Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: update golang.org/x/net to 0.33 #824

Open
wants to merge 1 commit into
base: release-4.14
Choose a base branch
from
Open

ci: update golang.org/x/net to 0.33 #824

wants to merge 1 commit into from
+188 −163

Conversation

sp98
Copy link

@sp98 sp98 commented Feb 13, 2025

fixes the high severity DOS vulnerability mentioned in https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-8535262

Signed-off-by: Santosh Pillai [email protected]
(cherry picked from commit c4bf563)

Checklist:

  • Commit Message Formatting: Commit titles and messages follow guidelines in the developer guide.
  • Reviewed the developer guide on Submitting a Pull Request
  • Pending release notes updated with breaking and/or notable changes for the next minor release.
  • Documentation has been updated, if necessary.
  • Unit tests have been added, if necessary.
  • Integration tests have been added, if necessary.

@sp98
ci: update golang.org/x/net to 0.33
c743b3e 
fixes the high severity DOS vulnerability mentioned in
https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-8535262

Signed-off-by: Santosh Pillai <[email protected]>
(cherry picked from commit c4bf563)
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Feb 13, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sp98

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 13, 2025
BlaineEXE
BlaineEXE reviewed Feb 13, 2025
View reviewed changes
go.mod
Comment on lines -3 to +5
go 1.20
go 1.23.0

toolchain go1.23.1
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the Rook makefile will complain about this even for our downstream builds. We could make a downstream patch to allow 1.23 in the makefile, but we will also have to coordinate with the build team.

I know we had a group meeting a while back on this topic, but I don't recall what our specific guidance is for this scenario. Let's reach out to Sunil to understand better.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BlaineEXE BlaineEXE BlaineEXE left review comments

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sp98 @BlaineEXE