Skip to content

Commit

Permalink
fix(deps): upgrade http2 to v0.24. Fixes CVE-2023-45288 (#12901)
Browse files Browse the repository at this point in the history 
Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>
  • Loading branch information
@terrytangyuan
terrytangyuan committed Apr 9, 2024
1 parent 6c2211e commit fc30b5a
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -293,3 +293,6 @@ require (
sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
)

// Avoid CVE-2023-45288
replace golang.org/x/net/http2 => golang.org/x/net/http2 v0.24.0

0 comments on commit fc30b5a

Please sign in to comment.