Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update golang.org/x/net to v0.33.0 #1463

Merged
merged 1 commit into from
Dec 20, 2024
Merged

Update golang.org/x/net to v0.33.0 #1463

merged 1 commit into from
Dec 20, 2024

Conversation

grdryn
Copy link
Member

@grdryn grdryn commented Dec 20, 2024

This change is to update to a version that isn't flagged as affected
by CVE-2024-45338.

While we know that this operator doesn't call the vulnerable code
paths (hooray for govulncheck), some scanning tools are not yet
smart enough to be able to discern that. So it's preferable just to
update.

Go advisory: https://pkg.go.dev/vuln/GO-2024-3333

Description

How Has This Been Tested?

Screenshot or short clip

Merge criteria

  • You have read the contributors guide.
  • Commit messages are meaningful - have a clear and concise summary and detailed explanation of what was changed and why.
  • Pull Request contains a description of the solution, a link to the JIRA issue, and to any dependent or related Pull Request.
  • Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
  • The developer has manually tested the changes and verified that the changes work

@grdryn
Update golang.org/x/net to v0.33.0
91e3449 
This change is to update to a version that isn't flagged as affected
by CVE-2024-45338.

While we know that this operator doesn't call the vulnerable code
paths (hooray for `govulncheck`), some scanning tools are not yet
smart enough to be able to discern that. So it's preferable just to
update.

Go advisory: https://pkg.go.dev/vuln/GO-2024-3333
@openshift-ci openshift-ci bot requested review from lphiri and zdtsw December 20, 2024 01:24
@grdryn grdryn requested a review from lburgazzoli December 20, 2024 01:35
@codecov Codecov
Copy link

codecov bot commented Dec 20, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Please upload report for BASE (main@c31a85b). Learn more about missing BASE report.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1463   +/-   ##
=======================================
  Coverage        ?   19.11%           
=======================================
  Files           ?      158           
  Lines           ?    10358           
  Branches        ?        0           
=======================================
  Hits            ?     1980           
  Misses          ?     8154           
  Partials        ?      224

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@openshift-ci openshift-ci bot added the lgtm label Dec 20, 2024
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Dec 20, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ykaliuta

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot bot merged commit b36c13a into opendatahub-io:main Dec 20, 2024
10 checks passed
zdtsw pushed a commit to zdtsw-forking/opendatahub-operator that referenced this pull request Jan 2, 2025
@grdryn @zdtsw
Update golang.org/x/net to v0.33.0 (opendatahub-io#1463)
9053596 
This change is to update to a version that isn't flagged as affected
by CVE-2024-45338.

While we know that this operator doesn't call the vulnerable code
paths (hooray for `govulncheck`), some scanning tools are not yet
smart enough to be able to discern that. So it's preferable just to
update.

Go advisory: https://pkg.go.dev/vuln/GO-2024-3333

(cherry picked from commit b36c13a)
zdtsw added a commit that referenced this pull request Jan 2, 2025
@zdtsw @grdryn
Update golang.org/x/net to v0.33.0 (#1463) (#1471)
855a8b4 
This change is to update to a version that isn't flagged as affected
by CVE-2024-45338.

While we know that this operator doesn't call the vulnerable code
paths (hooray for `govulncheck`), some scanning tools are not yet
smart enough to be able to discern that. So it's preferable just to
update.

Go advisory: https://pkg.go.dev/vuln/GO-2024-3333

(cherry picked from commit b36c13a)

Co-authored-by: Gerard Ryan <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ykaliuta ykaliuta ykaliuta approved these changes

@lphiri lphiri Awaiting requested review from lphiri

@zdtsw zdtsw Awaiting requested review from zdtsw

@lburgazzoli lburgazzoli Awaiting requested review from lburgazzoli

Assignees

@ykaliuta ykaliuta

Labels
approved lgtm
Projects
ODH Platform Planning
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@grdryn @ykaliuta