我的代码是1.17.1的时候编写的,然后go mod就是用了当时x/crypto的最新版本
现在我们的代码扫描工具检查到这个版本不安全,让更新到新版本,问题
1.有没有啥命令可以让所有的依赖库都更新到最新版本
2.如果手动修改,go.mod和go.sum都要手工修改么
具体
go.mod
xxx/go.mod: golang.org/x/crypto v0.0.0-20210920023735-84f357641f63 // indirect
go.sum
xxx/go.sum:golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
xxx/go.sum:golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
xxx/go.sum:golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e h1:gsTQYXdTw2Gq7RBsWvlQ91b+aEQ6bXFUngBGuR8sPpI=
xxx/go.sum:golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
xxx/go.sum:golang.org/x/crypto v0.0.0-20210920023735-84f357641f63 h1:kETrAMYZq6WVGPa8IIixL0CaEcIUNi+1WX7grUoi3y8=
xxx/go.sum:golang.org/x/crypto v0.0.0-20210920023735-84f357641f63/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
具体:
描述
ssh Package for Go contains a flaw in the readCipherPacket() functions in ssh/cipher.go that is triggered when processing GCM and ChaChaPoly1305 packets with an empty payload. This may allow a remote attacker to cause an SSH server using the library to panic, resulting in a denial of service.
修复版本
0.0.0-20211202192323-5770296d904e
--
FROM 106.120.101.*