboot rockdaboot commented Dec 18, 2024
edited
Loading

Fixes https://github.com/elastic/apm-aws-lambda/security/dependabot/40

The code is not directly using the vulnerable function, but better be on the safe side and update.

@rockdaboot rockdaboot added the go Pull requests that update Go code label Dec 18, 2024
@rockdaboot rockdaboot self-assigned this Dec 18, 2024
@github-actions github-actions bot added the aws-λ-extension AWS Lambda Extension label Dec 18, 2024
kruskall
kruskall previously approved these changes Dec 18, 2024
View reviewed changes
tools/go.mod Outdated
toolchain go1.23.1
go 1.23

toolchain go1.23.4
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can probably drop the toolchain

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is your GOTOOLCHAIN setting to avoid go mod tidy to add the toolchain entry?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there's no way to do that with go mod tidy unfortunately. I usually run go mod tidy -go=x to see if some deps is requesting a higher go version. If everything is good go get toolchain@none should drop the toolchain.

This should probably be fixed upstream :(

@rockdaboot rockdaboot merged commit 5ae8e6d into elastic:main Dec 19, 2024
8 checks passed
@rockdaboot rockdaboot deleted the fix-40 branch December 19, 2024 08:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kruskall kruskall kruskall left review comments

@florianl florianl florianl approved these changes

Assignees

@rockdaboot rockdaboot

Labels

aws-λ-extension AWS Lambda Extension go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rockdaboot @florianl @kruskall