Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): upgrade x/net to v0.23.0. Fixes CVE-2023-45288 #12921

Merged
merged 1 commit into from
Apr 10, 2024
Merged

fix(deps): upgrade x/net to v0.23.0. Fixes CVE-2023-45288 #12921

merged 1 commit into from
Apr 10, 2024

Conversation

terrytangyuan
Copy link
Member

@terrytangyuan
fix(deps): upgrade x/net to v0.23.0. Fixes CVE-2023-45288
3b0ef6d 
Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>
@terrytangyuan terrytangyuan enabled auto-merge (squash) April 10, 2024 19:00
agilgur5
agilgur5 reviewed Apr 10, 2024
View reviewed changes
go.mod Show resolved Hide resolved
@agilgur5 agilgur5 changed the title fix(deps): upgrade x/net to v0.23.0. Fixes CVE-2023-45288 fix(deps): upgrade x/net to v0.23.0. Fixes CVE-2023-45288 Apr 10, 2024
@agilgur5 agilgur5 added type/security Security related type/dependencies PRs and issues specific to updating dependencies go Pull requests that update Go dependencies labels Apr 10, 2024
@agilgur5
Copy link
Member

agilgur5 commented Apr 10, 2024
edited

Follow-up to #12901, which didn't quite work (see also Slack thread)

@agilgur5 agilgur5 mentioned this pull request Apr 10, 2024
Merged
agilgur5
agilgur5 approved these changes Apr 10, 2024
View reviewed changes
Copy link
Member

@agilgur5 agilgur5 left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, confirmed that this seems to be a low risk upgrade above (in terms of breaking changes)

@agilgur5 agilgur5 added this to the v3.5.x patches milestone Apr 10, 2024
@terrytangyuan terrytangyuan merged commit e3bfce5 into argoproj:main Apr 10, 2024
28 checks passed
@terrytangyuan terrytangyuan deleted the fix-net branch April 10, 2024 19:25
@agilgur5
Copy link
Member

Snyk passed on the merged commit in main 👍

agilgur5 pushed a commit that referenced this pull request Apr 10, 2024
@terrytangyuan @agilgur5
fix(deps): upgrade x/net to v0.23.0. Fixes CVE-2023-45288 (#12921)
1c09db4 
Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>
Co-authored-by: agilgur5 <agilgur5@gmail.com>
(cherry picked from commit e3bfce5)
@agilgur5
Copy link
Member

Backported to release-3.5 as 1c09db4

  • Still had a merge conflict in the go.sum, mostly in x/ (standard library). I took this commit's versions and then ran go mod tidy to get it correct to the go.mod.

isubasinghe pushed a commit to isubasinghe/argo-workflows that referenced this pull request May 6, 2024
@terrytangyuan @isubasinghe
fix(deps): upgrade x/net to v0.23.0. Fixes CVE-2023-45288 (argoproj#1…
21051a0 
…2921)

Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>
(cherry picked from commit e3bfce5)
isubasinghe pushed a commit to isubasinghe/argo-workflows that referenced this pull request May 7, 2024
@terrytangyuan @isubasinghe
fix(deps): upgrade x/net to v0.23.0. Fixes CVE-2023-45288 (argoproj#1…
30a756e 
…2921)

Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>
(cherry picked from commit e3bfce5)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@agilgur5 agilgur5 agilgur5 approved these changes

Assignees
No one assigned
Labels
go Pull requests that update Go dependencies type/dependencies PRs and issues specific to updating dependencies type/security Security related
Projects
None yet
Milestone
v3.5.x patches
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@terrytangyuan @agilgur5