New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: upgrade net/http2 to avoid CVE-2022-41717 #11616
Conversation
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Codecov ReportBase: 47.29% // Head: 47.29% // Increases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## master #11616 +/- ##
=======================================
Coverage 47.29% 47.29%
=======================================
Files 245 245
Lines 41670 41669 -1
=======================================
Hits 19707 19707
+ Misses 19978 19977 -1
Partials 1985 1985
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* chore: upgrade net/http2 to avoid CVE-2022-41717 Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * tidy Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * ugprade net Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * go mod tidy Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Cherry-picked onto release-2.6 for 2.6.0-rc4, release-2.5 for 2.5.6, release-2.4 for 2.4.19, and release-2.3 for 2.3.13. |
Actually, this is only a medium-severity CVE, so the fix is only going to 2.6. Reverted the changes in other release branches. |
* chore: upgrade net/http2 to avoid CVE-2022-41717 Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * tidy Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * ugprade net Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * go mod tidy Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot <emirot.nolan@gmail.com>
* chore: upgrade net/http2 to avoid CVE-2022-41717 Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * tidy Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * ugprade net Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * go mod tidy Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: schakrad <chakradari.sindhu@gmail.com>
Signed-off-by: Michael Crenshaw 350466+crenshaw-dev@users.noreply.github.com
Note on DCO:
If the DCO action in the integration test fails, one or more of your commits are not signed off. Please click on the Details link next to the DCO action for instructions on how to resolve this.
Checklist: