Thanks to visit codestin.com
Credit goes to github.com

Skip to content

update golang crypto library dependency #815

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 11, 2022
Merged

update golang crypto library dependency #815

merged 2 commits into from
Feb 11, 2022

Conversation

@spiffcs
Copy link
Contributor

@spiffcs spiffcs commented Feb 11, 2022
edited
Loading

Resolves:
https://security.archlinux.org/CVE-2021-43565

20210921155107-089bfa567519 < v0.0.0-20211202192323-5770296d904e

Bump to 2022xxx

Signed-off-by: Christopher Phillips [email protected]

@spiffcs
bump golang crypto to resolve CVE-2020-29652
03d218f 
Signed-off-by: Christopher Phillips <[email protected]>
@spiffcs
go mod tidy
d935ec1 
Signed-off-by: Christopher Phillips <[email protected]>
@github-actions
Copy link

github-actions bot commented Feb 11, 2022
edited
Loading

Benchmark Test Results

Benchmark results from the latest changes vs base branch 
name                                                       old time/op    new time/op    delta
ImagePackageCatalogers/ruby-gemspec-cataloger-2              1.61ms ± 4%    1.70ms ± 7%    ~     (p=0.151 n=5+5)
ImagePackageCatalogers/python-package-cataloger-2            3.66ms ± 2%    4.00ms ±11%  +9.06%  (p=0.032 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2    1.26ms ± 2%    1.28ms ±10%    ~     (p=1.000 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         989µs ± 3%    1014µs ± 4%    ~     (p=0.222 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                    1.15ms ± 2%    1.22ms ± 5%  +5.38%  (p=0.008 n=5+5)
ImagePackageCatalogers/rpmdb-cataloger-2                     1.05ms ± 2%    1.06ms ± 3%    ~     (p=0.421 n=5+5)
ImagePackageCatalogers/java-cataloger-2                      26.9ms ± 2%    28.2ms ± 4%    ~     (p=0.056 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                     1.56ms ± 4%    1.56ms ± 5%    ~     (p=0.841 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2          2.44µs ± 1%    2.40µs ± 3%    ~     (p=0.095 n=5+5)

name                                                       old alloc/op   new alloc/op   delta
ImagePackageCatalogers/ruby-gemspec-cataloger-2               252kB ± 0%     253kB ± 0%  +0.19%  (p=0.016 n=5+5)
ImagePackageCatalogers/python-package-cataloger-2            1.06MB ± 0%    1.07MB ± 0%  +0.18%  (p=0.008 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2     253kB ± 0%     253kB ± 0%  +0.16%  (p=0.016 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         208kB ± 0%     208kB ± 0%  +0.19%  (p=0.008 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                     254kB ± 0%     254kB ± 0%  +0.18%  (p=0.032 n=5+5)
ImagePackageCatalogers/rpmdb-cataloger-2                      236kB ± 0%     236kB ± 0%    ~     (p=0.690 n=5+5)
ImagePackageCatalogers/java-cataloger-2                      4.18MB ± 0%    4.19MB ± 0%    ~     (p=0.151 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                     1.30MB ± 0%    1.30MB ± 0%  +0.06%  (p=0.032 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2            608B ± 0%      608B ± 0%    ~     (all equal)

name                                                       old allocs/op  new allocs/op  delta
ImagePackageCatalogers/ruby-gemspec-cataloger-2               6.33k ± 0%     6.33k ± 0%    ~     (all equal)
ImagePackageCatalogers/python-package-cataloger-2             21.4k ± 0%     21.4k ± 0%    ~     (p=0.413 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2     7.25k ± 0%     7.25k ± 0%    ~     (p=1.000 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         5.36k ± 0%     5.36k ± 0%    ~     (all equal)
ImagePackageCatalogers/dpkgdb-cataloger-2                     7.10k ± 0%     7.10k ± 0%    ~     (all equal)
ImagePackageCatalogers/rpmdb-cataloger-2                      6.82k ± 0%     6.82k ± 0%    ~     (all equal)
ImagePackageCatalogers/java-cataloger-2                       86.8k ± 0%     86.8k ± 0%    ~     (p=0.548 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                      7.37k ± 0%     7.37k ± 0%    ~     (p=0.238 n=5+4)
ImagePackageCatalogers/go-module-binary-cataloger-2            14.0 ± 0%      14.0 ± 0%    ~     (all equal)

@spiffcs spiffcs changed the title bump golang crypto to resolve CVE-2020-29652 bump golang crypto usage Feb 11, 2022
@spiffcs spiffcs requested a review from a team February 11, 2022 18:32
@spiffcs spiffcs changed the title bump golang crypto usage update golang crypto library dependency Feb 11, 2022
@spiffcs spiffcs merged commit e1e9ccb into main Feb 11, 2022
@spiffcs spiffcs deleted the update-crypto branch February 11, 2022 18:36
spiffcs added a commit that referenced this pull request Feb 17, 2022
@spiffcs
Merge branch '510-attach-sbomb-attestation' of https://github.com/anc…
6c2fe7d 
…hore/syft into 510-attach-sbomb-attestation

* '510-attach-sbomb-attestation' of https://github.com/anchore/syft:
  Upgrade install.sh to support installations for previous versions (#830)
  remove duplicate manifest lines (#828)
  bump stereoscope to include functional options (#823)
  update golang crypto library dependency (#815)
  deduplicate SPDX tag-value package IDs (#813)
  Add pURL generation for java packages + fix NPM pURL generation (#812)
spiffcs added a commit that referenced this pull request Feb 17, 2022
@spiffcs
Merge branch 'main' into 510-attach-sbomb-attestation
4f46f92 
* main:
  Upgrade install.sh to support installations for previous versions (#830)
  remove duplicate manifest lines (#828)
  bump stereoscope to include functional options (#823)
  update golang crypto library dependency (#815)
  deduplicate SPDX tag-value package IDs (#813)
  Add pURL generation for java packages + fix NPM pURL generation (#812)

Signed-off-by: Christopher Phillips <[email protected]>
spiffcs added a commit that referenced this pull request Feb 18, 2022
@spiffcs
update golang crypto library dependency (#815)
578463a 
* bump golang crypto to resolve CVE-2020-29652

Signed-off-by: Christopher Phillips <[email protected]>

* go mod tidy

Signed-off-by: Christopher Phillips <[email protected]>
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@spiffcs
update golang crypto library dependency (anchore#815)
05b5513 
* bump golang crypto to resolve CVE-2020-29652

Signed-off-by: Christopher Phillips <[email protected]>

* go mod tidy

Signed-off-by: Christopher Phillips <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wagoodman wagoodman wagoodman approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@spiffcs @wagoodman