Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release/1.6] vendor: golang.org/x/net@v0.23.0 #10214

Merged
merged 7 commits into from
May 13, 2024
Merged

[release/1.6] vendor: golang.org/x/net@v0.23.0 #10214

merged 7 commits into from
May 13, 2024

Conversation

austinvazquez
Copy link
Contributor

@austinvazquez austinvazquez commented May 13, 2024
edited
Loading

Issue

release/1.6 is showing warnings from indirect dependency golang.org/x/net with recommendation to upgrade to golang.org/x/net@v0.23.0.

Description

This change vendors golang.org/x/net@v0.23.0 for the 1.6 release branch to resolve warnings for https://pkg.go.dev/vuln/GO-2024-2687.

Signed-off-by: Austin Vazquez macedonv@amazon.com

alex-matei and others added 7 commits May 13, 2024 12:56
@alex-matei @austinvazquez
vendor: golang.org/x/sys@v0.17.0
cfd8443 
Partial cherry-pick of c2dfae8 which
updates golang.org/x/sys from v0.16.0 to v0.17.0

full diff: golang/sys@v0.16.0...v0.17.0

Signed-off-by: Alexandru Matei <alexandru.matei@uipath.com>
(cherry picked from commit c2dfae8)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
@dependabot @austinvazquez
vendor: golang.org/x/sys@v0.18.0
6f053bd 
Partial cherry-pick of 00d714e which
updates golang.org/x/sys from v0.17.0 to v0.18.0.

full diff: golang/sys@v0.17.0...v0.18.0

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 00d714e)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
@dependabot @austinvazquez
vendor: golang.org/x/term@v0.17.0
411c5e5 
Partial cherry-pick of 228aa42 which
updates golang.org/x/term from v0.16.0 to v0.17.0.

full diff: golang/term@v0.16.0...v0.17.0

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 228aa42)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
@bryantbiggs @austinvazquez
vendor: golang.org/x/net@v0.19.0
f82033d 
Partial cherry-pick of 7842161 which
updates golang.org/x/net from v0.17.0 to v0.19.0.

full diff: golang/net@v0.17.0...v0.19.0

Signed-off-by: Bryant Biggs <bryantbiggs@gmail.com>
(cherry picked from commit 7842161)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
@dependabot @austinvazquez
vendor: golang.org/x/net@v0.20.0
d276deb 
Partial cherry-pick of 5e3e12d which
updates golang.org/x/net from v0.19.0 to v0.20.0.

full diff: golang/net@v0.19.0...v0.20.0

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 5e3e12d)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
@dependabot @austinvazquez
vendor: golang.org/x/net@v0.21.0
fd21d78 
Partial cherry-pick of 3a5b47d which
updates golang.org/x/net from v0.20.0 to v0.21.0 and golang.org/x/crypto
from v0.18.0 to v0.19.0.

full diff:
- golang/net@v0.20.0...v0.21.0
- golang/crypto@v0.18.0...v0.19.0

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 3a5b47d)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
@dependabot @austinvazquez
vendor: golang.org/x/net@v0.23.0
a14e5ec 
Partial cherry-pick of 1040c7b which
updates golang.org/x/net from v0.21.0 to v0.23.0, golang.org/x/crypto
from v0.19.0 to v0.21.0, and golang.org/x/term from v0.17.0 to v0.18.0.

full diff:
- golang/net@v0.21.0...v0.23.0
- golang/crypto@v0.19.0...v0.21.0
- golang/term@v0.17.0...v0.18.0

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 1040c7b)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
@k8s-ci-robot
Copy link

Hi @austinvazquez. Thanks for your PR.

I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@austinvazquez austinvazquez marked this pull request as ready for review May 13, 2024 14:31
@mxpv mxpv merged commit 48efdf7 into containerd:release/1.6 May 13, 2024
46 checks passed
@austinvazquez austinvazquez deleted the vendor-x-net-v0.23.0-to-release-1.6 branch May 13, 2024 23:21
@dmcgowan dmcgowan mentioned this pull request May 22, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dmcgowan dmcgowan dmcgowan approved these changes

@mxpv mxpv mxpv approved these changes

Assignees
No one assigned
Labels
needs-ok-to-test size/XXL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@austinvazquez @k8s-ci-robot @dmcgowan @mxpv @alex-matei @bryantbiggs