Skip to content

[1.2] build(deps): bump golang.org/x/net from 0.24.0 to 0.33.0#4632

Merged
kolyshkin merged 1 commit intoopencontainers:release-1.2from
lifubang:1.2-bump-xnet-to-0.33.0
Feb 13, 2025
Merged

[1.2] build(deps): bump golang.org/x/net from 0.24.0 to 0.33.0#4632
kolyshkin merged 1 commit intoopencontainers:release-1.2from
lifubang:1.2-bump-xnet-to-0.33.0

Conversation

@lifubang
Copy link
Member

@lifubang lifubang commented Feb 13, 2025

There is a security patch for CVE-2024-45338 in this version.

Ref: GHSA-w32m-9786-jp63

The original post is here: #4582 (comment)

@lifubang
build(deps): bump golang.org/x/net from 0.24.0 to 0.33.0
615240a 
There is a security patch for CVE-2024-45338 in this version.
Ref: GHSA-w32m-9786-jp63

Signed-off-by: lifubang <lifubang@acmcoder.com>
@lifubang lifubang mentioned this pull request Feb 13, 2025
Merged
AkihiroSuda
AkihiroSuda approved these changes Feb 13, 2025
View reviewed changes
Copy link
Member

@AkihiroSuda AkihiroSuda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but I don't think runc is affected by this CVE

@lifubang
Copy link
Member Author

lifubang commented Feb 13, 2025

LGTM, but I don't think runc is affected by this CVE

Yes, but it may cause some prompts with some security scan tools.

rata
rata approved these changes Feb 13, 2025
View reviewed changes
Copy link
Member

@rata rata left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. But is this flagged by go vulncheck? I guess some other, less smart, scanners might flag this, though?

@kolyshkin kolyshkin changed the title build(deps): bump golang.org/x/net from 0.24.0 to 0.33.0 [1.2] build(deps): bump golang.org/x/net from 0.24.0 to 0.33.0 Feb 13, 2025
kolyshkin
kolyshkin approved these changes Feb 13, 2025
View reviewed changes
Copy link
Contributor

@kolyshkin kolyshkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@kolyshkin kolyshkin added this to the 1.2.5 milestone Feb 13, 2025
@kolyshkin kolyshkin merged commit 66c6d08 into opencontainers:release-1.2 Feb 13, 2025
40 checks passed
@lifubang lifubang deleted the 1.2-bump-xnet-to-0.33.0 branch March 1, 2025 16:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rata rata rata approved these changes

@kolyshkin kolyshkin kolyshkin approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

+1 more reviewer

@austinvazquez austinvazquez austinvazquez approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

1.2.5

Development

Successfully merging this pull request may close these issues.

5 participants

@lifubang @rata @kolyshkin @AkihiroSuda @austinvazquez