Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update go.mod dependencies release-0.17 [SECURITY] #302

Merged
merged 1 commit into from
Dec 18, 2024
Merged

Update go.mod dependencies release-0.17 [SECURITY] #302

merged 1 commit into from
Dec 18, 2024

Conversation

turkenf
Copy link
Contributor

@turkenf turkenf commented Dec 18, 2024
edited
Loading

Description of your changes

This PR updates go.mod dependencies to fix the following:

Name Change Type Vulnerability Severity
golang.org/x/crypto v0.21.0 -> v0.31.0 go-module GHSA-v778-237x-gjrc High

I have:

  • Run make reviewable to ensure this PR is ready for review.

How has this code been tested

https://github.com/upbound/provider-terraform/actions/runs/12396612822

@turkenf turkenf changed the base branch from main to release-0.17 December 18, 2024 14:21
@turkenf
Copy link
Contributor Author

turkenf commented Dec 18, 2024

/test-examples="examples/workspace-inline-aws.yaml"

@turkenf turkenf force-pushed the vulnerability-fix-0.17 branch from 2ab3f17 to 69e54a1 Compare December 18, 2024 15:54
@turkenf
Copy link
Contributor Author

turkenf commented Dec 18, 2024

/test-examples="examples/workspace-inline-aws.yaml"

@turkenf turkenf marked this pull request as ready for review December 18, 2024 16:14
sergenyalcin
sergenyalcin reviewed Dec 18, 2024
View reviewed changes
examples/providerconfig-aws.yaml
@@ -27,5 +27,5 @@ spec:
}
provider "aws" {
shared_credentials_files = ["${path.module}/aws-creds.ini"]
region = "eu-west-1"
region = "us-east-2"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was changed to unblock the VPC quota.

sergenyalcin
sergenyalcin approved these changes Dec 18, 2024
View reviewed changes
Copy link
Member

@sergenyalcin sergenyalcin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @turkenf LGTM!

@turkenf turkenf merged commit 9382ca8 into upbound:release-0.17 Dec 18, 2024
10 checks passed
@turkenf turkenf deleted the vulnerability-fix-0.17 branch December 18, 2024 17:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sergenyalcin sergenyalcin sergenyalcin approved these changes

@bobh66 bobh66 Awaiting requested review from bobh66 bobh66 is a code owner

@ytsarev ytsarev Awaiting requested review from ytsarev ytsarev is a code owner

@negz negz Awaiting requested review from negz negz is a code owner

@ulucinar ulucinar Awaiting requested review from ulucinar ulucinar is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@turkenf @sergenyalcin