Upgrade golang.org/x/crypto to v0.31.0 (#603)

Description: This PR updates golang.org/x/crypto to the latest version (v0.31.0) to mitigate the security vulnerability identified as [CVE-2024-45337](https://nvd.nist.gov/vuln/detail/CVE-2024-45337). Summary of Changes: Updated go.mod to require golang.org/x/[email protected]. Ran go mod tidy to clean up dependencies. Why This Change Is Important: The previously used version of golang.org/x/crypto was affected by CVE-2024-45337. Upgrading to v0.31.0 resolves this issue and ensures the library remains secure and up-to-date. Impact: No breaking changes are expected as v0.31.0 is backward-compatible with prior versions. Improves the security posture of the project by addressing a critical vulnerability. References: CVE-2024-45337: https://nvd.nist.gov/vuln/detail/CVE-2024-45337 Golang changelog for x/crypto: https://pkg.go.dev/golang.org/x/crypto Please let me know if you have any feedback or require additional changes. Thank you for reviewing this PR!
amacneil · Dec 19, 2024 · 0abc77b · 0abc77b
1 parent 1acb12f
commit 0abc77b
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/go.mod b/go.mod
@@ -62,7 +62,7 @@ require (
 	go.opentelemetry.io/otel v1.32.0 // indirect
 	go.opentelemetry.io/otel/metric v1.32.0 // indirect
 	go.opentelemetry.io/otel/trace v1.32.0 // indirect
-	golang.org/x/crypto v0.30.0 // indirect
+	golang.org/x/crypto v0.31.0 // indirect
 	golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d // indirect
 	golang.org/x/mod v0.22.0 // indirect
 	golang.org/x/net v0.32.0 // indirect

diff --git a/go.sum b/go.sum
@@ -478,8 +478,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY=
-golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=