You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed that #674 to upgrade golang.org/x/net to v0.17.0 was closed without any reason provided.
The golang.org/x/net version should be upgraded to v0.17.0 to mitigate CVE-2023-44487 and either have a new patch or a new release of golang.org/x/oauth2 with this update.
The text was updated successfully, but these errors were encountered:
We don't accept PRs via the GitHub UI for the golang.org/x/oauth2 repository, so all PRs are automatically closed (additionally, I thought we'd disabled dependabot for this repository).
oauth2 doesn't actually using golang.org/x/net/http2 directly, so it isn't impacted, and we typically don't do dependency updates in these cases since they cause unnecessary churn. This repository, along with most of the golang.org/x/ repos are automatically tagged on a ~monthly basis, so at some point in the future this will magically disappear.
I noticed that #674 to upgrade golang.org/x/net to v0.17.0 was closed without any reason provided.
The golang.org/x/net version should be upgraded to v0.17.0 to mitigate CVE-2023-44487 and either have a new patch or a new release of golang.org/x/oauth2 with this update.
The text was updated successfully, but these errors were encountered: