Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump dependency golang.org/x/net to v0.23.0 #261

Merged
merged 1 commit into from
Dec 6, 2024
Merged

build(deps): bump dependency golang.org/x/net to v0.23.0 #261

merged 1 commit into from
Dec 6, 2024

Conversation

Sumynwa
Copy link

@Sumynwa Sumynwa commented Dec 5, 2024

Merge Checklist
  • Followed patch format from upstream recommendation: https://github.com/kata-containers/community/blob/main/CONTRIBUTING.md#patch-format
    • Included a single commit in a given PR - at least unless there are related commits and each makes sense as a change on its own.
  • Aware about the PR to be merged using "create a merge commit" rather than "squash and merge" (or similar)
  • The upstream/missing label (or upstream/not-needed) has been set on the PR.
Summary

This PR bumps indirect dependency golang.org/x/net to fix CVE-2023-39325 & CVE-2023-45288
The dependencies bumped are
golang.org/x/sys v0.7.0 -> v0.18.0
golang.org/x/net v0.8.0 -> v0.23.0

Test Methodology

@Sumynwa Sumynwa force-pushed the sumsharma/update-golang-net branch 2 times, most recently from 84dfcb5 to b12333c Compare December 5, 2024 09:00
@Sumynwa Sumynwa added upstream/not-needed PRs that will not be upstreamed (e.g. internal) dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Dec 5, 2024
@Sumynwa
build(deps): bump dependency golang.org/x/net to v0.23.0
4a2b5c9 
Bumps golang.org/x/net from v0.8.0 to v0.23.0.

Signed-off-by: Sumedh Alok Sharma <[email protected]>
@Sumynwa Sumynwa force-pushed the sumsharma/update-golang-net branch from b12333c to 4a2b5c9 Compare December 5, 2024 09:08
@Sumynwa Sumynwa marked this pull request as ready for review December 5, 2024 09:28
@Sumynwa Sumynwa requested review from a team as code owners December 5, 2024 09:28
@Sumynwa
Copy link
Author

Sumynwa commented Dec 5, 2024

Fixes CVE-2023-45288 & CVE-2023-39325

@Sumynwa Sumynwa changed the title Bump dependency golang.org/x/net to v0.23.0 build(deps): bump dependency golang.org/x/net to v0.23.0 Dec 5, 2024
@Sumynwa Sumynwa merged commit d4eae11 into msft-main Dec 6, 2024
86 of 103 checks passed
@Sumynwa Sumynwa deleted the sumsharma/update-golang-net branch December 6, 2024 05:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ms-mahuber ms-mahuber ms-mahuber approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code upstream/not-needed PRs that will not be upstreamed (e.g. internal)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Sumynwa @ms-mahuber