mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-05-24 08:16:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,230 Commits 29 Branches 42 Tags
Commit Graph

4 Commits

Author SHA1 Message Date
Niraj Yadav
1dabe902c6 DFBUGS-1158: [release-4.16] Misuse of ServerConfig.PublicKeyCallback (CVE-2024-45337) 
Update `golang.org.crypto` to `0.32.0`

Signed-off-by: Niraj Yadav <niryadav@redhat.com>
 2025-02-19 16:03:28 +05:30
dependabot[bot]
dc655f03a8 rebase: bump the golang-dependencies group with 1 update 
Bumps the golang-dependencies group with 1 update: [golang.org/x/sys](https://github.com/golang/sys).

- [Commits](https://github.com/golang/sys/compare/v0.13.0...v0.14.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-11-10 07:28:10 +00:00
Niels de Vos
a129b1c4ab rebase: update golang.org/x/net to v0.14 
golang.org/x/net/html v0.12 is vulnerable against CVE-2023-3978.
Exploiting it through Ceph-CSI is non-trivial, but rebasing
golang.org/x/net should take away any concerns.

See-also: https://pkg.go.dev/vuln/GO-2023-1988
Signed-off-by: Niels de Vos <ndevos@ibm.com>
 2023-08-07 20:56:44 +00:00
dependabot[bot]
d231cde05e rebase: Bump golang.org/x/sys from 0.9.0 to 0.10.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.9.0 to 0.10.0.
- [Commits](https://github.com/golang/sys/compare/v0.9.0...v0.10.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-11 09:02:38 +00:00