Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump crypto dependency to address critical CVE-2024-45337 #1974

Open
3 tasks done
vinceaperri opened this issue Jan 9, 2025 · 0 comments
Open
3 tasks done

Bump crypto dependency to address critical CVE-2024-45337 #1974

vinceaperri opened this issue Jan 9, 2025 · 0 comments
Labels
kind/bug Something isn't working

Comments

@vinceaperri
Copy link

Preflight Checklist

  • I have searched the issue tracker for an issue that matches the one I want to file, without success.
  • I am not looking for support or already pursued the available support channels without success.
  • I have checked the troubleshooting guide for my problem, without success.

Viper Version

1.19.0

Go Version

1.22.7

Config Source

Flags

Format

No response

Repl.it link

No response

Code reproducing the issue

No response

Expected Behavior

$ go mod graph | grep viper | grep crypto
github.com/spf13/[email protected] golang.org/x/crypto@v<version>

where <version> >= 0.32.0

Actual Behavior

$ go mod graph | grep viper | grep crypto
github.com/spf13/[email protected] golang.org/x/[email protected]

Steps To Reproduce

No response

Additional Information

https://nvd.nist.gov/vuln/detail/CVE-2024-45337
@vinceaperri vinceaperri added the kind/bug Something isn't working label Jan 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vinceaperri