Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vendor: golang.org/x/net v0.33.0 #5648

Merged
merged 1 commit into from
Jan 14, 2025
Merged

vendor: golang.org/x/net v0.33.0 #5648

merged 1 commit into from
Jan 14, 2025

Conversation

thaJeztah
Copy link
Member

contains a fix for CVE-2024-45338 / https://go.dev/issue/70906, but it doesn't affect our codebase:

govulncheck -show=verbose ./...
...
Vulnerability #1: GO-2024-3333
    Non-linear parsing of case-insensitive content in golang.org/x/net/html
  More info: https://pkg.go.dev/vuln/GO-2024-3333
  Module: golang.org/x/net
    Found in: golang.org/x/net@v0.29.0
    Fixed in: golang.org/x/net@v0.33.0

Your code is affected by 0 vulnerabilities.
This scan also found 0 vulnerabilities in packages you import and 1
vulnerability in modules you require, but your code doesn't appear to call these
vulnerabilities.

@thaJeztah thaJeztah self-assigned this Jan 13, 2025
@github-actions github-actions bot added the area/dependencies Pull requests that update a dependency file label Jan 13, 2025
@thaJeztah thaJeztah mentioned this pull request Jan 13, 2025
Draft
7 tasks
crazy-max
crazy-max requested changes Jan 14, 2025
View reviewed changes
Copy link
Member

@crazy-max crazy-max left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

needs rebase

@thaJeztah
vendor: golang.org/x/net v0.33.0
5e5e886 
contains a fix for CVE-2024-45338 / https://go.dev/issue/70906, but it doesn't affect our codebase:

    govulncheck -show=verbose ./...
    ...
    Vulnerability #1: GO-2024-3333
        Non-linear parsing of case-insensitive content in golang.org/x/net/html
      More info: https://pkg.go.dev/vuln/GO-2024-3333
      Module: golang.org/x/net
        Found in: golang.org/x/net@v0.29.0
        Fixed in: golang.org/x/net@v0.33.0

    Your code is affected by 0 vulnerabilities.
    This scan also found 0 vulnerabilities in packages you import and 1
    vulnerability in modules you require, but your code doesn't appear to call these
    vulnerabilities.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah
Copy link
Member Author

Rebased 👍

@crazy-max crazy-max merged commit f3210ae into moby:master Jan 14, 2025
98 checks passed
@thaJeztah thaJeztah deleted the vendor_x_net branch January 14, 2025 12:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@crazy-max crazy-max crazy-max approved these changes

Assignees

@thaJeztah thaJeztah

Labels
area/dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@thaJeztah @crazy-max