Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): upgrade http2 to v0.24. Fixes CVE-2023-45288 #12901

Merged
merged 1 commit into from Apr 9, 2024
Merged

fix(deps): upgrade http2 to v0.24. Fixes CVE-2023-45288 #12901

merged 1 commit into from Apr 9, 2024

Conversation

terrytangyuan
Copy link
Member

Fixes CVE-2023-45288

This fixes the failing Snyk check on main branch.

@terrytangyuan
fix(security): Upgrade http2 to v0.24. Fixes CVE-2023-45288
5c4d8e0 
Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>
@terrytangyuan terrytangyuan added the prioritized-review For members of the Sustainability Effort label Apr 6, 2024
@agilgur5 agilgur5 changed the title fix(security): Upgrade http2 to v0.24. Fixes CVE-2023-45288 chore(deps): upgrade http2 to v0.24. Fixes CVE-2023-45288 Apr 6, 2024
@agilgur5 agilgur5 added type/security Security related type/dependencies PRs and issues specific to updating dependencies go Pull requests that update Go dependencies labels Apr 6, 2024
@agilgur5 agilgur5 changed the title chore(deps): upgrade http2 to v0.24. Fixes CVE-2023-45288 fix(deps): upgrade http2 to v0.24. Fixes CVE-2023-45288 Apr 6, 2024
@terrytangyuan terrytangyuan enabled auto-merge (squash) April 6, 2024 11:49
@terrytangyuan terrytangyuan mentioned this pull request Apr 6, 2024
Open
@terrytangyuan terrytangyuan merged commit fc30b5a into argoproj:main Apr 9, 2024
29 checks passed
@terrytangyuan terrytangyuan deleted the fix-http2 branch April 9, 2024 23:58
@agilgur5 agilgur5 mentioned this pull request Apr 10, 2024
Merged
@agilgur5
Copy link
Member

agilgur5 commented Apr 10, 2024
edited

This fixes the failing Snyk check on main branch.

Snyk is still failing after this merge. Follow-up PR in #12921, which causes a diff in the go.sum and so should actually update it

@agilgur5 agilgur5 added this to the v3.5.x patches milestone Apr 10, 2024
@agilgur5
Copy link
Member

agilgur5 commented Apr 10, 2024
edited

Backported to release-3.5 cleanly as 1c3401d

agilgur5 pushed a commit that referenced this pull request Apr 10, 2024
@terrytangyuan @agilgur5
fix(deps): upgrade http2 to v0.24. Fixes CVE-2023-45288 (#12901)
1c3401d 
Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>
(cherry picked from commit fc30b5a)
isubasinghe pushed a commit to isubasinghe/argo-workflows that referenced this pull request May 6, 2024
@terrytangyuan @isubasinghe
fix(deps): upgrade http2 to v0.24. Fixes CVE-2023-45288 (argoproj#1…
e37bb02 
…2901)

Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>
isubasinghe pushed a commit to isubasinghe/argo-workflows that referenced this pull request May 7, 2024
@terrytangyuan @isubasinghe
fix(deps): upgrade http2 to v0.24. Fixes CVE-2023-45288 (argoproj#1…
b012057 
…2901)

Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sarabala1979 sarabala1979 sarabala1979 approved these changes

Assignees
No one assigned
Labels
go Pull requests that update Go dependencies prioritized-review For members of the Sustainability Effort type/dependencies PRs and issues specific to updating dependencies type/security Security related
Projects
None yet
Milestone
v3.5.x patches
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@terrytangyuan @agilgur5 @sarabala1979