Skip to content

[release/1.7] go.mod: golang.org/x/* latest#12096

Merged
estesp merged 1 commit intocontainerd:release/1.7from
AkihiroSuda:dev-1.7
Jul 16, 2025
Merged

[release/1.7] go.mod: golang.org/x/* latest#12096
estesp merged 1 commit intocontainerd:release/1.7from
AkihiroSuda:dev-1.7

Conversation

@AkihiroSuda
Copy link
Member

@AkihiroSuda AkihiroSuda commented Jul 15, 2025

Silences a false govulncheck alert

Vulnerability #1: GO-2025-3595
    Incorrect Neutralization of Input During Web Page Generation in x/net in
    golang.org/x/net
  More info: https://pkg.go.dev/vuln/GO-2025-3595
  Module: golang.org/x/net
    Found in: golang.org/x/net@v0.36.0
    Fixed in: golang.org/x/net@v0.38.0

@github-project-automation github-project-automation bot moved this to Needs Triage in Pull Request Review Jul 15, 2025
@AkihiroSuda AkihiroSuda changed the title go.mod: golang.org/x/* latest [release/1.7] go.mod: golang.org/x/* latest Jul 15, 2025
@dosubot dosubot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 15, 2025
@AkihiroSuda
Copy link
Member Author

AkihiroSuda commented Jul 15, 2025
edited
Loading

What's this?

+ cd /src/instrumentation
+ go run main.go --target_dir /src/containerd/images
go: downloading go1.24.0 (linux/amd64)
go: downloading golang.org/x/tools v0.17.0
go: downloading golang.org/x/mod v0.14.0
2025/07/15 06:22:47 internal error: package "archive/tar" without types was imported from "command-line-arguments"
exit status 1

https://github.com/containerd/containerd/actions/runs/16285689336/job/45983852231?pr=12096

EDIT: known failure:

@AkihiroSuda AkihiroSuda changed the title [release/1.7] go.mod: golang.org/x/* latest [release/1.7] go.mod: golang.org/x/net v0.38.0 Jul 15, 2025
@AkihiroSuda AkihiroSuda changed the title [release/1.7] go.mod: golang.org/x/net v0.38.0 [release/1.7] go.mod: golang.org/x/* latest Jul 15, 2025
@AkihiroSuda
go.mod: golang.org/x/* latest
da5d1a3 
Silences a false govulncheck alert

```
Vulnerability #1: GO-2025-3595
    Incorrect Neutralization of Input During Web Page Generation in x/net in
    golang.org/x/net
  More info: https://pkg.go.dev/vuln/GO-2025-3595
  Module: golang.org/x/net
    Found in: golang.org/x/net@v0.36.0
    Fixed in: golang.org/x/net@v0.38.0
```

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
@github-project-automation github-project-automation bot moved this from Needs Triage to Review In Progress in Pull Request Review Jul 16, 2025
@estesp estesp merged commit dcbe470 into containerd:release/1.7 Jul 16, 2025
129 of 136 checks passed
@github-project-automation github-project-automation bot moved this from Review In Progress to Done in Pull Request Review Jul 16, 2025
@austinvazquez austinvazquez mentioned this pull request Jul 22, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@estesp estesp estesp approved these changes

@austinvazquez austinvazquez austinvazquez approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code size/XXL

Projects

Pull Request Review
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@AkihiroSuda @estesp @austinvazquez @k8s-ci-robot