Skip to content

vendor: golang.org/x/net v0.33.0#5705

Merged
thaJeztah merged 1 commit intodocker:masterfrom
thaJeztah:bump_x_net
Dec 20, 2024
Merged

vendor: golang.org/x/net v0.33.0#5705
thaJeztah merged 1 commit intodocker:masterfrom
thaJeztah:bump_x_net

Conversation

@thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented Dec 20, 2024

contains a fix for CVE-2024-45338 / https://go.dev/issue/70906, but it doesn't affect our codebase:

govulncheck -show=verbose ./...
Scanning your code and 1260 packages across 211 dependent modules for known vulnerabilities...
...
Vulnerability #1: GO-2024-3333
    Non-linear parsing of case-insensitive content in golang.org/x/net/html
  More info: https://pkg.go.dev/vuln/GO-2024-3333
  Module: golang.org/x/net
    Found in: golang.org/x/[email protected]
    Fixed in: golang.org/x/[email protected]

Your code is affected by 0 vulnerabilities.
This scan also found 0 vulnerabilities in packages you import and 1
vulnerability in modules you require, but your code doesn't appear to call these
vulnerabilities.

full diff: golang/net@v0.32.0...v0.33.0

- A picture of a cute animal (not mandatory but encouraged)

@thaJeztah
vendor: golang.org/x/net v0.33.0
6f47bce 
contains a fix for CVE-2024-45338 / https://go.dev/issue/70906,
but it doesn't affect our codebase:

    govulncheck -show=verbose ./...
    Scanning your code and 1260 packages across 211 dependent modules for known vulnerabilities...
    ...
    Vulnerability #1: GO-2024-3333
        Non-linear parsing of case-insensitive content in golang.org/x/net/html
      More info: https://pkg.go.dev/vuln/GO-2024-3333
      Module: golang.org/x/net
        Found in: golang.org/x/[email protected]
        Fixed in: golang.org/x/[email protected]

    Your code is affected by 0 vulnerabilities.
    This scan also found 0 vulnerabilities in packages you import and 1
    vulnerability in modules you require, but your code doesn't appear to call these
    vulnerabilities.

full diff: golang/net@v0.32.0...v0.33.0

Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah thaJeztah added this to the 28.0.0 milestone Dec 20, 2024
@thaJeztah thaJeztah self-assigned this Dec 20, 2024
@thaJeztah thaJeztah mentioned this pull request Dec 20, 2024
Merged
2 tasks
@thaJeztah
Copy link
Member Author

thaJeztah commented Dec 20, 2024

This test continues being either flaky, or now being broken (with connhelper ssh);

=== FAIL: e2e/cli-plugins TestPluginSocketCommunication/detached/the_main_CLI_exits_after_3_signals (1.11s)
    socket_test.go:240: assertion failed: 255 (int) != 1 (int)
    socket_test.go:241: assertion failed: expected error to contain "exit status 1", got "exit status 255"
    socket_test.go:246: assertion failed: 
        --- ←
        +++ →
        @@ -1,2 +1,2 @@
        -exit status -1
        +got 3 SIGTERM/SIGINTs, forcefully exiting

Let me retry running all tests; perhaps some state / cache is left behind somehow

@thaJeztah thaJeztah merged commit 46cf666 into docker:master Dec 20, 2024
@thaJeztah thaJeztah deleted the bump_x_net branch December 20, 2024 16:58
@codecov-commenter
Copy link

codecov-commenter commented Dec 20, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 59.52%. Comparing base (2f67b2f) to head (6f47bce).
Report is 4 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #5705   +/-   ##
=======================================
  Coverage   59.52%   59.52%           
=======================================
  Files         346      346           
  Lines       29381    29381           
=======================================
  Hits        17488    17488           
  Misses      10923    10923           
  Partials      970      970

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@akerouanton akerouanton akerouanton approved these changes

@vvoland vvoland vvoland approved these changes

Assignees

@thaJeztah thaJeztah

Labels

area/dependencies status/2-code-review

Projects

None yet

Milestone

28.0.0

Development

Successfully merging this pull request may close these issues.

4 participants

@thaJeztah @codecov-commenter @akerouanton @vvoland