x/tools: update golang.org/x/net dependency to v0.17.0 to patch CVE-2023-44487 and CVE-2023-39325 #63577
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Tools
This label describes issues relating to any tools in the x/tools repository.
Milestone
GHSA-qppj-fm5r-hxr3
GHSA-4374-p667-p6c8
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
$ go mod graph | grep golang.org/x/net@v0.15.0 golang.org/x/tools@v0.13.0 golang.org/x/net@v0.15.0
What did you expect to see?
There is a released version of x/tools that uses x/net version
v0.17.0
What did you see instead?
The current latest version of x/tools (v0.14.0) is on x/net version
v0.16.0
The text was updated successfully, but these errors were encountered: