Updated to Go 1.22.5 #63

applejag · 2024-07-09T07:57:14Z

govulncheck reports vulnerability:

Vulnerability #1: GO-2024-2963
    Denial of service due to improper 100-continue handling in net/http
  More info: https://pkg.go.dev/vuln/GO-2024-2963
  Standard library
    Found in: net/[email protected]
    Fixed in: net/[email protected]
    Example traces found:
       #1: pkg/newreleases/newreleases.go:258:35: newreleases.NewReleases.ApplyLocalConfig calls newreleases.ProjectsService.Add, which eventually calls http.Client.Do
       #2: pkg/github/appsclient.go:89:36: github.appsClient.GitCredentialsForRepo calls ghinstallation.Transport.Token, which eventually calls http.Transport.RoundTrip

The fix is to update Go to v1.22.5

Updated to Go 1.22.5

de1efbe

applejag requested a review from a team as a code owner July 9, 2024 07:57

applejag added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 9, 2024

applejag removed the request for review from a team July 9, 2024 07:57

applejag self-assigned this Jul 9, 2024

applejag requested a review from jadolg July 9, 2024 07:57

applejag merged commit 2708727 into main Jul 9, 2024
6 checks passed

applejag deleted the chore/go-1.22.5 branch July 9, 2024 09:37

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Updated to Go 1.22.5 #63

Updated to Go 1.22.5 #63

applejag commented Jul 9, 2024 •

edited

Loading

Updated to Go 1.22.5 #63

Updated to Go 1.22.5 #63

Conversation

applejag commented Jul 9, 2024 • edited Loading

applejag commented Jul 9, 2024 •

edited

Loading