Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bump golang.org/x/net to v0.33.0 to fix potential security issue #12405

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

bump golang.org/x/net to v0.33.0 to fix potential security issue #12405

wants to merge 1 commit into from

Conversation

glours
Copy link
Contributor

@glours glours commented Dec 19, 2024

golang/go#70906

What I did
update golang.org/x/net dependency to version v0.33.0

Related issue

(not mandatory) A picture of a cute animal, if possible in relation to what you did

@glours glours self-assigned this Dec 19, 2024
@glours glours requested a review from ndeloof December 19, 2024 09:46
@thaJeztah
Copy link
Member

thaJeztah commented Dec 19, 2024
edited
Loading

Just to prevent people from being concerned; this is fixing potential false positives from scanners. The docker compose code is NOT affected by this CVE;

git rev-parse --verify HEAD
56e92e34b63739ae345453a96fd315c8d8b06e93

go install golang.org/x/vuln/cmd/govulncheck@latest

govulncheck -show=verbose ./...
Scanning your code and 1172 packages across 179 dependent modules for known vulnerabilities...

Fetching vulnerabilities from the database...

Checking the code against the vulnerabilities...

=== Symbol Results ===

No vulnerabilities found.

=== Package Results ===

Vulnerability #1: GO-2024-3333
    Non-linear parsing of case-insensitive content in golang.org/x/net/html
  More info: https://pkg.go.dev/vuln/GO-2024-3333
  Module: golang.org/x/net
    Found in: golang.org/x/[email protected]
    Fixed in: golang.org/x/[email protected]

=== Module Results ===

No other vulnerabilities found.

Your code is affected by 0 vulnerabilities.
This scan also found 1 vulnerability in packages you import and 0
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.

thaJeztah
thaJeztah approved these changes Dec 19, 2024
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thaJeztah thaJeztah thaJeztah approved these changes

@ndeloof ndeloof Awaiting requested review from ndeloof

At least 1 approving review is required to merge this pull request.

Assignees

@glours glours

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@glours @thaJeztah