Update x/crypto and x/text dependencies

danielqsj / kafka_exporter

Kafka exporter for Prometheus

Apache License 2.0

2.18k stars 610 forks source link

Update x/crypto and x/text dependencies #312

Closed ajborley closed 2 years ago

ajborley commented 2 years ago

Mitigate CVE-2021-38561
Mitigate CVE-2021-43565

Signed-off-by: Andrew Borley BORLEY@uk.ibm.com

grdryn commented 2 years ago

@ajborley Hi! Without this fix, when I scan with snyk, I didn't seem to get anything about these. Just curious, did you scan with something else, or use special parameters or something?

ajborley commented 2 years ago

@ajborley Hi! Without this fix, when I scan with snyk, I didn't seem to get anything about these. Just curious, did you scan with something else, or use special parameters or something?

Hi @grdryn - sorry for the delay. This was spotted by our corporate scanning tool, although I'm not sure exactly how it is configured. Does snyk still not report anything? I would expect CVE-2021-38561 to show up at least, given that it's in the snyk db.

danielqsj commented 2 years ago

LGTM, thanks @ajborley