Skip to content

upgrade crypto 40.0 ->45.0 to address CVE #3309

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wonwuakpa-msft wants to merge 4 commits into
base: main
Choose a base branch
from
Open

upgrade crypto 40.0 ->45.0 to address CVE #3309

wonwuakpa-msft wants to merge 4 commits into from

Conversation

@wonwuakpa-msft
Copy link
Member

@wonwuakpa-msft wonwuakpa-msft commented Dec 1, 2025
edited
Loading

Type of Change

  • Bug fix
  • New feature
  • Documentation update required
  • Code quality improvement
  • Other (describe):

How Has This Been Tested?

Thank you for your contribution to AzCopy!

Copilot AI review requested due to automatic review settings December 1, 2025 15:01
@wonwuakpa-msft wonwuakpa-msft changed the title upgrade from 40.0 to 45.0 to address CVE upgrade crypto 40.0 ->45.0 to address CVE Dec 1, 2025
Copilot AI reviewed Dec 1, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR upgrades golang.org/x dependencies to address CVE security vulnerabilities, updating crypto, net, sync, sys, and text packages to their latest versions.

  • Upgrades five golang.org/x packages to newer versions (crypto, net, sync, sys, text)
  • Updates corresponding checksums in go.sum for all upgraded dependencies
  • Follows the project's established pattern of incremental security updates

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
go.mod Updates version declarations for golang.org/x/crypto (0.40.0→0.45.0), golang.org/x/net (0.42.0→0.47.0), golang.org/x/sync (0.16.0→0.18.0), golang.org/x/sys (0.34.0→0.38.0), and golang.org/x/text (0.27.0→0.31.0)
go.sum Updates module checksums and go.mod hashes for all five upgraded golang.org/x packages to ensure integrity verification

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@gapra-msft gapra-msft gapra-msft approved these changes

@adreed-msft adreed-msft Awaiting requested review from adreed-msft adreed-msft is a code owner

@dphulkar-msft dphulkar-msft Awaiting requested review from dphulkar-msft dphulkar-msft is a code owner

@vibhansa-msft vibhansa-msft Awaiting requested review from vibhansa-msft vibhansa-msft is a code owner

@seanmcc-msft seanmcc-msft Awaiting requested review from seanmcc-msft seanmcc-msft is a code owner

@souravgupta-msft souravgupta-msft Awaiting requested review from souravgupta-msft souravgupta-msft is a code owner

@tanyasethi-msft tanyasethi-msft Awaiting requested review from tanyasethi-msft tanyasethi-msft is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@wonwuakpa-msft @gapra-msft