Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ROX-20122: bump golang.org/x/net from 0.15.0 to 0.17.0 #1273

Closed
wants to merge 1 commit into from

Conversation

stehessel
Copy link

This resolves [CVE-2023-39325](aka GHSA-qppj-fm5r-hxr3).

@RTann
Copy link
Collaborator

RTann commented Oct 11, 2023

I think it'd be preferred to update the source of these deps, which is the stackrox repo: #1274

@vladbologa
Copy link
Contributor

I think it'd be preferred to update the source of these deps, which is the stackrox repo: #1274

I tried to do that (in the release-2.30 branch, by pointing stackrox to the release-4.1 branch tip), then ran go mod tidy and it didn't update the version of x/net.

@vladbologa
Copy link
Contributor

Merged in #1279

@vladbologa vladbologa closed this Oct 11, 2023
@RTann RTann deleted the ROX-20122/bump-x-net branch October 18, 2023 23:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants