Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Vulnerability #1: GO-2024-2963
Denial of service due to improper 100-continue handling in net/http
More info: https://pkg.go.dev/vuln/GO-2024-2963
Standard library
Found in: net/http@go1.22.4
Fixed in: net/http@go1.22.5
Example traces found:
Error: #1: cmd/poller/poller.go:1117:31: poller.Poller.publishDetails calls http.Client.CloseIdleConnections
Error: #2: cmd/exporters/influxdb/influxdb.go:211:32: influxdb.InfluxDB.Emit calls http.Client.Do
Error: #3: cmd/harvest/version/version.go:105:25: version.latestRelease calls http.Client.Get
Error: #4: cmd/tools/doctor/compareZapiRest.go:46:23: doctor.fetchMetrics calls http.Get
Error: #5: cmd/tools/rest/client.go:285:43: rest.downloadSwagger calls httputil.DumpRequestOut, which calls http.Transport.CloseIdleConnections
Error: #6: cmd/tools/rest/client.go:285:43: rest.downloadSwagger calls httputil.DumpRequestOut, which calls http.Transport.RoundTrip
Your code is affected by 1 vulnerability from the Go standard library.