)]}'
{
  "commit": "ced2fcb5d664917b7c8dc98bf3a3bc7d033d38f8",
  "tree": "6bc08a46326c0715ebc2a4230fd997b2d850280b",
  "parents": [
    "49c42250f92e4d9d27fe9c558c52430b1f81531e"
  ],
  "author": {
    "name": "Michael Tang",
    "email": "tangm@microsoft.com",
    "time": "Wed Jan 08 19:13:44 2025 -0800"
  },
  "committer": {
    "name": "Dawn LUCI CQ",
    "email": "dawn-scoped@luci-project-accounts.iam.gserviceaccount.com",
    "time": "Wed Jan 08 19:13:44 2025 -0800"
  },
  "message": "Bump golang.org/x/crypto from v0.14.0 to v0.31.0\n\nVersions of the crypto module before v0.31.0 contain a potential\nvulnerability in ServerConfig.PublicKeyCallback. The new version\ncontains a mitigation.\n\nNote that it appears that dawn uses the crypto module only in tooling\nfor its hash functions and does not use the affected type. This change\nsimply updates the dependency to satisfy automatic dependency checker\ntooling.\n\nSee: https://pkg.go.dev/vuln/GO-2024-3321\n\nThis change was generated by running:\n  go get golang.org/x/crypto@v0.31\n\nChange-Id: I990c5cf1e58abeba863021df8f3ba7813e9c11b9\nReviewed-on: https://dawn-review.googlesource.com/c/dawn/+/221495\nReviewed-by: dan sinclair \u003cdsinclair@chromium.org\u003e\nCommit-Queue: Michael Tang \u003ctangm@microsoft.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "96cbe02cbffb3b6e4e29452ac2134c277350c7e8",
      "old_mode": 33188,
      "old_path": "go.mod",
      "new_id": "74671073dcf184f288e0d4840c214ce1dce19819",
      "new_mode": 33188,
      "new_path": "go.mod"
    },
    {
      "type": "modify",
      "old_id": "ed6a34d994fac3c0cc36a79a11e43c73af92de77",
      "old_mode": 33188,
      "old_path": "go.sum",
      "new_id": "bc1393c478032588463bf1791368f0de4c37dbbe",
      "new_mode": 33188,
      "new_path": "go.sum"
    }
  ]
}