Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vendor: golang.org/x/net v0.33.0 #5705

Merged
merged 1 commit into from
Dec 20, 2024
Merged

vendor: golang.org/x/net v0.33.0 #5705

merged 1 commit into from
Dec 20, 2024
+4 −4

Conversation

thaJeztah
Copy link
Member

contains a fix for CVE-2024-45338 / https://go.dev/issue/70906, but it doesn't affect our codebase:

govulncheck -show=verbose ./...
Scanning your code and 1260 packages across 211 dependent modules for known vulnerabilities...
...
Vulnerability #1: GO-2024-3333
    Non-linear parsing of case-insensitive content in golang.org/x/net/html
  More info: https://pkg.go.dev/vuln/GO-2024-3333
  Module: golang.org/x/net
    Found in: golang.org/x/[email protected]
    Fixed in: golang.org/x/[email protected]

Your code is affected by 0 vulnerabilities.
This scan also found 0 vulnerabilities in packages you import and 1
vulnerability in modules you require, but your code doesn't appear to call these
vulnerabilities.

full diff: golang/net@v0.32.0...v0.33.0

- A picture of a cute animal (not mandatory but encouraged)

@thaJeztah
vendor: golang.org/x/net v0.33.0
6f47bce 
contains a fix for CVE-2024-45338 / https://go.dev/issue/70906,
but it doesn't affect our codebase:

    govulncheck -show=verbose ./...
    Scanning your code and 1260 packages across 211 dependent modules for known vulnerabilities...
    ...
    Vulnerability #1: GO-2024-3333
        Non-linear parsing of case-insensitive content in golang.org/x/net/html
      More info: https://pkg.go.dev/vuln/GO-2024-3333
      Module: golang.org/x/net
        Found in: golang.org/x/[email protected]
        Fixed in: golang.org/x/[email protected]

    Your code is affected by 0 vulnerabilities.
    This scan also found 0 vulnerabilities in packages you import and 1
    vulnerability in modules you require, but your code doesn't appear to call these
    vulnerabilities.

full diff: golang/net@v0.32.0...v0.33.0

Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah thaJeztah added this to the 28.0.0 milestone Dec 20, 2024
@thaJeztah thaJeztah self-assigned this Dec 20, 2024
@thaJeztah thaJeztah mentioned this pull request Dec 20, 2024
Merged
2 tasks
@thaJeztah
Copy link
Member Author

This test continues being either flaky, or now being broken (with connhelper ssh);

=== FAIL: e2e/cli-plugins TestPluginSocketCommunication/detached/the_main_CLI_exits_after_3_signals (1.11s)
    socket_test.go:240: assertion failed: 255 (int) != 1 (int)
    socket_test.go:241: assertion failed: expected error to contain "exit status 1", got "exit status 255"
    socket_test.go:246: assertion failed: 
        --- ←
        +++ →
        @@ -1,2 +1,2 @@
        -exit status -1
        +got 3 SIGTERM/SIGINTs, forcefully exiting

Let me retry running all tests; perhaps some state / cache is left behind somehow

@thaJeztah thaJeztah merged commit 46cf666 into docker:master Dec 20, 2024
101 checks passed
@thaJeztah thaJeztah deleted the bump_x_net branch December 20, 2024 16:58
@codecov-commenter
Copy link

codecov-commenter commented Dec 20, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 59.52%. Comparing base (2f67b2f) to head (6f47bce).
Report is 4 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #5705   +/-   ##
=======================================
  Coverage   59.52%   59.52%           
=======================================
  Files         346      346           
  Lines       29381    29381           
=======================================
  Hits        17488    17488           
  Misses      10923    10923           
  Partials      970      970

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vvoland vvoland vvoland approved these changes

@akerouanton akerouanton akerouanton approved these changes

Assignees

@thaJeztah thaJeztah

Labels
area/dependencies status/2-code-review
Projects
None yet
Milestone
28.0.0
Development

Successfully merging this pull request may close these issues.
4 participants
@thaJeztah @codecov-commenter @akerouanton @vvoland