Bump golang.org/x/crypto from 0.29.0 to 0.31.0 #117
Conversation
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.29.0 to 0.31.0. - [Commits](golang/crypto@v0.29.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit 712ef8b)
|
This PR addresses GHSA-v778-237x-gjrc . I've closed it on my fork, it's better to be fixed here. |
|
@hryamzik Can I DM you? Email, IRC, discord, telegram, whichever you're happier. |
|
why? |
|
It's been more than 4 years (#52) since I'm maintaining this repository on my fork, mostly to have latest updates on a docker image of my own, push latest changes, and so on. You can checkout the fork yourself, not much is changed between here and there. What do you think about maintaining the docker image (I mean docker image on a public repository) here, and then you can add me as a maintainer in this repository, and I'll deal with docker image, Dockerfile issues, and stuff. I'm happy with my fork myself, and it's getting used daily and it's awesome, but maybe it's worth to get merged here after 4 years :) and join our efforts. |
|
Granted you write access |
|
Thanks that was quick! I guess it's better not to use docker image in my name, and create a inCaller/prometheus_bot docker image, and I'd rather it's getting created by you, so you are the owner of the image, or inCaller organization. Please tell me what to do from here, also please tell me if you'd rather talk about this in another issue. |
|
I'd rather user github docker registry, I didn't check docs fully but looks like there's just a workflow file to be added. |
|
Fine, I'll test this on my repository, then merge all the changes at last here. |
Bumps golang.org/x/crypto from 0.29.0 to 0.31.0.
updated-dependencies:
Signed-off-by: dependabot[bot] support@github.com
(cherry picked from commit 712ef8b)