Skip to content

[Feature] Update golang.org/x/crypto v0.50.0 -> v0.52.0 #8779

Description

@dbaumgarten

What feature/behavior/change do you want?

Please update the golang.org/x/crypto dependency to (at least) v0.52.0 .

Why do you want this feature?

Our company uses automated security scanning tools to identify vulnerable software. We have eksctl installed on various machines which gets flagged for multiple critical CVEs because eksctl uses a vulnerable version of golang.org/x/crypto/ssh .

I know these CVEs are most probably not relevant for eksctl, but security scanners don't care about that. And just updating the dependency would get rid of a bunch of very annoying "security findings".

Image

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions