From c02d993f6a88f338c69a4428e4d27e8ae2c7b0b8 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Tue, 12 Apr 2022 14:13:17 -0400 Subject: Bump golang.org/x/crypto to 7b82a4e Resolves: GHSA-8c26-wmh5-6g9v - CVE-2022-27191 Podman doesn't seem to be directly affected as the logic in question is not called. golang.org/x/crypto@1baeb1ce contains the actual CVE fix. Using the latest upstream commit to also include support for SHA-2. Signed-off-by: Lokesh Mandvekar --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'go.mod') diff --git a/go.mod b/go.mod index 2be3a2678..cc0f61f15 100644 --- a/go.mod +++ b/go.mod @@ -64,7 +64,7 @@ require ( github.com/vbauerster/mpb/v6 v6.0.4 github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852 go.etcd.io/bbolt v1.3.6 - golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 + golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c golang.org/x/sys v0.0.0-20211004093028-2c5d950f24ef gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b -- cgit v1.2.3-54-g00ecf