Skip to content

vendor: golang.org/x/net v0.33.0#5648

Merged
crazy-max merged 1 commit intomoby:masterfrom
thaJeztah:vendor_x_net
Jan 14, 2025
Merged

vendor: golang.org/x/net v0.33.0#5648
crazy-max merged 1 commit intomoby:masterfrom
thaJeztah:vendor_x_net

Conversation

@thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented Jan 13, 2025

contains a fix for CVE-2024-45338 / https://go.dev/issue/70906, but it doesn't affect our codebase:

govulncheck -show=verbose ./...
...
Vulnerability #1: GO-2024-3333
    Non-linear parsing of case-insensitive content in golang.org/x/net/html
  More info: https://pkg.go.dev/vuln/GO-2024-3333
  Module: golang.org/x/net
    Found in: golang.org/x/net@v0.29.0
    Fixed in: golang.org/x/net@v0.33.0

Your code is affected by 0 vulnerabilities.
This scan also found 0 vulnerabilities in packages you import and 1
vulnerability in modules you require, but your code doesn't appear to call these
vulnerabilities.

@thaJeztah thaJeztah self-assigned this Jan 13, 2025
@github-actions github-actions bot added the area/dependencies Pull requests that update a dependency file label Jan 13, 2025
@thaJeztah thaJeztah mentioned this pull request Jan 13, 2025
Merged
8 tasks
crazy-max
crazy-max requested changes Jan 14, 2025
View reviewed changes
Copy link
Member

@crazy-max crazy-max left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

needs rebase

@thaJeztah
vendor: golang.org/x/net v0.33.0
5e5e886 
contains a fix for CVE-2024-45338 / https://go.dev/issue/70906, but it doesn't affect our codebase:

    govulncheck -show=verbose ./...
    ...
    Vulnerability #1: GO-2024-3333
        Non-linear parsing of case-insensitive content in golang.org/x/net/html
      More info: https://pkg.go.dev/vuln/GO-2024-3333
      Module: golang.org/x/net
        Found in: golang.org/x/net@v0.29.0
        Fixed in: golang.org/x/net@v0.33.0

    Your code is affected by 0 vulnerabilities.
    This scan also found 0 vulnerabilities in packages you import and 1
    vulnerability in modules you require, but your code doesn't appear to call these
    vulnerabilities.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah
Copy link
Member Author

thaJeztah commented Jan 14, 2025

Rebased 👍

@crazy-max crazy-max merged commit f3210ae into moby:master Jan 14, 2025
@thaJeztah thaJeztah deleted the vendor_x_net branch January 14, 2025 12:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@crazy-max crazy-max crazy-max approved these changes

Assignees

@thaJeztah thaJeztah

Labels

area/dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@thaJeztah @crazy-max