Skip to content

vendor: golang.org/x/net v0.33.0#49146

Merged
thaJeztah merged 1 commit intomoby:masterfrom
thaJeztah:bump_x_net
Dec 19, 2024
Merged

vendor: golang.org/x/net v0.33.0#49146
thaJeztah merged 1 commit intomoby:masterfrom
thaJeztah:bump_x_net

Conversation

@thaJeztah
Copy link
Copy Markdown
Member

@thaJeztah thaJeztah commented Dec 19, 2024

contains a fix for CVE-2024-45338 / https://go.dev/issue/70906, but it doesn't affect our codebase:

govulncheck -show=verbose ./...
Scanning your code and 1260 packages across 211 dependent modules for known vulnerabilities...
...
Vulnerability #1: GO-2024-3333
    Non-linear parsing of case-insensitive content in golang.org/x/net/html
  More info: https://pkg.go.dev/vuln/GO-2024-3333
  Module: golang.org/x/net
    Found in: golang.org/x/[email protected]
    Fixed in: golang.org/x/[email protected]

Your code is affected by 0 vulnerabilities.
This scan also found 0 vulnerabilities in packages you import and 1
vulnerability in modules you require, but your code doesn't appear to call these
vulnerabilities.

full diff: golang/net@v0.32.0...v0.33.0

- A picture of a cute animal (not mandatory but encouraged)

@thaJeztah
vendor: golang.org/x/net v0.33.0
6bd5840 
contains a fix for CVE-2024-45338 / https://go.dev/issue/70906,
but it doesn't affect our codebase:

    govulncheck -show=verbose ./...
    Scanning your code and 1260 packages across 211 dependent modules for known vulnerabilities...
    ...
    Vulnerability #1: GO-2024-3333
        Non-linear parsing of case-insensitive content in golang.org/x/net/html
      More info: https://pkg.go.dev/vuln/GO-2024-3333
      Module: golang.org/x/net
        Found in: golang.org/x/[email protected]
        Fixed in: golang.org/x/[email protected]

    Your code is affected by 0 vulnerabilities.
    This scan also found 0 vulnerabilities in packages you import and 1
    vulnerability in modules you require, but your code doesn't appear to call these
    vulnerabilities.

full diff: golang/net@v0.32.0...v0.33.0

Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah thaJeztah added this to the 28.0.0 milestone Dec 19, 2024
@thaJeztah thaJeztah self-assigned this Dec 19, 2024
@thaJeztah thaJeztah merged commit 7dfe4f2 into moby:master Dec 19, 2024
@thaJeztah thaJeztah deleted the bump_x_net branch December 19, 2024 19:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@akerouanton akerouanton akerouanton approved these changes

Assignees

@thaJeztah thaJeztah

Labels

area/dependencies status/2-code-review

Projects

None yet

Milestone

28.0.0

Development

Successfully merging this pull request may close these issues.

2 participants

@thaJeztah @akerouanton